This repository has been archived by the owner on Feb 5, 2021. It is now read-only.
AES-GCM-SIV #60
Labels
Comments
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Continuing from #31, this is a tracking ticket for potentially including AES-GCM-SIV as a supported construction in this library.
AES-GCM-SIV has an advantages that it is both very fast, and is on track to become an IETF standard with a soon-to-be-published RFC. For these reasons it is likely to get multiple, highly optimized implementations across various platforms in many languages.
The disadvantages are that it is a much more complicated construction than the ones presently implemented by Miscreant, that the security bounds are lower, and that for the construction to be performant it relies on hardware instructions which can be used to accelerate the POLYVAL function, which is not widely available on low-power platforms like IoT devices or low-end smartphones.
The text was updated successfully, but these errors were encountered: