Abstract
We present a new set of processor instructions for accelerating Advanced Encryption Standard (AES) encryption and decryption, and for accelerating AES-Galois Counter mode (AES-GCM) authenticated encryption. Four instructions are used for accelerating AES, and a fifth instruction that computes the carry-less product of 2 64-bit operands is used for accelerating the GCM mode of operation. In addition to performance acceleration, these instructions help protect the implementations from software side-channel attacks. In this article, we describe the instructions and how they are used for speeding up AES-GCM encryption. Firstly, we examine modes of operation, such as counter mode (CTR), that can be sped up by processing multiple data blocks in parallel. Then, we present a novel technique for efficiently computing Galois hashes whereby a reduction method in the Galois field GF (2128) can be used in cases where the field's reduction polynomial is sparse. The use of the new instructions, combined with algorithms and software techniques, offer a comprehensive solution for speeding up AES-GCM authenticated encryption.
Original language | English |
---|---|
Pages (from-to) | 52-65 |
Number of pages | 14 |
Journal | Intel Technology Journal |
Volume | 13 |
Issue number | 2 |
State | Published - 1 Jun 2009 |
Keywords
- Data encryption
- Computer industry
- Access control
- Legal authentication software
- Electronic systems
- Advanced Encryption Standard (AES)
- Authenticated Encryption
- Galois Counter Mode (GCM)
- New Processor Instructions