[Busec] symmetric crypto reading group: 1st meeting Monday 11am!

Sharon Goldberg goldbe at cs.bu.edu
Thu Aug 25 14:18:59 EDT 2016

Hi busec,

Several of us have decided that we want to get up to date on the latest in
symmetric crypto modes of operation and attacks. To that end on Monday at
11am, Aanchal Malhotra will be presenting a new paper attacking GCM, in an
informal reading group.  Abstract and link to paper below. On Monday we can
discuss the logistics of doing this more regularly during the upcoming

See you then!

"Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS."
Monday, August 25, 2016 @ 11AM

AES-GCM is a block-cipher mode of operation which provides authenticated
encryption with associated data (AEAD). Despite currently being the most
popular TLS cipher, AES-GCM is not well received by the cryptographic
community. Niels Ferguson described potential attacks on GCM with short
authentication tags, Antoine Joux published a critical comment during the
standardization process of GCM, and several other cryptographers recently
described GCM as “fragile”. This paper investigates the nonce reuse issues
with the GCM block cipher mode as used in TLS on AES-GCM.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20160825/3d217438/attachment.html>

More information about the Busec mailing list