Intel® Advanced Encryption Standard (AES) Instructions Set - Rev 3.01

Introduction

Intel® AES instructions are a new set of instructions available beginning with the all new 2010 Intel® Core™ processor family based on the 32nm Intel® microarchitecture codename Westmere. These instructions enable fast and secure data encryption and decryption, using the Advanced Encryption Standard (AES) which is defined by FIPS Publication number 197. Since AES is currently the dominant block cipher, and it is used in various protocols, the new instructions are valuable for a wide range of applications.

The architecture consists of six instructions that offer full hardware support for AES. Four instructions support the AES encryption and decryption, and other two instructions support the AES key expansion.

The AES instructions have the flexibility to support all usages of AES, including all standard key lengths, standard modes of operation, and even some nonstandard or future variants. They offer a significant increase in performance compared to the current pure-software implementations.

Beyond improving performance, the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES. In addition, they make AES simple to implement, with reduced code size, which helps reducing the risk of inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks.

This paper gives an overview of the AES algorithm and Intel's new AES instructions. It provides guidelines and demonstrations for using these instructions to write secure and high performance AES implementations. This version of the paper also provides a high performance library for implementing AES in the ECB/CBC/CTR modes, and discloses for the first time, the measured performance numbers.

[Revisions history: Rev. 1.0 in 4/2008; Rev. 2.0 in 4/2009; Rev. 3.0 in 5/2010; Rev. 3.01 in 9/2012]

Download Article

 

Optimization Notice in English

AttachmentSize
Download aes-wp-2012-09-22-v01.pdf2.93 MB
For more complete information about compiler optimizations, see our Optimization Notice.

Comments

's picture

Thanks for the article. It's good.

Are the code samples downloadable somewhere?

Andrew Schiestl (Intel)'s picture

There are alternate methods for making use of AES-NI instead of writing code, this link goes into some of those options: http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/

's picture

Some benchmarks how dmcrypt benefits from AES-NI on an i7-620M

http://www.robo47.net/blog/198-Intel-AES-NI-dmcrypt-benchmark-with-i7-620M-on-Debian-Squeeze

Larry Stefonic's picture

The CyaSSL embedded ssl library version 1.5.4 now supports AES-NI. See: yassl.com/yaSSL/News/Entries/2010/7/13_Using_AES-NI_in_the_CyaSSL_embedded_ssl_library_version_1.5.4.html for download.

danx's picture

I have a blog article on the use of Intel AES-NI in Oracle's Sun Solaris Operating System to improve performance. Briefly, it's faster :-) and AES-NI is used and supported on Oracle Solaris 11 Express 2010.11 and on Solaris 10 10/09 (aka update 8).

danx's picture

Here's the blog article, at blogs.sun.com (hopefully I can post URLs):
http://blogs.sun.com/DanX/entry/intel_aes_ni_optimization_on

i7aerospace's picture

Strangely enough the multithreading speed seems to be the same when using AES regardless of the Core model (i3, i5 or i7). For instance, comparing the results from this prog (http://heronacademy.com/public/applications/legacy/ddnr/index.html) the speed with which it operates for me is the same on my i3 as my i7.

's picture

If performance is similar on all cores, this probably means the bottleneck isn't the CPU. When working with applications like TrueCrypt to copy large encrypted files, the disk throughput can often become the bottleneck.

mikeault's picture

Is there a supported native library for accessing the AES-NI functionality?
If so, where can I obtain it?

So far, I have discovered only the example code within the white paper referenced by this article, and
the sample code and library located at: http://software.intel.com/en-us/articles/download-the-intel-aesni-sample-library/

My intuition tells me that Intel never intended for every exploiter to write, debug, and support
his own native library to access the AES-NI functionality.

I am cautiously optimistic that I just haven't located it yet.

danx's picture

@mikeault: probably the most popular native library, OpenSSL, supports AES-NI functionality. You can access it through the command line (the openssl command) or through OpenSSL's libcrypto library. It is available on several platforms, including Solaris, Linux, MS Windows, and so forth. Intel's own IPP library supports AES-NI (Linux and MS Windows). A short list of crypto software supporting AES-NI is on Wikipedia's "AES instruction set" article, http://en.wikipedia.org/wiki/AES_instruction_set

Pages