Fast AES Implementation Using ARMv8 ASIMD Without Cryptography Extension

  • Hayato FujiiEmail author
  • Félix Carvalho Rodrigues
  • Julio López
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11975)


While the ARMv8-A ISA allows for hardware accelerated cryptographic instructions, such extension is not available for every device, being added at the discretion of the CPU manufacturer. Prime examples of ARMv8 devices without this support are the low cost Raspberry Pi 3B/3B+/4 single board computers. This work presents an optimized AES implementation targeting CPUs without Cryptography Extension instructions, relying only on ASIMD operations. We show a new implementation that processes four blocks at the same time, which requires block permutations and modified versions of the main layers. In particular, we provide a new efficient formula for computing the MixColumns layer. The time performance our AES implementation outperforms the current ASIMD implementation found in the Linux Kernel by about 5%.


AES ARMv8 ASIMD Linux cryptography API 


  1. 1.
    Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). Scholar
  2. 2.
    Bernstein, D.J., Schwabe, P.: NEON crypto. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 320–339. Springer, Heidelberg (2012). Scholar
  3. 3.
    Biesheuvel, A.: Accelerated AES for the Arm64 Linux kernel, January 2017.
  4. 4.
    blu: How ARM Nerfed NEON Permute Instructions in ARMv8, August 2017.
  5. 5.
    Bogdanov, A., Isobe, T., Tischhauser, E.: Towards practical whitebox cryptography: optimizing efficiency and space hardness. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 126–158. Springer, Heidelberg (2016). Scholar
  6. 6.
    Cho, J., Choi, K.Y., Dinur, I., Dunkelman, O., Keller, N., Moon, D., Veidberg, A.: WEM: a new family of white-box block ciphers based on the even-mansour construction. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 293–308. Springer, Cham (2017). Scholar
  7. 7.
    Crowley, P., Biggers, E.: Adiantum: length-preserving encryption for entry-level processors. IACR Trans. Symmetric Cryptol. 2018(4), 39–61 (2018)Google Scholar
  8. 8.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). Scholar
  9. 9.
    Gouvêa, C.P.L., López, J.: Implementing GCM on ARMv8. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 167–180. Springer, Cham (2015). Scholar
  10. 10.
    Hamburg, M.: Accelerating AES with vector permute instructions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 18–32. Springer, Heidelberg (2009). Scholar
  11. 11.
    Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009). Scholar
  12. 12.
    Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). Scholar
  13. 13.
    Maximov, A.: AES MixColumn with 92 XOR gates. Cryptology ePrint Archive, Report 2019/833 (2019).
  14. 14.
    NIST: Announcing the Advanced Encryption Standard (AES). U.S. Department of Commerce/National Institute of Standards and Technology (2001). Federal Information Processing Standards Publication 197.
  15. 15.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). Scholar
  16. 16.
    Rodrigues, F.C., Fujii, H., Zoppi Serpa, A.C., Sider, G., Dahab, R., López, J.: Fast white-box implementations of dedicated ciphers on the ARMv8 architecture. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 341–363. Springer, Cham (2019). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Institute of ComputingUniversity of Campinas (Unicamp)CampinasBrazil

Personalised recommendations