科技回声

This is a great proposal.It would have been a good opportunity to leverage the AES-PRF construction (see tosc.v2018.i2.161-191 in addition to the original paper), whose overhead is negligible. But unfortunately, FIPS restrictions is why we can't have nice things.If FIPS compliance is not a requirement, AEGIS (AEGIS-256 in particular) is a more efficient alternative and on the standard track.But when only FIPS-approved things can be used, AES-GEM is a nice way to solve a very common problem.

Zig implementation: <a href="https://github.com/jedisct1/zig-aes-gem">https://github.com/jedisct1/zig-aes-gem</a>

I like these proposals to extend the current systems. They will probably never lead anywhere, but they are still a nice reminder that we are still learning things.My vacation plans include trying to grok at least a little bit of the xocb paper: <a href="https://dl.acm.org/doi/10.1007/978-3-031-30634-1_18" rel="nofollow">https://dl.acm.org/doi/10.1007/978-3-031-30634-1_18</a>

How does this compare to other GCM alternatives such as AES-SIV and AES GCM-SIV?

Don't see also, because it's completely unrelated, GEM AES: <a href="https://www.seasip.info/Gem/aes.html" rel="nofollow">https://www.seasip.info/Gem/aes.html</a>

Remember: You should never been on the bleeding edge with crypto. It takes years to find attacks in ciphers, and more years to find attacks in implementations.Never roll your on crypto. Always move slow and trust the process.

Zig implementation: <a href="https://github.com/jedisct1/zig-aes-gem">https://github.com/jedisct1/zig-aes-gem</a>

How does this compare to other GCM alternatives such as AES-SIV and AES GCM-SIV?

Don't see also, because it's completely unrelated, GEM AES: <a href="https://www.seasip.info/Gem/aes.html" rel="nofollow">https://www.seasip.info/Gem/aes.html</a>

AES-Gem (AES with Galois Extended Mode)

6 条评论

AES-Gem (AES with Galois Extended Mode)

6 条评论