/ˌdʒiː-siː-ˈɛm/
n. “Authenticated encryption with speed and style.”
GCM, or Galois/Counter Mode, is a modern mode of operation for block ciphers that provides both confidentiality and data integrity. Unlike traditional encryption modes such as CBC, which only encrypts data, GCM combines encryption with authentication, ensuring that any tampering with the ciphertext can be detected during decryption.
At its core, GCM uses a counter mode (CTR) for encryption, which turns a block cipher into a stream cipher. Each block of plaintext is XORed with a unique counter-based key stream, allowing parallel processing for high performance. The “Galois” part comes from a mathematical multiplication over a finite field used to compute an authentication tag, sometimes called a Message Authentication Code (MAC), which validates that the data hasn’t been altered.
This combination makes GCM especially popular in network security protocols such as TLS 1.2 and above, IPsec, and modern disk encryption systems. Its ability to provide authenticated encryption prevents attacks that plagued older modes like CBC, including the infamous BEAST attack.
Example usage: When a client connects to a secure website using TLS with AES-GCM, the plaintext HTTP requests are encrypted using AES in counter mode, while the server verifies the accompanying authentication tag. If even a single bit of the ciphertext or associated data is modified in transit, the authentication check fails, protecting against tampering or forgery.
Benefits of GCM include parallelizable encryption for performance, integrated authentication to ensure integrity, and avoidance of padding-related issues common in CBC mode. It demonstrates the evolution of cryptographic practice: fast, secure, and resistant to attacks without relying solely on secrecy.
While GCM is robust, proper implementation is critical. Reusing the same initialization vector (IV) with the same key can catastrophically compromise security. This requirement links to the broader cryptographic principles found in SHA256, HMAC, and other authenticated primitives, showing how encryption and authentication interplay to build secure systems.