GHASHbased

GHASHbased refers to cryptographic constructions that rely on the GHASH function as the core universal hash in authenticated encryption or message authentication schemes. GHASH operates over the 128-bit finite field GF(2^128) and is parameterized by a 128-bit key H, which is typically derived as H = E_K(0^128) from the underlying block cipher key K. Data are processed in 128-bit blocks; starting with Y0 = 0, each step computes Yi = (Yi−1 XOR Xi) multiplied by H in GF(2^128). The resulting GHASH value is then combined with an encrypted nonce to form the authentication tag in GCM-based schemes.

In practical terms, GHASHbased constructions are most familiar through AES-GCM, where GHASH provides the authenticated data

Security and implementation notes emphasize the importance of nonce management: a unique IV per key is essential,