Overview: Intrinsics for Carry-less Multiplication Instruction and Advanced Encryption Standard Instructions
The Intel® C++ Compiler provides intrinsics to enable carry-less multiplication and encryption based on Advanced Encryption Standard (AES) specifications. The carry-less multiplication intrinsic corresponds to a single new instruction,
PCLMULQDQ. The AES extension intrinsics correspond to AES extension intructions.
The AES extension instructions and the
PCLMULQDQinstruction follow the same system software requirements for
XMMstate support and single-instruction multiple data (SIMD) floating-point exception support as Intel® Streaming SIMD Extensions 2 (Intel® SSE2), Intel® Streaming SIMD Extensions 3 (Intel® SSE3), Intel Supplemental Streaming SIMD Extensions 3 (SSSE3), and Intel® Streaming SIMD Extensions 4 (Intel® SSE4) extensions.
Intel®64 processors using 32nm processing technology support the AES extension instructions as well as the
AES Encryption and Cryptographic Processing
AES encryption involves processing 128-bit input data (plaintext) through a finite number of iterative operation, referred to as "AES round", into a 128-bit encrypted block (ciphertext). Decryption follows the reverse direction of iterative operation using the "equivalent inverse cipher" instead of the "inverse cipher".
The cryptographic processing at each round involves two input data, one is the "state", the other is the "round key". Each round uses a different "round key". The round keys are derived from the cipher key using a "key schedule" algorithm. The "key schedule" algorithm is independent of the data processing of encryption/decryption, and can be carried out independently from the encryption/decryption phase.
The AES standard supports cipher key of sizes 128, 192, and 256 bits. The respective cipher key sizes corresponds to 10, 12, and 14 rounds of iteration.
Carry-less Multiplication Instruction and AES Extension Instructions
A single instruction,
PCLMULQDQ, performs carry-less multiplication for two binary numbers that are up to 64-bit wide.
The AES extensions provide:
- two instructions to accelerate AES rounds on encryption (AESENCandAESENCLAST)
- two instructions for AES rounds on decryption using the equivalent inverse cipher (AESDECandAESENCLAST)
- instructions for the generation of key schedules (AESIMCandAESENCLAST)
Detecting Support for Using Instructions
Before any application attempts to use the
PCLMULQDQor the AES extension instructions, it must first detect if the instructions are supported by the processor.
To detect support for the
PCLMULQDQinstruction, your application must check the following:
CPUID.01H:ECX.PCLMULQDQ[bit 1] = 1.
To detect support for the AES extension instructions, your application must check the following:
CPUID.01H:ECX.AES[bit 25] = 1.
Operating systems that support handling of the SSE state also support applications that use AES extension instruction and the