The design of scalar AES Instruction Set Extensions for RISC-V

Ben Marshall; G. Richard Newell; Daniel Page; Saarinen Markku-Juhani O.; Claire Wolf

doi:10.46586/tches.v2021.i1.109-136

The design of scalar AES Instruction Set Extensions for RISC-V

Ben Marshall^*, G. Richard Newell, Daniel Page, Saarinen Markku-Juhani O., Claire Wolf

^*Corresponding author for this work

Cryptography and Information Security

Research output: Contribution to journal › Article (Academic Journal) › peer-review

44 Citations (Scopus)

238 Downloads (Pure)

Abstract

Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.

Original language	English
Pages (from-to)	109-136
Number of pages	28
Journal	IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Volume	2021
Issue number	1
DOIs	https://doi.org/10.46586/tches.v2021.i1.109-136
Publication status	Published - 3 Dec 2020

Keywords

ISE
AES
RISC-V

Access to Document

10.46586/tches.v2021.i1.109-136

Full-text PDF (final published version)
This is the final published version of the article (version of record). It first appeared online via International Association for Cryptologic Research at https://doi.org/10.46586/tches.v2021.i1.109-136 . Please refer to any applicable terms of use of the publisher.
Final published version, 726 KBLicence: CC BY

Handle.net

Persistent link

Embargoed Document

Full-text PDF (author accepted manuscript)
Accepted author manuscript, 713 KB

SCARV: A side-channel hardened RISC-V platform
Page, D. (Principal Investigator)
1/02/18 → 31/01/23
Project: Research

Cite this

@article{ff503c76896041b0b6c837d8afb7a2c3,

title = "The design of scalar AES Instruction Set Extensions for RISC-V",

abstract = "Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.",

keywords = "ISE, AES, RISC-V",

author = "Ben Marshall and Newell, \{G. Richard\} and Daniel Page and \{Markku-Juhani O.\}, Saarinen and Claire Wolf",

year = "2020",

month = dec,

day = "3",

doi = "10.46586/tches.v2021.i1.109-136",

language = "English",

volume = "2021",

pages = "109--136",

journal = "IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)",

issn = "2569-2925",

number = "1",

}

TY - JOUR

T1 - The design of scalar AES Instruction Set Extensions for RISC-V

AU - Marshall, Ben

AU - Newell, G. Richard

AU - Page, Daniel

AU - Markku-Juhani O., Saarinen

AU - Wolf, Claire

PY - 2020/12/3

Y1 - 2020/12/3

N2 - Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.

AB - Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.

KW - ISE

KW - AES

KW - RISC-V

U2 - 10.46586/tches.v2021.i1.109-136

DO - 10.46586/tches.v2021.i1.109-136

M3 - Article (Academic Journal)

SN - 2569-2925

VL - 2021

SP - 109

EP - 136

JO - IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)

JF - IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)

IS - 1

ER -

The design of scalar AES Instruction Set Extensions for RISC-V

Abstract

Keywords

Access to Document

Handle.net

Embargoed Document

Fingerprint

Projects

SCARV: A side-channel hardened RISC-V platform

Cite this