Abstract
While the ARMv8-A ISA allows for hardware accelerated cryptographic instructions, such extension is not available for every device, being added at the discretion of the CPU manufacturer. Prime examples of ARMv8 devices without this support are the low cost Raspberry Pi 3B/3B+/4 single board computers. This work presents an optimized AES implementation targeting CPUs without Cryptography Extension instructions, relying only on ASIMD operations. We show a new implementation that processes four blocks at the same time, which requires block permutations and modified versions of the main layers. In particular, we provide a new efficient formula for computing the MixColumns layer. The time performance our AES implementation outperforms the current ASIMD implementation found in the Linux Kernel by about 5%.
The authors gracefully acknowledge financial support from the São Paulo Research Foundation (FAPESP), under the “Segurança e Confiabilidade da Informação: Teoria e Aplicações” Thematic Project no. 2013/25.977-7.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_8
Bernstein, D.J., Schwabe, P.: NEON crypto. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 320–339. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_19
Biesheuvel, A.: Accelerated AES for the Arm64 Linux kernel, January 2017. https://www.linaro.org/blog/accelerated-aes-for-the-arm64-linux-kernel/
blu: How ARM Nerfed NEON Permute Instructions in ARMv8, August 2017. https://www.cnx-software.com/2017/08/07/how-arm-nerfed-neon-permute-instructions-in-armv8/
Bogdanov, A., Isobe, T., Tischhauser, E.: Towards practical whitebox cryptography: optimizing efficiency and space hardness. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 126–158. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_5
Cho, J., Choi, K.Y., Dinur, I., Dunkelman, O., Keller, N., Moon, D., Veidberg, A.: WEM: a new family of white-box block ciphers based on the even-mansour construction. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 293–308. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52153-4_17
Crowley, P., Biggers, E.: Adiantum: length-preserving encryption for entry-level processors. IACR Trans. Symmetric Cryptol. 2018(4), 39–61 (2018)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Gouvêa, C.P.L., López, J.: Implementing GCM on ARMv8. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 167–180. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_9
Hamburg, M.: Accelerating AES with vector permute instructions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 18–32. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_2
Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_1
Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_18
Maximov, A.: AES MixColumn with 92 XOR gates. Cryptology ePrint Archive, Report 2019/833 (2019). https://eprint.iacr.org/2019/833
NIST: Announcing the Advanced Encryption Standard (AES). U.S. Department of Commerce/National Institute of Standards and Technology (2001). Federal Information Processing Standards Publication 197. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1
Rodrigues, F.C., Fujii, H., Zoppi Serpa, A.C., Sider, G., Dahab, R., López, J.: Fast white-box implementations of dedicated ciphers on the ARMv8 architecture. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 341–363. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_17
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A: Illustrations of ARMv8 ASIMD Instructions
Appendix A: Illustrations of ARMv8 ASIMD Instructions
Figures 4 and 5 in this appendix presents illustrations of some ARMv8 ASIMD instructions summarized in Sect. 3.1.
Usage of the tbl instruction to substitute or permute the input vector vn. Results written on register vd.
Usage of the ext instruction to extract words or execute rotations a 128-bit word.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fujii, H., Rodrigues, F.C., López, J. (2020). Fast AES Implementation Using ARMv8 ASIMD Without Cryptography Extension. In: Seo, J. (eds) Information Security and Cryptology – ICISC 2019. ICISC 2019. Lecture Notes in Computer Science(), vol 11975. Springer, Cham. https://doi.org/10.1007/978-3-030-40921-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-40921-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-40920-3
Online ISBN: 978-3-030-40921-0
eBook Packages: Computer ScienceComputer Science (R0)