Abstract
We demonstrate new techniques to speed up the Rijndael (AES) block cipher using vector permute instructions. Because these techniques avoid data- and key-dependent branches and memory references, they are immune to known timing attacks. This is the first constant-time software implementation of AES which is efficient for sequential modes of operation. This work can be adapted to several other primitives using the AES S-box such as the stream cipher LEX, the block cipher Camellia and the hash function Fugue. We focus on Intel’s SSSE3 and Motorola’s Altivec, but our techniques can be adapted to other systems with vector permute instructions, such as the IBM Xenon and Cell processors, the ARM Cortex series and the forthcoming AMD “Bulldozer” core.
Chapter PDF
Similar content being viewed by others
References
Intel 64 and ia-32 architectures optimization reference manual (2009)
Bernstein, D.: Cache-timing attacks on AES. Technical report (2005)
Bernstein, D.J., Schwabe, P.: New AES software speed records (2008)
Bhaskar, R., Dubey, P., Kumar, V., Rudra, A., Sharma, A.: Efficient Galois field arithmetic on SIMD architectures. In: Proceedings of the 15th ACM Symposium on Parallelism in Algorithms and Architectures, pp. 256–257 (2003)
Biryukov, A.: A new 128-bit-key stream cipher: LEX. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2005/013 (2005)
Daemen, J., Rijmen, V.: Aes proposal: Rijndael (1999)
Halevi, S., Hall, W., Jutla, C.: The hash function fugue (2008)
Käsper, E., Schwabe, P.: Faster and timing-attack resistant aes-gcm. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009)
Lipmaa, H.: AES ciphers: speed (2006)
Nakajima, J., Aoki, K., Kanda, M., Matsui, M., Moriai, S., Ichikawa, T., Tokita, T.: Camellia: A 128-bit block cipher suitable for multiple platforms — design and analysis (2000)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of aes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Rijmen, V.: Efficient implementation of the rijndael s-box (2000)
Rogaway, P.: Authenticated-encryption with associated-data. In: Proc. 9th CCS, pp. 98–107. ACM Press, New York (2002)
Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient Rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hamburg, M. (2009). Accelerating AES with Vector Permute Instructions. In: Clavier, C., Gaj, K. (eds) Cryptographic Hardware and Embedded Systems - CHES 2009. CHES 2009. Lecture Notes in Computer Science, vol 5747. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04138-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-04138-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04137-2
Online ISBN: 978-3-642-04138-9
eBook Packages: Computer ScienceComputer Science (R0)