Proper implementation AES-256 for single block E_k then being used on AES-GCM

Develobeer

10/27/22, 6:12 PM

My first objective is to implement AES-GCM in PowerShell 5.1 since there is not an implementation that not use external dll libraries.

According to the GCM schema of encryption:

the E_k block should correspond to a 128-bit block and the input is encrypted by AES with a specific key K.

If at the beginning I want to focus only on the E_k block and I want to implement directly there the AES algorithm, is it correct saying that in that case no Block Cipher mode is applied because I'm focusing only on the block itself?

A further doubt: in the case of GCM, if each E_k takes as input 12 bytes IV +counter_value and each E_k block is sized 16 bytes (128 bits), the IV is padded with 0 (or another predefined value) for the next 4 bytes to reach 16 bytes of size? So for each block we have, for example, [BLOCK 0] 7808B1A23DDC2F9D90A4BCED00000000; [BLOCK 1] 7808B1A23DDC2F9D90A4BCED00000001; [BLOCK 2] 7808B1A23DDC2F9D90A4BCED00000002; and so on?

Could this answer be applied also in my case so:

the "raw" AES could be applied by using ECB for the single E_k block?
padding the plaintext (in our case the 12-byte IV) up to 16 bytes with 4 bytes of 0s?

I hope the information is clear.

Thank you

0 + 6

aes

block-cipher

symmetric

aes-gcm

fgrieu

10/27/22, 6:52 PM

The question is uncomfortably too close to a programming question, which is off-[topic](https://crypto.stackexchange.com/help/on-topic). That said: you want the true [spec of AES-GCM](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf#page=23). Yes raw AES corresponds to ECB mode, and can be used to implement the $E_k$ boxes in the question. I think your description of the IV is off-by-one, and the first block ends in 00000001h. But again, read the spec. And I do not condone writing serious crypto in PowerShell.

Develobeer

10/27/22, 7:06 PM

@fgrieu Dont' worry for the "programming" part, for me the "theorical" part was important. With this information I can proceed to the programming part on my own. I just don't understand why my description of the IV is off-by-one. The first block does not end in 00000001h but 00000000h. I proceed to edit the question and the body to focus more on the "theory" and not "programmin". Thank you anyway

fgrieu

10/27/22, 7:16 PM

I say your IV is off-by-one because of the $J_0 = IV\mathbin\|0^{31}\mathbin\|1$ equation (when $IV$ is 96-bit, matching the 12-byte of the question) in the linked spec. At least I'm positive this means $J_0$ ends in 00000001h.

Develobeer

10/27/22, 7:22 PM

Sorry, again, in the "first block" for the authentication tag the counter starts from 1. I'm blind. The "Counter 0" confused me. You're right. And I'm also reading that "an IV set to all zero bytes may leak part of the GHASH value". Thank you again.

gusto2

10/27/22, 7:23 PM

`implement AES-GCM in PowerShell 5.1 since.. ` when I see custom implementations, I'm usually concerned about resistance against side channel attacks. if you are really looking for a safer solution, why not to call e. g. OpenSSL command?

Develobeer

10/27/22, 7:31 PM

@gusto2 yes, you're right. In my case I want to try less dependant by external dep, but in my particular need, in reality, I need only to decrypt by taking as input Additional Auth Data, IV, Encrypted Dat and Auth Tag, so I'm going to implement just for personal purpose, exclusively the decryption function. But for this purpose I needed to understand better that doubt I explained in the encryption process above.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Proper implementation AES-256 for single block E_k then being used on AES-GCM

TH: การใช้งาน AES-256 อย่างเหมาะสมสำหรับ E_k บล็อกเดียวจากนั้นจึงนำไปใช้กับ AES-GCM

RO: Implementarea corectă AES-256 pentru un singur bloc E_k fiind apoi utilizat pe AES-GCM

RU: Правильная реализация AES-256 для отдельного блока E_k, который затем используется в AES-GCM.

VI: Triển khai đúng AES-256 cho một khối E_k sau đó được sử dụng trên AES-GCM

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.