The design of scalar AES Instruction Set Extensions for RISC-V

Ben Marshall*, G. Richard Newell, Daniel Page, Saarinen Markku-Juhani O., Claire Wolf

*Corresponding author for this work

Research output: Contribution to journalArticle (Academic Journal)

Abstract

Secure, efficient execution of AES is an essential requirement on most
computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardised ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4× and 10× with a hardware cost of 1.1K and 8.2K gates respectivley, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.
Original languageEnglish
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Publication statusAccepted/In press - 15 Sep 2020

Cite this