GPU-Assisted AES Encryption Using GCM

  • Georg Schönberger
  • Jürgen Fuß
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7025)


We are presenting an implementation of the Galois/Counter Mode (GCM) for the Advanced Encryption Standard (AES) in IPsec in this paper. GCM is a so called “authenticated encryption” as it can ensure confidentiality, integrity and authentication. It uses the Counter Mode for encryption, therefore counters are encrypted for an exclusive-OR with the plaintext. We describe a technique where these encryptions are precomputed on a Graphic Processing Unit (GPU) and can later be used to encrypt the plaintext, whereupon only the exclusive-OR and authentication part of GCM are left to be computed. This technique should primarily not limit the performance to the speed of the AES implementation but allow Gigabit throughput and at the same time minimize the CPU load.


AES Galois/Counter Mode (GCM) IPsec GPU CUDA Gbit/s high-performance 


  1. 1.
    NVIDIA Corporation: NVIDIA CUDA C Programming Guide, Developer Manual (2010),
  2. 2.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D (2007)Google Scholar
  3. 3.
    IEEE Computer Society: Standard for Local and metropolitan area networks: Media Access Control (MAC) Security, New York (2006)Google Scholar
  4. 4.
    Kaufman, C.: Internet Key Exchange (IKEv2) Protocol, RFC 4306 (2005)Google Scholar
  5. 5.
    Viega, J., McGrew, D.: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP), RFC 4106 (2005)Google Scholar
  6. 6.
    Kent, S., Seo, K.: Security Architecture for the Internet Protocol, RFC 4301 (2005)Google Scholar
  7. 7.
    Kent, S.: IP Encapsulating Security Payload (ESP), Request for Comments 4303 (2005)Google Scholar
  8. 8.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Methods and Techniques, NIST Special Publication 800-38A (2001)Google Scholar
  9. 9.
    Akdemir, K., et al.: Breakthrough AES Performance with Intel AES New Instructions, Intel Whitepaper (2010),
  10. 10.
    Gopal, V., et al.: Optimized Galois-Counter-Mode Implementation on Intel Architecture Processors, Intel Whitepaper (2010),
  11. 11.
    Hoban, A.: Using Intel AES New Instructions and PCLMULQDQ to Significantly Improve IPSec Performance on Linux, Intel Whitepaper (2010),
  12. 12.
    Manavski, S.A.: Cuda compatible GPU as an efficient hardware accelerator for AES cryptography. In: Proceedings IEEE International Conference on Signal Processing and Communication, ICSPC (2007)Google Scholar
  13. 13.
    Ottesen, A.: Efficient parallelisation techniques for applications running on GPUs using the CUDA framework, Universitt Oslo (2009),
  14. 14.
    Di Biagio, A., Barenghi, A., Agosta, G.: Design of a Parallel AES for Graphics Hardware using the CUDA framework. In: International Parallel and Distributed Processing Symposium (2009)Google Scholar
  15. 15.
    Jang, K., et al.: SSLShader: Cheap SSL Acceleration with Commodity Processors. In: Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (2011)Google Scholar
  16. 16.
    Han, S., et al.: PacketShader: a GPU-Accelerated Software Router. In: Proceedings of ACM SIGCOMM (2010)Google Scholar
  17. 17.
    McGrew, D.A., Viega, J.: The Galois/Counter Mode of Operation (GCM) - revised, Technical Report (2005),

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Georg Schönberger
    • 1
  • Jürgen Fuß
    • 1
  1. 1.Dept. of Secure Information SystemsUpper Austria University of Applied SciencesHagenberg

Personalised recommendations