14 μΙηΌ³΅@]ΪΦ~ 2024/07/26 (ΰ) 01:15:43.216 ID:???-174820180319
Announcing AES-GEM (AES with Galois Extended Mode)
https://blog.trailofbits.com/2024/07/12/announcing-aes-gem-aes-with-galois-extended-mode/
Security researchers have been sounding the alarm about AES-GCMfs weaknesses for years. Nineteen years ago, Niels Ferguson submitted a paper to a NIST project on block cipher modes outlining authentication weaknesses in AES-GCM (although NIST would ultimately standardize it). And earlier this year, Amazon published a paper that detailed practical challenges with AES-GCM and posited that AESf 128-bit block size is no longer sufficient, preferring a 256-bit block cipher (i.e., Rijndael-256).
To address these issues, I propose a new block cipher mode called Galois Extended Mode (GEM for short), which I presented last month at the NIST workshop on the requirements for an accordion mode cipher. AES-GEM improves the security of GCM in every dimension with minimal performance overhead.