LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is Authenticated Encryption (AE) and what does AES-GCM provide?

Authenticated Encryption combines encryption and integrity protection in a single algorithm, and AES-GCM is the most widely used AE mode — providing confidentiality, integrity, and authenticity in one pass.

AES-GCM fuses CTR encryption with a GHASH tag in one pass

* AES-GCM fuses CTR-mode encryption with a GHASH tag in one authenticated pass (confidentiality + integrity + authenticity). *

AE exists because hand-combining "encrypt, then bolt on a MAC" is precisely where most real-world protocol breaks happened (wrong order, reused keys, verifying too late). Folding both jobs into one analysed construction removes those dangerous degrees of freedom, which is why modern advice is to reach for an AE mode rather than assemble your own.

Authenticated Encryption provides:

  • Confidentiality (data is encrypted)
  • Integrity (data hasn't been modified)
  • Authenticity (data came from the key holder)

AES-GCM (Galois/Counter Mode):

  • Combines CTR mode encryption with GHASH (a polynomial MAC over GF(2^128))
  • Single pass: encrypts and computes the authentication tag simultaneously
  • Very fast — benefits from both AES-NI and pipelining
  • Used in TLS 1.3 (the mandatory cipher suite), IPsec, SSH

AEAD (Authenticated Encryption with Associated Data):

  • Extension that also authenticates unencrypted header data (e.g., packet headers)
  • The "AD" part is authenticated but not encrypted
  • GCM supports AEAD natively

Other AE modes: CCM (Counter with CBC-MAC), ChaCha20-Poly1305

Tip: In modern crypto, always use authenticated encryption (AES-GCM or ChaCha20-Poly1305). Never "roll your own" encrypt + MAC combination.

Go deeper:

From Quiz: KRYPTOG / Symmetric Cryptography | Updated: Jul 14, 2026