Cryptographic Hardware and Embedded Systems – CHES 2011

Volume 6917 of the series Lecture Notes in Computer Science pp 507-522

Efficient Hashing Using the AES Instruction Set

  • Joppe W. BosAffiliated withLaboratory for Cryptologic Algorithms, EPFL
  • , Onur ÖzenAffiliated withLaboratory for Cryptologic Algorithms, EPFL
  • , Martijn StamAffiliated withDepartment of Computer Science, University of Bristol


In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockcipher with AES, which allows us to exploit the recent AES instruction set (AES-NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on Rijndael-256. Although we primarily target architectures supporting AES-NI, our framework has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multi-block-length hash functions in software.