Light-weight instruction set extensions for bit-sliced cryptography

Philipp Grabher, Johann Groszschaedl, Daniel Page

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

38 Citations (Scopus)


Bit-slicing is a non-conventional implementation technique for cryptographic software where an n-bit processor is considered as a collection of n 1-bit execution units operating in SIMD mode. Particularly when implementing symmetric ciphers, the bit-slicing approach has several advantages over more conventional alternatives: it often allows one to reduce memory footprint by eliminating large look-up tables, and it permits more predictable performance characteristics that can foil time based side-channel attacks. Both features are attractive for mobile and embedded processors, but the performance overhead that results from bit-sliced implementation often represents a significant disadvantage. In this paper we describe a set of light-weight Instruction Set Extensions (ISEs) that can improve said performance while retaining all advantages of bit-sliced implementation. Contrary to other crypto-ISE, our design is generic and allows for a high degree of algorithm agility: we demonstrate applicability to several well-known cryptographic primitives including four block ciphers (DES, Serpent, AES, and PRESENT), a hash function (SHA-1), as well as multiplication of ternary polynomials.
Translated title of the contributionLight-Weight Instruction Set Extensions for Bit-Sliced Cryptography
Original languageEnglish
Title of host publicationCryptographic Hardware and Embedded Systems - CHES 2008
PublisherSpringer Berlin Heidelberg
Publication statusPublished - 2008


Dive into the research topics of 'Light-weight instruction set extensions for bit-sliced cryptography'. Together they form a unique fingerprint.

Cite this