Accelerating AES with Vector Permute Instructions

  • Mike Hamburg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)


We demonstrate new techniques to speed up the Rijndael (AES) block cipher using vector permute instructions. Because these techniques avoid data- and key-dependent branches and memory references, they are immune to known timing attacks. This is the first constant-time software implementation of AES which is efficient for sequential modes of operation. This work can be adapted to several other primitives using the AES S-box such as the stream cipher LEX, the block cipher Camellia and the hash function Fugue. We focus on Intel’s SSSE3 and Motorola’s Altivec, but our techniques can be adapted to other systems with vector permute instructions, such as the IBM Xenon and Cell processors, the ARM Cortex series and the forthcoming AMD “Bulldozer” core.


AES AltiVec SSSE3 vector permute composite fields cache-timing attacks fast implementations 


  1. 1.
    Intel 64 and ia-32 architectures optimization reference manual (2009)Google Scholar
  2. 2.
    Bernstein, D.: Cache-timing attacks on AES. Technical report (2005)Google Scholar
  3. 3.
    Bernstein, D.J., Schwabe, P.: New AES software speed records (2008)Google Scholar
  4. 4.
    Bhaskar, R., Dubey, P., Kumar, V., Rudra, A., Sharma, A.: Efficient Galois field arithmetic on SIMD architectures. In: Proceedings of the 15th ACM Symposium on Parallelism in Algorithms and Architectures, pp. 256–257 (2003)Google Scholar
  5. 5.
    Biryukov, A.: A new 128-bit-key stream cipher: LEX. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2005/013 (2005)Google Scholar
  6. 6.
    Daemen, J., Rijmen, V.: Aes proposal: Rijndael (1999)Google Scholar
  7. 7.
    Halevi, S., Hall, W., Jutla, C.: The hash function fugue (2008)Google Scholar
  8. 8.
    Käsper, E., Schwabe, P.: Faster and timing-attack resistant aes-gcm. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009)Google Scholar
  9. 9.
    Lipmaa, H.: AES ciphers: speed (2006)Google Scholar
  10. 10.
    Nakajima, J., Aoki, K., Kanda, M., Matsui, M., Moriai, S., Ichikawa, T., Tokita, T.: Camellia: A 128-bit block cipher suitable for multiple platforms — design and analysis (2000)Google Scholar
  11. 11.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of aes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Rijmen, V.: Efficient implementation of the rijndael s-box (2000)Google Scholar
  13. 13.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Proc. 9th CCS, pp. 98–107. ACM Press, New York (2002)Google Scholar
  14. 14.
    Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient Rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mike Hamburg
    • 1
  1. 1.Computer Science Dept.Stanford UniversityUSA

Personalised recommendations