The Intel AES Instructions Set and the SHA-3 Candidates

  • Ryad Benadjila
  • Olivier Billet
  • Shay Gueron
  • Matt J. B. Robshaw
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)


The search for SHA-3 is now well-underway and the 51 submissions accepted for the first round reflected a wide variety of design approaches. A significant number were built around Rijndael/AES-based operations and, in some cases, the AES round function itself. Many of the design teams pointed to the forthcoming Intel AES instructions set, to appear on Westmere chips during 2010, when making a variety of performance claims. In this paper we study, for the first time, the likely impact of the new AES instructions set on all the SHA-3 candidates that might benefit. As well as distinguishing between those algorithms that are AES-based and those that might be described as AES-inspired, we have developed optimised code for all the former. Since Westmere processors are not yet available, we have developed a novel software technique based on publicly available information that allows us to accurately emulate the performance of these algorithms on the currently available Nehalem processor. This gives us the most accurate insight to-date of the potential performance of SHA-3 candidates using the Intel AES instructions set.


Hash Function Advance Encryption Standard Compression Function Round Function Intel Corporation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Atalay, A., Kara, O., Karakoc, F., Manap, C.: Shamata Hash Function Algorithm Specifications, [26]Google Scholar
  2. 2.
    Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 Proposal: ECHO. Available from [26]Google Scholar
  3. 3.
    Bernstein, D.: Cache-timing attacks on AES, preprint (2005),
  4. 4.
    Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function. Available from [26]Google Scholar
  5. 5.
    Bjørstad, T.: A Short Note on AES-inspired Hashes. Posting to NIST SHA-3 mailing list, 25 May (2009)Google Scholar
  6. 6.
    Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: Arirang. Available from [26]Google Scholar
  7. 7.
    Coppersmith, D., Pilpel, S., Meyer, C.H., Matyas, S.M., Hyden, M.M., Oseas, J., Brachtl, B., Schilling, M.: Data authentication using modification detection codes based on a public one way encryption function. U.S. Patent No. 4,908,861, March 13 (1990)Google Scholar
  8. 8.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg ISBN 3-540-42580-2Google Scholar
  9. 9.
    ECRYPT. eBASH: ECRYPT Benchmarking of All Submitted Hashes,
  10. 10.
  11. 11.
    Fleischmann, E., Forler, C., Gorski, M.: The Twister Hash Function Family. Available from [26]Google Scholar
  12. 12.
    Gauravaram, P., Knudsen, L., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.: Grøstl—a SHA-3 Candidate. Available from [26]Google Scholar
  13. 13.
    Gueron, S.: Intel’s Advanced Encryption Standard (AES) Instructions Set. Intel Corporation White Paper (March 2009),
  14. 14.
    Gueron, S.: Intel’s New AES Instructions for Enhanced Performance and Security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)Google Scholar
  15. 15.
    Halevi, S., Hall, W., Jutla, C.: The Hash Function Fugue. Available from [26]Google Scholar
  16. 16.
    Hirose, S., Kuwakado, H., Yoshida, H.: SHA-3 Proposal: Lesamnta. Available from [26]Google Scholar
  17. 17.
    Hirose, S., Kuwakado, H., Yoshida, H.: The Hash Function Famly Lesamnta,
  18. 18.
    Indesteege, S.: The LANE Hash Function. Available from [26]Google Scholar
  19. 19.
    Intel Corporation. Intel 64 and IA-32 Architectures Optimization Reference Manual, Table 2-6 of,
  20. 20.
    Intel Corporation. Intel Software Development Emulator (SDE),
  21. 21.
    Intel Corporation. Intel IACA tool: A Static Code Analyser,
  22. 22.
    Khovratovich, D., Biryukov, A., Nikolić, I.: The Hash Function Cheetah. Available from [26]Google Scholar
  23. 23.
    Kounavis, M., Gueron, S.: Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication. Available from [26]Google Scholar
  24. 24.
    National Institute of Standards and Technology. FIPS 197: Advanced Encryption Standard,
  25. 25.
    National Institute of Standards and Technology. The SHA-3 Hash Function Competition. Available from [26]Google Scholar
  26. 26.
    National Institute of Standards and Technology. First Round Candidates of the SHA-3 Hash Function Competition,
  27. 27.
    Nikolić, I., Biryukov, A., Khovratovich, D.: Hash Family LUX. Available from [26]Google Scholar
  28. 28.
  29. 29.
    Optimised implementations of SHA-3 submissions using AES-NI,
  30. 30.
    Osvik, D., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Varıcı, K., Özen, O., Kocair, Ç.: Sarmal: SHA-3 Proposal. Available from [26]Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ryad Benadjila
    • 1
  • Olivier Billet
    • 1
  • Shay Gueron
    • 2
    • 3
  • Matt J. B. Robshaw
    • 1
  1. 1.Orange LabsIssy les MoulineauxFrance
  2. 2.University of HaifaIsrael
  3. 3.Intel CorporationHaifaIsrael

Personalised recommendations