Skip to content

Commit eacb542

Browse files
frereitfrereit
authored
fix: Typo in AES-GCM post
1 parent be476a8 commit eacb542

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

content/blog/aes_gcm.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -237,7 +237,7 @@ To use `GHASH`, we first need to derive a 128-bit block that we can use as the `
237237
<figcaption style="font-size: 0.8em;">The GHASH key H is derived by encrypting a block of 16 null bytes using AES-128 and the AES key</figcaption>
238238
</figure>
239239

240-
To compute `GHASH`, we first need to represent the data we want to authenticate as a sequence of 128-bit blocks. This is done by splitting the data into 128-bit blocks and then padding the last block with null bytes if it is not already 128 bits long. We do this separately for the associated data and the ciphertext, so for example if we wanted to authenticated the associated data `deadbeef` and the ciphertext `cafeaffe`, we'd use the blocks `deadbeef000000000000000000000000` and `cafeaffe000000000000000000000000` as the input to `GHASH`. To make sure the size of the data is not lost, we add one more block at the end that contains the length of the associated data in bits as a 64-bit big-endian integer and the length of the ciphertext in bits as a 64-bit big-endian integer concatenated together, so in this case `00000000000000200000000000000020` for the associated data `deadbeef` and the ciphertext `cafeaffe`.
240+
To compute `GHASH`, we first need to represent the data we want to authenticate as a sequence of 128-bit blocks. This is done by splitting the data into 128-bit blocks and then padding the last block with null bytes if it is not already 128 bits long. We do this separately for the associated data and the ciphertext, so for example if we wanted to authenticate the associated data `deadbeef` and the ciphertext `cafeaffe`, we'd use the blocks `deadbeef000000000000000000000000` and `cafeaffe000000000000000000000000` as the input to `GHASH`. To make sure the size of the data is not lost, we add one more block at the end that contains the length of the associated data in bits as a 64-bit big-endian integer and the length of the ciphertext in bits as a 64-bit big-endian integer concatenated together, so in this case `00000000000000200000000000000020` for the associated data `deadbeef` and the ciphertext `cafeaffe`.
241241

242242
To start the computation, we initialize a `GF(2`<sup>`128`</sup>`)` element `Q` to `0`. We then process the prepared blocks in sequence. The blocks from the associated data are processed first, followed by the blocks from the ciphertext. The length block is processed last. For each block, we interpret the block as a `GF(2`<sup>`128`</sup>`)` element and add it to `Q` using the addition operation in `GF(2`<sup>`128`</sup>`)` (which is just the XOR operation) and then multiply `Q` by the `GHASH` key `H` using the multiplication and reduction operation we defined earlier.
243243

0 commit comments

Comments
 (0)