NIST’s Crypto Publication Review Board announced the review of SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (2007) in August 2021. In response, NIST received public comments.
NIST proposes revising SP 800-38D to address many of the technical and editorial suggestions in the public comments, such as the following:
- to remove support for authentication tags whose lengths are less than 96 bits,
- to clarify that the construction of initialization vectors (IVs) for GCM in the Transport Layer Security (TLS) 1.3 protocol is approved,
- to clarify the guidance in connection with the IV constructions, and
- to update the references.
Send comments on this decision proposal by October 9, 2023 to [email protected] with “Comments on SP 800-38D decision proposal” in the subject line.
Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.
Rationale
The Galois/Counter Mode specified in SP 800-38D continues to be an important, widely adopted technique for authenticated encryption. Its security depends strongly on the provision of IVs that are not repeated for distinct messages, as well as the length of the authentication tag. The planned changes to the publication will improve the security of GCM and clarify that the construction of IVs for GCM in TLS 1.3 is approved.