AES-NI support in Intel® IPP

The Advanced Encryption Standard New Instructions (AES-NI) introduced in the new generation of Core i7 processors (Westmere microarchitecture) offer a significant increase in performance on cryptography and data compression. Please see this AES techinal article for more information about AES-NI.

Intel IPP 6.1 update 2 include optimizations for the AES-NI instructions, which are improved consistantly in later version. Discussions in the article Intel® CoreTM i7 processor Support and in forum AES-NI support for Westmere are clarified below.

1.The "p8" (IA32) and "y8" (Intel 64) IPP architectures include AES-NI optimizations for Westmere.

If you build your application with IPP 6.1 update 2 or higher on a Westmere microarchitecture processor, the p8/y8 code will use code that has been optimized for your processor. The following functions in the Intel IPP cryptography add-on library are optimizied for Westmere (in IPP 6.1 update 2 and later):

ippsRijndael128{Encrypt|Decrypt{ECB|CBC|CFB|OFB|CTR} }

ippsRijndael192{Encrypt|Decrypt{ECB|CBC|CFB|OFB|CTR} }
ippsRijndae256{Encrypt|Decrypt{ECB|CBC|CFB|OFB|CTR} }

ippsDAARijndael128Update, ippsDAARijndael128Final
ippsDAARijndael192Update, ippsDAARijndael192Final
ippsDAARijndael256Update, ippsDAARijndael256Final

ippsXCBCRijndael128Update, ippsXCBCRijndael128Final

The functions below are also optimized for Westmere and starting in IPP 6.1 update 3:


You may need to update your IPP version to take full benefit of IPP library optimizations for the Westmere microarchitecture. Run the cpuinfo sample in the ipp-samples/advanced-usage/cpuinfo folder on your Westmere processor to ensure the p8 or y8 code is recommended as the library architecture to be used.

2. Penryn (SSE4.1), Nehalem (SSE4.2) and Westmere (AES-NI) share the same optimized IPP library: "p8" (for IA32) and "y8" (for Intel 64).

Please see the article Understanding CPU Dispatching in the Intel® IPP Library for more information about the IPP library dispatching mechanism.

The AES-NI instructions introduced with the Westmere microarchitecture processors are beneficial mostly to cryptography algorithms and a small subset of data compression algorithms. Rather than increase the size of the IPP library by adding a new IPP architecture with a limited set of functions that can take advantage of these new instructions, we extended the run-time dispatcher to check for support of AES-NI and branch to AES-optimized code within the Core i7 optimized library. 

3. AES performance test on Westmere
The application note Boosting OpenSSL AES Encryption with Intel® IPP provide some performance data of IPP AES functions comparing with OpenSSL AES Encryption.

Also the article IPP Crypto Sample Performance for OpenSSL too Slow on Hyper-Threading Systems describe more information on performance test method. In summary, use one of the following solutions to insure appropriate results:

  • disable Intel HT Technology (usually done via a configuration switch in the BIOS) and set the KMP_AFFINITY=compact
  • disable multi-threading by linking with the static single-threaded version of the Intel IPP library if HT is enable
  • disable multi-threading within the multi-threaded Intel IPP libraries by calling ippSetNumThreads(1) if HT is enable
  • configure OpenMP to use 1/2 of the available logical threads if HT is enable and set the KMP_AFFINITY environment variable as follows: KMP_AFFINITY=granularity=fine, compact,1,0

The Intel® C/C++ Compiler version 11 also includes support for AES-NI, see How to Compile for the Intel® CoreTM i5 processor with AES-NI, as does Microsoft* Visual Studio* 2008 Service Pack 1 compiler and gcc version 4.4.

How to Download the Cryptography Library Add-on for the Intel IPP Library

The cryptography component of the IPP library is subject to US Export Administration Regulations and other US laws. To obtain the Intel IPP cryptography libraries, which must be downloaded separately, register for eligibility and follow the instructions you receive in the registration email. If you have additional questions review this knowledge base article on how to download the cryptography library component of the IPP library.

You must have a valid Intel IPP license key to install and use the Intel IPP libraries.

To see an advantage of AES-NI optimization in the crypto engine, refer to AES-NI demo.

Optimization Notice in English

Para obtener información más completa sobre las optimizaciones del compilador, consulte nuestro Aviso de optimización.