GCM allows most of the work in an encryption to be done offline (and ahead of time) by other processors, reducing latency and increasing throughput. It'd be lovely if we could do this in Java, but I can't really see a way to fit this in to the platform security framework. We don't want to do this eagerly, because we don't know that more data will be encrypted and we don't want to speculate.
However, if we had a hint that (say) a large stream would need to encrypt a megabyte of data at some time in the future we could precompute a megabyte of keystream. Has anyone considered this? Andrew.
