The design of scalar AES Instruction Set Extensions for RISC-V

Ben Marshall*, G. Richard Newell, Daniel Page, Saarinen Markku-Juhani O., Claire Wolf

*Corresponding author for this work

Research output: Contribution to journalArticle (Academic Journal)peer-review

24 Citations (Scopus)
172 Downloads (Pure)


Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.
Original languageEnglish
Pages (from-to)109-136
Number of pages28
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Issue number1
Publication statusPublished - 3 Dec 2020


  • ISE
  • AES
  • RISC-V


Dive into the research topics of 'The design of scalar AES Instruction Set Extensions for RISC-V'. Together they form a unique fingerprint.

Cite this