GCM TablesOption

From Crypto++ Wiki
Jump to navigation Jump to search
GCM TablesOption
#include <cryptopp/gcm.h>

GCM includes a table driven implementation of the GHASH multiply function. Table driven implementations usually offer superior performance in software at the expense of memory. There are two options for the table. The first is GCM_2K_Tables, and the second is GCM_64K_Tables.

The GCM_2K_Tables use an optimization technique described in the Crypto Optimization newsgroup. See GCM with 2KB key tables options.

The GCM_64K_Tables use 16 tables and holds 256 values, each of which is 16 bytes long, for a total of 65,536 bytes. Each GCM_64K_Tables is key dependent, so that the table must be computed at key initialization and stored along with the key.

An Encryption/Authentication object will be compatible with a Decryption/Verification object using a different table:

// This is OK
GCM< AES,  GCM_2K_Tables >::Encryption enc;
GCM< AES, GCM_64K_Tables >::Decryption dec;