[][src]Crate ghash

GHASH: universal hash over GF(2^128) used by AES-GCM for message authentication (i.e. GMAC).

Implementation Notes

The implementation of GHASH found in this crate internally uses the polyval crate, which provides a similar universal hash function used by AES-GCM-SIV (RFC 8452).

By implementing GHASH in terms of POLYVAL, the two universal hash functions can share a common core, meaning any optimization work (e.g. CPU-specific SIMD implementations) which happens upstream in the polyval crate benefits GHASH as well.

From RFC 8452 Appendix A: https://tools.ietf.org/html/rfc8452#appendix-A

GHASH and POLYVAL both operate in GF(2^128), although with different irreducible polynomials: POLYVAL works modulo x^128 + x^127 + x^126 + x^121 + 1 and GHASH works modulo x^128 + x^7 + x^2 + x + 1. Note that these irreducible polynomials are the "reverse" of each other.


pub use polyval::universal_hash;



GHASH: universal hash over GF(2^128) used by AES-GCM.

Type Definitions


GHASH blocks (16-bytes)


GHASH keys (16-bytes)


GHASH tags (16-bytes)