Which mode of operation provides authenticated encryption with associated data (AEAD)?

Galois/Counter Mode (GCM) is a mode of operation for cryptographic block ciphers that provides authenticated encryption with associated data (AEAD). This means that GCM not only encrypts the data to ensure confidentiality but also generates an authentication tag that allows the integrity and authenticity of both the ciphertext and the associated plaintext data to be verified.

One of the key features of GCM is its ability to authenticate both the encrypted message and additional data that is not encrypted but still needs to be protected, such as headers or other non-confidential information. This dual capability makes GCM very effective for modern cryptographic applications, particularly in network security protocols, where both encryption and integrity are required.

GCM achieves speed and security through its integration of counter mode for encryption and a universal hashing technique for integrity checking. This combination allows it to be highly efficient, making it suitable for high-throughput applications.

The other modes, while useful for various purposes, do not provide the same combination of authenticated encryption and associated data. For instance, ChaCha is a stream cipher that primarily provides confidentiality without the explicit AEAD features, while AES is simply a symmetric encryption standard. CBC, although a widely used mode, does not support AEAD by itself, as