This page uses content from Wikipedia and is licensed under CC BY-SA.

AES instruction set

An Advanced Encryption Standard instruction set is now integrated in to many processors. The purpose of the instruction set is to improve the speed of applications performing encryption and decryption using Advanced Encryption Standard (AES). They are often implemented as instructions implementing a single round of AES along with a special version for the last round which has a slightly different method.


x86 architecture processors

AES-NI (or the Intel Advanced Encryption Standard New Instructions; AES-NI) was the first major implementation. AES-NI is an extension to the x86 instruction set architecture for microprocessors from Intel and AMD proposed by Intel in March 2008.[1]

Instructions

Instruction Description[2]
AESENC Perform one round of an AES encryption flow
AESENCLAST Perform the last round of an AES encryption flow
AESDEC Perform one round of an AES decryption flow
AESDECLAST Perform the last round of an AES decryption flow
AESKEYGENASSIST Assist in AES round key generation
AESIMC Assist in AES Inverse Mix Columns
PCLMULQDQ Carryless multiply (CLMUL)[3]

Intel

The following Intel processors support the AES-NI instruction set:[4] >

AMD

Several AMD processors support AES instructions:

Hardware acceleration in other architectures

AES support with unprivileged processor instructions is also available in the latest SPARC processors (T3, T4, T5, M5, and forward) and in latest ARM processors. The SPARC T4 processor, introduced in 2011, has user-level instructions implementing AES rounds.[12] These instructions are in addition to higher level encryption commands. The ARMv8-A processor architecture, announced in 2011, including the ARM Cortex-A53 and A57 (but not previous v7 processors like the Cortex A5, 7, 8, 9, 11, 15[citation needed]) also have user-level instructions which implement AES rounds.[13] In August 2012, IBM announced[14] that the then-forthcoming Power7+ architecture would have AES support. The commands in these architectures are not directly compatible with the AES-NI commands, but implement similar functionality.

IBM z9 or later mainframe processors support AES as single-opcode (KM, KMC) AES ECB/CBC instructions via IBM's CryptoExpress hardware[15] These single-instruction AES versions are therefore easier to use than Intel NI ones, but may not be extended to implement other algorithms based on AES round functions (such as the Whirlpool hash function).

Supporting x86 CPUs

VIA x86 CPUs, AMD Geode, and Marvell Kirkwood (ARM, mv_cesa in Linux) use driver-based accelerated AES handling instead. (See Crypto API (Linux).)

The following chips, while supporting AES hardware acceleration, do not support an AES instruction set:

ARM architecture

Programming information is available in ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile.[21]

  • ARMv8-A architecture
    • ARM cryptographic extensions optionally supported on ARM Cortex-A30/50/70 cores

Other architectures

  • Atmel XMEGA[27] (on-chip accelerator with parallel execution, not an instruction)
  • SPARC T3 and later processors have hardware support for several crypto algorithms, including AES.
  • Cavium Octeon MIPS[28] All Cavium Octeon MIPS-based processors have hardware support for several crypto algorithms, including AES using special coprocessor 3 instructions.

Performance

In AES-NI Performance Analyzed, Patrick Schmid and Achim Roos found, "... impressive results from a handful of applications already optimized to take advantage of Intel's AES-NI capability".[29] A performance analysis using the Crypto++ security library showed an increase in throughput from approximately 28.0 cycles per byte to 3.5 cycles per byte with AES/GCM versus a Pentium 4 with no acceleration.[30][31][not in citation given][better source needed]

Supporting software

Most modern compilers can emit AES instructions.

Much security and cryptography software supports the AES instruction set, including the following core infrastructure:

See also

References

  1. ^ "Intel Software Network". Intel. Archived from the original on 7 April 2008. Retrieved 2008-04-05. 
  2. ^ Shay Gueron (2010). "Intel Advanced Encryption Standard (AES) Instruction Set White Paper" (PDF). Intel. Retrieved 2012-09-20. 
  3. ^ "Carry-Less Multiplication". Intel. 
  4. ^ "Intel® Product Specification Advanced Search". Intel® ARK (Product Specs). 
  5. ^ Shimpi, Anand Lal. "The Sandy Bridge Review: Intel Core i7-2600K, i5-2500K and Core i3-2100 Tested". 
  6. ^ "Intel® Product Specification Comparison". 
  7. ^ "AES-NI support in TrueCrypt (Sandy Bridge problem)". 
  8. ^ "Some products can support AES New Instructions with a Processor Configuration update, in particular, i7-2630QM/i7-2635QM, i7-2670QM/i7-2675QM, i5-2430M/i5-2435M, i5-2410M/i5-2415M. Please contact OEM for the BIOS that includes the latest Processor configuration update". 
  9. ^ "Page Unavailable". ark.intel.com. 
  10. ^ "Intel® Core™ i3-4000M Processor (3M Cache, 2.40 GHz) Product Specifications". 
  11. ^ "Following Instructions". AMD. November 22, 2010. Archived from the original on November 26, 2010. Retrieved 2011-01-04. 
  12. ^ Dan Anderson (2011). "SPARC T4 OpenSSL Engine". Oracle. Retrieved 2012-09-20. 
  13. ^ Richard Grisenthwaite (2011). "ARMv8-A Technology Preview" (PDF). ARM. Retrieved 2012-09-20. 
  14. ^ Timothy Prickett Morgan (2012). "All the sauce on Big Blue's hot chip: More on Power7+". The Register. Retrieved 2012-09-20. 
  15. ^ "IBM System z10 cryptography". IBM. Retrieved 2014-01-27. 
  16. ^ "AMD Geode™ LX Processor Family Technical Specifications". AMD. 
  17. ^ "VIA Padlock Security Engine". VIA. Retrieved 2011-11-14. 
  18. ^ a b Cryptographic Hardware Accelerators on OpenWRT.org
  19. ^ "VIA Eden-N Processors". VIA. Archived from the original on 2011-11-11. Retrieved 2011-11-14. 
  20. ^ "VIA C7 Processors". VIA. Retrieved 2011-11-14. 
  21. ^ "ARM® Architecture Reference Manual ARMv8, for ARMv8-A architecture profile" (PDF). ARM. December 2017. 
  22. ^ "Security System/Crypto Engine driver status". sunxi.montjoie.ovh. 
  23. ^ "Linux Cryptographic Acceleration on an i.MX6" (PDF). Linux Foundation. February 2017. 
  24. ^ "Cryptographic module in Snapdragon 805 is FIPS 140-2 certified". Qualcomm. 
  25. ^ "RK3128 - Rockchip Wiki". Rockchip wiki. 
  26. ^ "The Samsung Exynos 7420 Deep Dive - Inside A Modern 14nm SoC". AnandTech. 
  27. ^ "Using the XMEGA built-in AES accelerator" (PDF). Retrieved 2014-12-03. 
  28. ^ "Cavium Networks Launches Industry's Broadest Line of Single and Dual Core MIPS64®-based OCTEON™ Processors Targeting Intelligent Next Generation Networks". Retrieved 2016-09-17. 
  29. ^ P. Schmid and A. Roos (2010). "AES-NI Performance Analyzed". Tom's Hardware. Retrieved 2010-08-10. 
  30. ^ T. Krovetz, W. Dai (2010). "How to get fast AES calls?". Crypto++ user group. Retrieved 2010-08-11. 
  31. ^ "Crypto++ 5.6.0 Pentium 4 Benchmarks". Crypto++ Website. 2009. Archived from the original on 19 September 2010. Retrieved 2010-08-10. 
  32. ^ "Intel Advanced Encryption Standard Instructions (AES-NI)". Intel. March 2, 2010. Archived from the original on 7 July 2010. Retrieved 2010-07-11. 
  33. ^ "AES-NI enhancements to NSS on Sandy Bridge systems". 2012-05-02. Retrieved 2012-11-25. 
  34. ^ "System Administration Guide: Security Services, Chapter 13 Solaris Cryptographic Framework (Overview)". Oracle. September 2010. Retrieved 2012-11-27. 
  35. ^ "FreeBSD 8.2 Release Notes". FreeBSD.org. 2011-02-24. Retrieved 2011-12-18. 
  36. ^ OpenSSL: CVS Web Interface[permanent dead link]
  37. ^ "www.flam.de :: Products". flam.de. 

External links