Skip to content

Block Cipher Modes

GCM 要注意的小地方

NIST manual

是 little endian

The convention for interpreting strings as polynomials is "little endian":

i.e., if u is the variable of the polynomial, then the block x_0x_1 \cdots x_{127} corresponds to the polynomial x_0 + x_1 u + x_2 u^2 + \cdots + x_{127} u^{127}

NIST manual page 12

len(A) || len(C) 是什麼

假設 len(A) 是 19 且 len(C) 是 148

那麼 len(A) || len(C) 這個 block 是 00000000000000130000000000000094

H 從哪來

The hash subkey, denoted H, is generated by applying the block cipher to the "zero" block

NIST manual page 10

H = e_k(0)

Galois Field 用到的 reduction modulus

Let R be the bit string 11100001 \ || \ 0^{120}

NIST manual page 11

The reduction modulus is the polynomial of degree 128 that corresponds to R \ || \ 1

NIST manual page 12

也就是 x^{128} + x^7 + x^2 + x + 1