AES-GCM-SIV is a mode of operation for the Advanced Encryption Standard which provides similar (but slightly worse[1]) performance to Galois/Counter Mode as well as misuse resistance in the event of the reuse of a cryptographic nonce.
[2] AES-GCM-SIV is designed to preserve both privacy and integrity even if nonces are repeated.
To accomplish this, encryption is a function of a nonce, the plaintext message, and optional additional associated data (AAD).
For this reason, AES-GCM-SIV is an ideal choice in cases that unique nonces cannot be guaranteed, such as multiple servers or network devices encrypting messages under the same key without coordination.
The key feature is the use of a synthetic initialization vector (SIV) which is computed with Galois field multiplication using a construction called POLYVAL (a little-endian variant of Galois/Counter Mode's GHASH).