New Processor Instructions for Accelerating Encryption and Authentication Algorithms

Download article (PDF)

Abstract: We present a new set of processor instructions for accelerating Advanced Encryption Standard (AES) encryption and decryption, and for accelerating AES-Galois Counter mode (AES-GCM) authenticated encryption. Four instructions are used for accelerating AES, and a fifth instruction that computes the carry-less product of 2 64-bit operands is used for accelerating the GCM mode of operation. In addition to performance acceleration, these instructions help protect the implementations from software side-channel attacks. In this article, we describe the instructions and how they are used for speeding up AES-GCM encryption. Firstly, we examine modes of operation, such as counter mode (CTR), that can be sped up by processing multiple data blocks in parallel. Then, we present a novel technique for efficiently computing Galois hashes whereby a reduction method in the Galois field GF(2128)can be used in cases where the field’s reduction polynomial is sparse. The use of the new instructions, combined with algorithms and software techniques, offer a comprehensive solution for speeding up AES-GCM authenticated encryption
For more complete information about compiler optimizations, see our Optimization Notice.