TY - GEN
T1 - Processor accelerator for AES
AU - Lee, Ruby B.
AU - Chen, Yu Yuan
PY - 2010/8/24
Y1 - 2010/8/24
N2 - Software AES cipher performance is not fast enough for encryption to be incorporated ubiquitously for all computing needs. Furthermore, fast software implementations of AES that use table lookups are susceptible to software cache-based side channel attacks, leaking the secret encryption key. To bridge the gap between software and hardware AES implementations, several Instruction Set Architecture (ISA) extensions have been proposed to provide speedup for software AES programs, most notably the recent introduction of six AES-specific instructions for Intel microprocessors. However, algorithm-specific instructions are less desirable than general-purpose ones for microprocessors. In this paper, we propose an enhanced parallel table lookup instruction that can achieve the fastest reported software AES encryption and decryption of 1.38 cycles/byte for generalpurpose microprocessors, a 1.45X speedup from the fastest prior work reported. Also, security is improved where cache-based side-channel attacks are thwarted, since all table lookups take the same amount of time. Furthermore, the new instructions can also be used to accelerate any functions that can be accelerated through table lookup operations of one or multiple small tables.
AB - Software AES cipher performance is not fast enough for encryption to be incorporated ubiquitously for all computing needs. Furthermore, fast software implementations of AES that use table lookups are susceptible to software cache-based side channel attacks, leaking the secret encryption key. To bridge the gap between software and hardware AES implementations, several Instruction Set Architecture (ISA) extensions have been proposed to provide speedup for software AES programs, most notably the recent introduction of six AES-specific instructions for Intel microprocessors. However, algorithm-specific instructions are less desirable than general-purpose ones for microprocessors. In this paper, we propose an enhanced parallel table lookup instruction that can achieve the fastest reported software AES encryption and decryption of 1.38 cycles/byte for generalpurpose microprocessors, a 1.45X speedup from the fastest prior work reported. Also, security is improved where cache-based side-channel attacks are thwarted, since all table lookups take the same amount of time. Furthermore, the new instructions can also be used to accelerate any functions that can be accelerated through table lookup operations of one or multiple small tables.
UR - http://www.scopus.com/inward/record.url?scp=77955745096&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77955745096&partnerID=8YFLogxK
U2 - 10.1109/SASP.2010.5521153
DO - 10.1109/SASP.2010.5521153
M3 - Conference contribution
AN - SCOPUS:77955745096
SN - 9781424479528
T3 - Proceedings of the 2010 IEEE 8th Symposium on Application Specific Processors, SASP'10
SP - 16
EP - 21
BT - Proceedings of the 2010 IEEE 8th Symposium on Application Specific Processors, SASP'10
T2 - 8th IEEE Symposium on Application Specific Processors, SASP'10
Y2 - 13 June 2010 through 14 June 2010
ER -