AES Encryption Modes
AES-GCM, AES-CBC, AES-CTR

Introduction

When it comes to encryption, the Advanced Encryption Standard (AES) offers several modes of operation that cater to different security needs. Among these modes, AES-GCM (Galois/Counter Mode), AES-CBC (Cipher Block Chaining), and AES-CTR (Counter Mode) stand out. This article delves into the differences between these modes, their performance, key sizes, resource usage, and when to use each one.

AES-GCM (Galois/Counter Mode)

AES-GCM is a modern encryption mode that provides both encryption and integrity. It combines the counter mode (CTR) for encryption and the Galois mode for authentication. This mode is widely used due to its efficiency and security.

async function encryptAESGCM(plainText, key) {
  const iv = window.crypto.getRandomValues(new Uint8Array(12)); // 12-byte IV for GCM

  const ciphertext = await window.crypto.subtle.encrypt(
    {
      name: "AES-GCM",
      iv: iv,
    },
    key,
    new TextEncoder().encode(plainText),
  );

  return { ciphertext, iv };
}

How AES-GCM Works:

• Encryption: Data is encrypted using the counter mode (CTR).
• Authentication: A Galois Message Authentication Code (GMAC) is generated to ensure the integrity of both the ciphertext and any additional authenticated data (AAD).

AES-CBC (Cipher Block Chaining)

AES-CBC is a block cipher mode that uses an initialization vector (IV) to encrypt data in blocks. Each block of plaintext is XORed with the previous ciphertext block before being encrypted.

async function encryptAESCBC(plainText, key) {
  const iv = window.crypto.getRandomValues(new Uint8Array(16)); // 16-byte IV for CBC

  const ciphertext = await window.crypto.subtle.encrypt(
    {
      name: "AES-CBC",
      iv: iv,
    },
    key,
    new TextEncoder().encode(plainText),
  );

  return { ciphertext, iv };
}

How AES-CBC Works:

• Encryption: The plaintext is divided into fixed-size blocks. Each block is XORed with the previous ciphertext block and then encrypted.
• Decryption: The process is reversed, using the IV and the ciphertext blocks to recover the original plaintext.

AES-CTR (Counter Mode)

AES-CTR is a block cipher mode that turns a block cipher into a stream cipher. It generates a unique keystream by encrypting successive values of a counter and then XORs this keystream with the plaintext.

async function encryptAESCTR(plainText, key) {
  const counter = window.crypto.getRandomValues(new Uint8Array(16)); // 16-byte counter for CTR

  const ciphertext = await window.crypto.subtle.encrypt(
    {
      name: "AES-CTR",
      counter: counter,
      length: 64, // Length of the counter in bits
    },
    key,
    new TextEncoder().encode(plainText),
  );

  return { ciphertext, counter };
}

How AES-CTR Works:

• Encryption: A counter value is encrypted to produce a keystream, which is then XORed with the plaintext to produce the ciphertext.
• Decryption: The same counter value is used to regenerate the keystream, which is XORed with the ciphertext to recover the plaintext.

Comparison Table

Feature	AES-GCM	AES-CBC	AES-CTR
Confidentiality	Yes	Yes	Yes
Authentication	Yes	No	No
Integrity	Yes	No	No
Performance	High	Medium	High
Key Size	128, 192, or 256 bits	128, 192, or 256 bits	128, 192, or 256 bits
Resources Usage	Moderate (slightly higher)	Moderate	Low
Usage	IoT, messaging, network protocols	Legacy systems, non-critical applications	High-performance, parallel processing
Use Cases	Secure communication, TLS, IPsec	File encryption, database encryption	Streaming data, real-time encryption

Conclusion

Choosing the right AES mode depends on the specific requirements of your application. AES-GCM is the most secure option when both confidentiality and integrity are needed, while AES-CBC is suitable for data at rest. AES-CTR excels in performance for streaming applications. Understanding the differences and use cases of each mode will help you make informed decisions in your encryption strategy.