# Gcm tablesoption

McGrew and Viega's original submission to NIST, The Galois/Counter Mode of Operation (GCM), included a table driven implementation of the GHASH multiply function. Table driven implementations usually offer superior performance in software at the expense of memory. Crypto++ has a penchant for algorithms which perform, and GCM is no different.

The `GCM_2K_Tables`

use an optimization technique described in the Crypto Optimization newsgroup. See GCM with 2KB key tables options.

The `GCM_64K_Tables`

use 16 tables and holds 256 values, each of which is 16 bytes long, for a total of 65,536 bytes. Each `GCM_64K_Tables`

is key dependent, so that the table must be computed at key initialization and stored along with the key.

Because the choice of tables is a tradeoff between memory and speed, an Encryption/Authentication object will be compatible with a Decryption/Verification object using a different table:

GCM< AES >::Encryption e; // GCM_2K_Tables GCM< AES, GCM_64K_Tables >::Decryption d;