New AES software speed records. (English) Zbl 1203.94093

Roy Chowdhury, Dipanwita (ed.) et al., Progress in cryptology – INDOCRYPT 2008. 9th international conference on cryptology in India, Kharagpur, India, December 14–17, 2008. Proceedings. Berlin: Springer (ISBN 978-3-540-89753-8/pbk). Lecture Notes in Computer Science 5365, 322-336 (2008).
Summary: This paper presents new speed records for AES software, taking advantage of (1) architecture-dependent reduction of instructions used to compute AES and (2) microarchitecture-dependent reduction of cycles used for those instructions. A wide variety of common CPU architectures – amd64, ppc32, sparcv9, and x86 – are discussed in detail, along with several specific microarchitectures.
For the entire collection see [Zbl 1154.94005].


94A60 Cryptography
Full Text: DOI Link


[1] Aoki, K., Lipmaa, H.: Fast implementations of AES candidates. In: AES Candidate Conference, pp. 106–120 (2000)
[2] Atasu, K., Breveglieri, L., Macchetti, M.: Efficient AES implementations for ARM based platforms. In: SAC 2004: Proceedings of the 2004 ACM symposium on Applied computing, pp. 841–845. ACM, New York (2004), http://doi.acm.org/10.1145/967900.968073
[3] Bernstein, D.J.: Cache-timing attacks on AES (2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
[4] Bernstein, D.J.: estreambench software package (2008), http://cr.yp.to/streamciphers/timings.html#toolkit-estreambench
[5] Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., Marchesin, S.: Efficient software implementation of AES on 32-bit platforms. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 159–171. Springer, Heidelberg (2003) · Zbl 1019.68539 · doi:10.1007/3-540-36400-5_13
[6] Biryukov, A.: A new 128 bit key stream cipher: Lex (2005), http://www.ecrypt.eu.org/stream/papers.html
[7] Daemen, J., Rijmen, V.: AES proposal: Rijndael (1999), http://www.iaik.tugraz.at/Research/krypto/AES/old/ rijmen/rijndael/rijndaeldocV2.zip · Zbl 1065.94005
[8] Darnall, M., Kuhlman, D.: AES software implementations on ARM7TDMI. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 424–435. Springer, Heidelberg (2006), http://dx.doi.org/10.1007/11941378_30 · Zbl 1175.94072 · doi:10.1007/11941378_30
[9] De Cannière, C.: The eSTREAM project: software performance (2008), http://www.ecrypt.eu.org/stream/perf
[10] ECRYPT. The eSTREAM project (2008), http://www.ecrypt.eu.org/stream
[11] Fog, A.: How to optimize for the Pentium family of microprocessors (2008), http://www.agner.org/assem/
[12] Gladman, B.: AES and combined encryption/authentication modes (2006), http://fp.gladman.plus.com/AES/
[13] Harrison, O., Waldron, J.: AES encryption implementation and analysis on commodity graphics processing units. In: Paillier and Verbauwhede [22], pp. 209–226 · Zbl 05344373 · doi:10.1007/978-3-540-74735-2_15
[14] Könighofer, R.: A fast and cache-timing resistant implementation of the AES. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 187–202. Springer, Heidelberg (2008) · Zbl 1153.68373 · doi:10.1007/978-3-540-79263-5_12
[15] Lipmaa, H.: AES ciphers: speed in no-feedback mode (2006), http://www.adastral.ucl.ac.uk/ helger/research/aes/nfb.html
[16] Lipmaa, H.: AES/Rijndael: speed (2006), http://www.adastral.ucl.ac.uk/ helger/research/aes/rijndael.html
[17] Matsui, M.: How far can we go on the x64 processors? In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 341–358. Springer, Heidelberg (2006), http://www.iacr.org/archive/fse2006/40470344/40470344.pdf · Zbl 05538954 · doi:10.1007/11799313_22
[18] Matsui, M., Fukuda, S.: How to maximize software performance of symmetric primitives on Pentium III and 4 processors. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 398–412. Springer, Heidelberg (2005) · Zbl 1140.68393 · doi:10.1007/11502760_27
[19] Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: Paillier and Verbauwhede [22], pp. 121–134, http://dx.doi.org/10.1007/978-3-540-74735-2_9 · Zbl 05344367 · doi:10.1007/978-3-540-74735-2_9
[20] Osvik, D.A.: Fast assembler implementations of the AES (2003), http://www.ii.uib.no/ osvik/pres/crypto2003.html
[21] Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006), http://dx.doi.org/10.1007/11605805_1 · Zbl 1125.94326 · doi:10.1007/11605805_1
[22] Paillier, P., Verbauwhede, I. (eds.): CHES 2007. LNCS, vol. 4727. Springer, Heidelberg (2007) · Zbl 1143.68315
[23] Rebeiro, C., Selvakumar, A.D., Devi, A.S.L.: Bitslice implementation of AES. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 203–212. Springer, Heidelberg (2006), http://dx.doi.org/10.1007/11935070_14 · Zbl 1307.94089 · doi:10.1007/11935070_14
[24] Schneier, B., Whiting, D.: A performance comparison of the five AES finalists. In: AES Candidate Conference, pp. 123–135 (2000)
[25] Weiss, R., Binkert, N.L.: A comparison of AES candidates on the Alpha 21264. In: AES Candidate Conference, pp. 75–81 (2000)
[26] Worley, J., Worley, B., Christian, T., Worley, C.: AES finalists on PA-RISC and IA-64: implementations & performance. In: AES Candidate Conference, pp. 57–74 (2000)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.