AES-GCM (AES in Galois/Counter Mode)

Combines AES with a counter and a Galois-field MAC to give confidentiality and integrity.

Difficulty: Advanced

How it works

  1. AES-GCM uses AES as a building block but runs it in counter mode: each block of keystream is produced by encrypting a counter value with AES.
  2. Plaintext blocks are XORed with the keystream to produce ciphertext, similar to a stream cipher, which allows parallel processing.
  3. In parallel, a polynomial hash over a finite field accumulates authentication data from both the ciphertext and any associated data you want to protect (like headers).
  4. The output includes both ciphertext and an authentication tag. During decryption the tag is recomputed; if it does not match, the message is rejected.
  5. When you use AES-GCM in code, always supply a unique nonce for each encryption under the same key, and verify the authentication tag before accepting the decrypted data.
Press Shift + Enter

What is it?

AES-GCM (Advanced Encryption Standard in Galois/Counter Mode) is an authenticated encryption algorithm. While standard AES only encrypts data (ensuring confidentiality), it does not natively prevent an attacker from tampering with the ciphertext. GCM solves this by combining the AES block cipher running in Counter mode (for encryption) with a Galois field multiplier that generates a cryptographic authentication tag. This ensures both the secrecy of the data and its absolute integrity, making AES-GCM the standard cipher suite for securing modern internet traffic (TLS 1.3).

Try it yourself

Can you decrypt this challenge?

VHVY GUVF ZRNGL (example ciphertext)

Where this shows up today

To simultaneously provide data confidentiality (encryption) and data authenticity (tamper-proofing) in a single, highly efficient algorithm.