AES-VCM, AN AES-GCM CONSTRUCTION USING AN INTEGER-BASED UNIVERSAL HASH FUNCTION

We give a framework for construction and composition of universal hash functions. Using this framework, we propose to swap out AES-GCM's $F_{2^{128}}$-based universal hash function for one based on VMAC, which uses integer arithmatic. For architectures having AES acceleration but where either $F_{2^{128}}$ acceleration is absent or exists on the same execution unit as AES acceleration, an integer-based variant of AES-GCM may offer a performance advantage, while offering identical security.