GCM 是一个块密码计数器模式。计数器模式有效地将块密码转换为流密码，因此用于流密码的许多规则仍然适用。重要的是注意，相同的Key + IV将总是产生相同的PRNG流，并且重新使用该PRNG流可以导致攻击者用简单的XOR获得明文。在协议中，相同的Key + IV可以用于会话的生命期，只要模式的计数器不包装（int overflow）。例如，协议可以具有两个方，并且它们具有预共享的秘密密钥，然后它们可以协商用作每个会话的IV的新的加密的随机数（记住随机数意味着使用仅一次 ）。

GCM is a block cipher counter mode with authentication. A Counter mode effectively turns a block cipher into a stream cipher, and therefore many of the rules for stream ciphers still apply. Its important to note that the same Key+IV will always produce the same PRNG stream, and reusing this PRNG stream can lead to an attacker obtaining plaintext with a simple XOR. In a protocol the same Key+IV can be used for the life of the session, so long as the mode's counter doesn't wrap (int overflow). For example, a protocol could have two parties and they have a pre-shared secret key, then they could negotiate a new cryptographic Nonce that is used as the IV for each session (Remember nonce means use ONLY ONCE).

如果你想使用AES作为块密码，你应该查看 CMAC模式或者可能是OMAC1变体。使用CMAC模式，适用于仍然CBC的所有规则。在这种情况下，您必须确保每个数据包使用独特的IV，也随机。然而，重要的是注意，重用IV不像重复使用PRNG流一样可怕的后果。

If you want to use AES as a block cipher you should look into CMAC Mode or perhaps the OMAC1 variant. With CMAC mode all of the rules for still CBC apply. In this case you would have to make sure that each packet used a unique IV that is also random. However its important to note that reusing an IV doesn't have nearly as dire consequences as reusing PRNG stream.