Crate ghash

source ·
Expand description

GHASH: universal hash over GF(2^128) used by AES-GCM for message authentication (i.e. GMAC).

§Implementation Notes

The implementation of GHASH found in this crate internally uses the polyval crate, which provides a similar universal hash function used by AES-GCM-SIV (RFC 8452).

By implementing GHASH in terms of POLYVAL, the two universal hash functions can share a common core, meaning any optimization work (e.g. CPU-specific SIMD implementations) which happens upstream in the polyval crate benefits GHASH as well.

From RFC 8452 Appendix A:

GHASH and POLYVAL both operate in GF(2^128), although with different irreducible polynomials: POLYVAL works modulo x^128 + x^127 + x^126 + x^121 + 1 and GHASH works modulo x^128 + x^7 + x^2 + x + 1. Note that these irreducible polynomials are the “reverse” of each other.


  • pub use polyval::universal_hash;


  • GHASH: universal hash over GF(2^128) used by AES-GCM.

Type Aliases§

  • GHASH blocks (16-bytes)
  • GHASH keys (16-bytes)
  • GHASH tags (16-bytes)