The design of scalar AES Instruction Set Extensions for RISC-V

Ben Marshall*, G. Richard Newell, Daniel Page, Saarinen Markku-Juhani O., Claire Wolf

*Corresponding author for this work

Research output: Contribution to journalArticle (Academic Journal)peer-review

37 Downloads (Pure)

Abstract

Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.
Original languageEnglish
Pages (from-to)109-136
Number of pages28
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Volume2021
Issue number1
DOIs
Publication statusPublished - 3 Dec 2020

Keywords

  • ISE
  • AES
  • RISC-V

Fingerprint

Dive into the research topics of 'The design of scalar AES Instruction Set Extensions for RISC-V'. Together they form a unique fingerprint.

Cite this