Galois Extended Mode (GEM) is a block cipher mode similar to Galois/Counter Mode but with the following enhancements:
- Nonces are now longer than 96-bit. AES-256-GEM uses 256-bit nonces, while AES-128-GEM uses 192-bit nonces. Consequently, you can use AES-GEM to encrypt a virtually unlimited number of messages under the same key.
- The maximum length for an encrypted message is about 2 exabytes (2^61 bytes), rather than about 64 gigabytes (2^36 - 32 bytes).
- The weaknesses with truncated GCM tags have been addressed at the cost of one additional AES encrypt operation.
GEM achieves this with minimal overhead.
I don't know if this is a good idea or not, I don't even know if anybody's reviewed it yet. But, just in case it seems smart to keep a link handy.