• XAES-256-GCM: An authenticated encryption with additional data (AEAD) algorithm with 256-bit keys and 192-bit nonces. Designed with goals like large nonce for safe random generation, FIPS 140 compliance, and easy implementation. It's an extended-nonce construction on AES-256-GCM, costing three AES-256ₖ calls per message with some precomputation optimizations. There are Go,.NET 8+, pyca/cryptography, and Web Cryptography API implementations. It's designed to be safe, compliant, and interoperable, complementing other AEADs.
• Motivation and Comparison: Half the point of using AES-GCM is FIPS 140 compliance. There are alternatives if compliance isn't a goal. The specification includes test vectors and accumulated test vectors.
• Personal Update: About a year ago, the author wanted to use XAES-256-GCM/11 which didn't exist. Now there is a specification. In two weeks, there will be an exciting update about professional open source maintainer effort. Subscribers can follow on different platforms.
• The Picture: The author participated in the Centopassi motorcycle competition, covering 1600km in three and a half days through 100 GPS coordinates. The picture is of a 2014 KTM Duke 690 at the 100th location with a scenic view. The author's clients like Sigsum, Latacora, Interchain, Smallstep, Ava Labs, Teleport, SandboxAQ, Charm, and Tailscale are funding his work and getting access to advice. Latacora provides security services for startups. Teleport focuses on identity governance and security. Ava Labs believes in open source cryptographic protocol maintenance. SandboxAQ's AQtive Guard helps with cryptographic management.