An Instruction Set Extension for Fast and Memory-Efficient AES Implementation

  • Stefan Tillich
  • Johann Großschädl
  • Alexander Szekely
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3677)


As more and more security-critical computation is done in embedded systems it is also becoming increasingly important to facilitate cryptography in such systems. The Advanced Encryption Standard (AES) specifies one of the most important cryptographic algorithms today and has received a lot of attention from researchers. Most prior work has focused on efficient implementations with throughput as main criterion. However, AES implementations in small and constrained environments require additional factors to be accounted for, such as limited memory and energy supply. In this paper we present an inexpensive extension to a 32-bit general-purpose processor which allows compact and fast AES implementations. We have integrated this extension into the SPARC V8-compatible LEON-2 processor and measured a speedup by a factor of up to 1.43 for encryption and 1.3 for decryption. At the same time the code size has been reduced by 30–40%.


Advanced Encryption Standard 32-bit implementation instruction set extensions S-box cache-based side-channel analysis 


  1. 1.
    Bertoni, G., Bircan, A., Breveglieri, L., Fragneto, P., Macchetti, M., Zaccaria, V.: About the performances of the Advanced Encryption Standard in embedded systems with cache memory. In: Proceedings of the 36th IEEE International Symposium on Circuits and Systems (ISCAS 2003), vol. 5, pp. 145–148. IEEE, Los Alamitos (2003)Google Scholar
  2. 2.
    Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., Marchesin, S.: Efficient software implementation of AES on 32-bit platforms. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 159–171. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES power attack based on induced cache miss and countermeasure. In: Proceedings of the 6th International Conference on Information Technology: Coding and Computing (ITCC 2005), pp. 586–591. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  4. 4.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  5. 5.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Gaisler, J.: The LEON-2 Processor User’s Manual (Version 1.0.24) (September 2004), Available for download at
  7. 7.
    Gladman, B.: Implementations of AES (Rijndael) in C/C++ and assembler, Available for download at
  8. 8.
    Irwin, J., Page, D.: Using media processors for low-memory AES implementation. In: 14th International Conference on Application-specific Systems, Architectures and Processors (ASAP 2003), pp. 144–154. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  9. 9.
    Lee, R.B., Shi, Z., Yang, X.: Efficient permutation instructions for fast software cryptography. IEEE Micro. 21(6), 56–69 (2001)CrossRefGoogle Scholar
  10. 10.
    Nadehara, K., Ikekawa, M., Kuroda, I.: Extended instructions for the AES cryptography and their efficient implementation. In: Proceedings of the 18th IEEE Workshop on Signal Processing Systems (SIPS 2004), pp. 152–157. IEEE, Los Alamitos (2004)Google Scholar
  11. 11.
    National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES). Federal Information Processing Standards (FIPS) Publication 197 (November 2001)Google Scholar
  12. 12.
    Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. Technical Report CSTR-02-003, University of Bristol, Bristol, UK (2002)Google Scholar
  13. 13.
    Ravi, S., Raghunathan, A., Potlapally, N., Sankaradass, M.: System design methodologies for a wireless security processing platform. In: Proceedings of the 39th Design Automation Conference (DAC 2002), pp. 777–782. ACM Press, New York (2002)Google Scholar
  14. 14.
    Schaumont, P., Sakiyama, K., Hodjat, A., Verbauwhede, I.: Embedded software integration for coarse-grain reconfigurable systems. In: Proceedings fo the 18th International Parallel and Distributed Processing Symposium (IPDPS 2004), pp. 137–142. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  15. 15.
    Sinha, A., Chandrakasan, A.: Jouletrack – A web based tool for software energy profiling. In: Proceedings of the 38th Design Automation Conference (DAC 2001), pp. 220–225. ACM Press, New York (2001)Google Scholar
  16. 16.
    Tensilica Inc. Xtensa Application Specific Microprocessor Solutions. Overview handbook (2001), Available for download at
  17. 17.
    Tillich, S., Großschädl, J.: Accelerating AES using instruction set extensions for elliptic curve cryptography. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 665–675. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Tsunoo, Y., Tsujihara, E., Minematsu, K., Miyauchi, H.: Cryptanalysis of block ciphers implemented on computers with cache. In: Proceedings of the 25th International Symposium on Information Theory and Its Applications (ISITA 2002), SITA (2002)Google Scholar
  19. 19.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES sboxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Stefan Tillich
    • 1
  • Johann Großschädl
    • 1
  • Alexander Szekely
    • 1
  1. 1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria

Personalised recommendations