Abstract
NEON is a vector instruction set included in a large fraction of new ARM-based tablets and smartphones. This paper shows that NEON supports high-security cryptography at surprisingly high speeds; normally data arrives at lower speeds, giving the CPU time to handle tasks other than cryptography. In particular, this paper explains how to use a single 800MHz Cortex A8 core to compute the existing NaCl suite of high-security cryptographic primitives at the following speeds: 5.60 cycles per byte (1.14 Gbps) to encrypt using a shared secret key, 2.30 cycles per byte (2.78 Gbps) to authenticate using a shared secret key, 527102 cycles (1517/second) to compute a shared secret key for a new public key, 624846 cycles (1280/second) to verify a signature, and 244655 cycles (3269/second) to sign a message. These speeds make no use of secret branches and no use of secret memory addresses.
Chapter PDF
Similar content being viewed by others
Keywords
References
– (no editor): 9th IEEE symposium on application specific processors. Institute of Electrical and Electronics Engineers (2011). See [33]
Aciiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: CHES 2010 [31], pp. 110–124 (2010). Citations in this document: §1
ARM Limited: Cortex-A8 technical reference manual, revision r3p2 (2010), http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0344k/index.html . Citations in this document: §2
Bernstein, D.J.: Floating-point arithmetic and message authentication (1999), http://cr.yp.to/papers.html#hash127 . Citations in this document: §4, §4, §4, §4
Bernstein, D.J.: The Poly1305-AES message-authentication code. In: FSE 2005 [20], pp. 32–49 (2005), http://cr.yp.to/papers.html#poly1305 . Citations in this document: §1, §4, §4
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: PKC 2006 [49], pp. 207–228 (2006), http://cr.yp.to/papers.html#curve25519 . Citations in this document: §1, §5, §5, §5
Bernstein, D.J.: qhasm software package (2007), http://cr.yp.to/qhasm.html . Citations in this document: §2
Bernstein, D.J.: Polynomial evaluation and message authentication (2007), http://cr.yp.to/papers.html#pema . Citations in this document: §4
Bernstein, D.J.: The Salsa20 family of stream ciphers. In: [37], pp. 84–97 (2008), http://cr.yp.to/papers.html#salsafamily . Citations in this document: §1, §3
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed highsecurity signatures. In: CHES 2011 [36] (2011), http://eprint.iacr.org/2011/368 . Citations in this document: §1, §5, §5
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Asiacrypt 2007 [30], pp. 29–50 (2007), http://eprint.iacr.org/2007/286 . Citations in this document: §5
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems, accessed 5 March 2012 (2012), http://bench.cr.yp.to . Citations in this document: §1, §3, §4, §5, §5
Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library (2011), http://eprint.iacr.org/2011/646 . Citations in this document: §1
Black, J., Cochran, M.: MAC reforgeability. In: FSE 2009 [19], pp. 345–362 (2009), http://eprint.iacr.org/2006/095 . Citations in this document: §4
Canteaut, A., Viswanathan, K. (eds.): Progress in cryptology—INDOCRYPT 2004, 5th international conference on cryptology in India, Chennai, India, December 20-22, 2004, proceedings. LNCS, vol. 3348. Springer, Heidelberg (2004) ISBN 3-540-24130-2. See [32]
Clavier, C., Gaj, K. (eds.): Cryptographic hardware and embedded systems—CHES 2009, 11th international workshop, Lausanne, Switzerland, September 6-9, 2009, proceedings. LNCS, vol. 5747. Springer, Heidelberg (2009) ISBN 978-3-642- 04137-2. See [23]
Costigan, N., Schwabe, P.: Fast elliptic-curve cryptography on the Cell Broadband Engine. In: Africacrypt 2009 [35], pp. 368–385 (2009), http://cryptojedi.org/users/peter/#celldh . Citations in this document: §1
den Boer, B.: A simple and key-economical unconditional authentication scheme. Journal of Computer Security 2, 65–71 (1993) ISSN 0926-227X. Citations in this document: §4
Dunkelman, O. (ed.): Fast software encryption, 16th international workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, revised selected papers. LNCS, vol. 5665. Springer, Heidelberg (2009) ISBN 978-3-642-03316-2. See [14]
Gilbert, H., Handschuh, H. (eds.): Fast software encryption: 12th international workshop, FSE 2005, Paris, France, February 21-23, 2005, revised selected papers. LNCS, vol. 3557. Springer, Heidelberg (2005) ISBN 3-540-26541-4. See [5]
Handschuh, H., Preneel, B.: Key-recovery attacks on universal hash function based MAC algorithms. In: CRYPTO 2008 [46], pp. 144–161 (2008), https://www.iacr.org/archive/crypto2008/51570145/51570145.pdf . Citations in this document: §4
Helleseth, T. (ed.): Advances in cryptology—EUROCRYPT ’93, workshop on the theory and application of cryptographic techniques, Lofthus, Norway, May 23-27, 1993, proceedings. LNCS, vol. 765. Springer, Heidelberg (1994) ISBN 3-540-57600-2. See [24]
Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: CHES 2009 [16], pp. 1–17 (2009), http://eprint.iacr.org/2009/129 . Citations in this document: §3, §4
Johansson, T., Kabatianskii, G., Smeets, B.J.M.: On the relation between Acodes and codes correcting independent errors. In: EUROCRYPT ’93 [22], pp. 1–11 (1994). Citations in this document: §4
Joux, A. (ed.): Fast software encryption—18th international workshop, FSE 2011, Lyngby, Denmark, February 13-16, 2011, revised selected papers. LNCS, vol. 6733. Springer, Heidelberg (2011) ISBN 978-3-642-21701-2. See [29]
Koblitz, N. (ed.): Advances in cryptology—CRYPTO ’96. LNCS, vol. 1109. Springer, Heidelberg (1996). See [39]
Kohno, T., Viega, J., Whiting, D.: CWC: a high-performance conventional authenticated encryption mode. In: FSE 2004 [38], pp. 408–426 (2004), http://eprint.iacr.org/2003/106 . Citations in this document: §4
Krovetz, T., Rogaway, P.: Fast universal hashing with small keys and no preprocessing: the PolyR construction. In: ICISC 2000 [48], pp. 73–89 (2001), http://www.cs.ucdavis.edu/~rogaway/papers/poly.htm . Citations in this document: §4
Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: FSE 2011 [25], pp. 306–327 (2011), http://www.cs.ucdavis.edu/~rogaway/papers/ae.pdf . Citations in this document: §3, §4, §4
Kurosawa, K. (ed.): Advances in cryptology—ASIACRYPT 2007, 13th international conference on the theory and application of cryptology and information security, Kuching, Malaysia, December 2-6, 2007, proceedings. LNCS, vol. 4833. Springer, Heidelberg (2007) ISBN 978-3-540-76899-9. See [11]
Mangard, S., Standaert, F.-X. (eds.): Cryptographic hardware and embedded systems, CHES 2010, 12th international workshop, Santa Barbara, CA, USA, August 17-20, 2010, proceedings. LNCS, vol. 6225. Springer, Heidelberg (2010) ISBN 978-3-642-15030-2. See [2]
McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter mode (GCM) of operation. In: INDOCRYPT 2004 [15], pp. 343–355 (2004), http://eprint.iacr.org/2004/193 . Citations in this document: §4
Morozov, S., Tergino, C., Schaumont, P.: System integration of elliptic curve cryptography on an OMAP Platform. In: SASP 2011 [1], pp. 52–57 (2011), http://rijndael.ece.vt.edu/schaum/papers/2011sasp.pdf . Citations in this document: §5
Nevelsteen, W., Preneel, B.: Software performance of universal hash functions. In: EUROCRYPT ’99 [41], pp. 24–41 (1999). Citations in this document: §4
Preneel, B. (ed.): Progress in cryptology—AFRICACRYPT 2009, second international conference on cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009, proceedings. LNCS, vol. 5580. Springer, Heidelberg (2009). See [17]
Preneel, B., Takagi, T. (eds.): Cryptographic hardware and embedded systems—CHES 2011, 13th international workshop, Nara, Japan, September 28-October 1, 2011, proceedings. LNCS. Springer, Heidelberg (2011) ISBN 978-3-642-23950-2. See [10]
Robshaw, M., Billet, O. (eds.): New stream cipher designs. LNCS, vol. 4986. Springer, Heidelberg (2008) ISBN 978-3-540-68350-6. See [9]
Roy, B.K., Meier, W. (eds.): Fast software encryption, 11th international workshop, FSE 2004, Delhi, India, February 5-7, 2004, revised papers. LNCS, vol. 3017. Springer, Heidelberg (2004) ISBN 3-540-22171-9. See [27]
Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: CRYPTO ’96 [26], pp. 313–328 (1996), http://www.shoup.net/papers . Citations in this document: §4
Sobole, É.: Calculateur de cycle pour le Cortex A8 (2012), http://pulsar.webshaker.net/ccc/index.php . Citations in this document: §2
Stern, J. (ed.): Advances in cryptology—EUROCRYPT ’99. LNCS, vol. 1592. Springer, Heidelberg (1999) ISBN 3-540-65889-0. MR 2000i:94001. See [34]
Stinson, D.R. (ed.): Advances in cryptology–CRYPTO ’93: 13th annual international cryptology conference, Santa Barbara, California, USA, August 22-26, 1993, proceedings. LNCS, vol. 773. Springer, Heidelberg (1994) ISBN 3-540-57766-1, 0-387-57766-1. See [43]
Taylor, R.: An integrity check value algorithm for stream ciphers. In: CRYPTO ’93 [42], pp. 40–48 (1994). Citations in this document: §4
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23, 37–71 (2010), http://people.csail.mit.edu/tromer/papers/cache-joc-official.pdf . Citations in this document: §1
Ulevitch, D.: DNSCrypt—critical, fundamental, and about time (2011), http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/ . Citations in this document: §1
Wagner, D. (ed.): Advances in cryptology—CRYPTO 2008, 28th annual international cryptology conference, Santa Barbara, CA, USA, August 17-21, 2008, proceedings. LNCS, vol. 5157. Springer, Heidelberg (2008) ISBN 978-3-540-85173-8. See [21]
Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Proceedings of Financial Cryptography 2012, to appear (2012), http://fc12.ifca.ai/pre-proceedings/paper_70.pdf . Citations in this document: §1, §3
Won, D. (ed.): Information security and cryptology—ICISC 2000, third international conference, Seoul, Korea, December 8-9, 2000, proceedings. LNCS, vol. 2015. Springer, Heidelberg (2001) ISBN 3-540-41782-6. See [28]
Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): Public key cryptography—9th international conference on theory and practice in public-key cryptography, New York, NY, USA, April 24-26, 2006, proceedings. LNCS, vol. 3958. Springer, Heidelberg (2006) ISBN 978-3-540-33851-2. See [6]
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 International Association for Cryptologic Research
About this paper
Cite this paper
Bernstein, D.J., Schwabe, P. (2012). NEON Crypto. In: Prouff, E., Schaumont, P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2012. CHES 2012. Lecture Notes in Computer Science, vol 7428. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33027-8_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-33027-8_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33026-1
Online ISBN: 978-3-642-33027-8
eBook Packages: Computer ScienceComputer Science (R0)