Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Galois Counter Mode with Secure Short Tags (GCM-SST)

October 4, 2023


John Preuß Mattsson - Ericsson


This document defines the Galois Counter Mode with Secure Short Tags (GCM-SST) Authenticated Encryption with Associated Data (AEAD) algorithm. GCM-SST can be used with any keystream generator. Thus GCM-SST is a mode of operation of the Advanced Encryption Standard (AES). The main differences compared to GCM is that GCM-SST uses an additional subkey 𝑄, that fresh subkeys 𝐻 and 𝑄 are derived for each nonce, and that the POLYVAL function from AESGCM- SIV is used instead of GHASH. This enables short tags with forgery probabilities close to ideal.

Presented at

The Third NIST Workshop on Block Cipher Modes of Operation

Event Details


    National Cybersecurity Center of Excellence (NCCoE)
    9700 Great Seneca Highway
    Rockville, MD 20850

Related Topics

Security and Privacy: encryption

Created October 04, 2023, Updated October 05, 2023