Title On the Counter Collision Probability of GCM
Abstract A counter collision in GCM is a bad event in the sense that, once it occurs, partial information about plaintexts can leak. Both upper and lower bounds on the counter collision probability are known, and there is a large gap between them. In this talk, we narrow the gap by finding a better lower bound.
Joint work with Keisuke Ohashi and Yuichi Niwa