Skip to main content

5.1. AEAD_AES_128_GCM

5.1. AEAD_AES_128_GCM

The AEAD_AES_128_GCM authenticated encryption algorithm works as specified in [GCM], using AES-128 as the block cipher, by providing the key, nonce, and plaintext, and associated data to that mode of operation. An authentication tag with a length of 16 octets (128 bits) is used. The AEAD_AES_128_GCM ciphertext is formed by appending the authentication tag provided as an output to the GCM encryption operation to the ciphertext that is output by that operation. Test cases are provided in the appendix of [GCM]. The input and output lengths are as follows:

  • K_LEN is 16 octets,

  • P_MAX is 2^36 - 31 octets,

  • A_MAX is 2^61 - 1 octets,

  • N_MIN and N_MAX are both 12 octets, and

  • C_MAX is 2^36 - 15 octets.

An AEAD_AES_128_GCM ciphertext is exactly 16 octets longer than its corresponding plaintext.

A security analysis of GCM is available in [MV04].

Last updated on