| 摘要 |
Disclosed is a low-latency method and apparatus of GHASH operation for authenticated encryption Galois Counter Mode (GCM), which simultaneously computes three interim values respectively yielded from the additional authenticated data A, the ciphertext C, and the hash key H defined in the GCM. Then, the output of the GHASH operation may be derived. Assuming that A has m blocks and C has n blocks, this disclosure performs the GHASH operation with max {m,n}+1 steps. The input order for the additional authenticated data A and the ciphertext C may be independent. A disordered sequence for the additional authenticated data A and the ciphertext C may also be accepted by this disclosure. This allows the applications in GCM to be more flexible.
|
