International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The design of scalar AES Instruction Set Extensions for RISC-V

Authors:
Ben Marshall , Department of Computer Science, University of Bristol
G. Richard Newell , Microchip Technology Inc., USA
Daniel Page , Department of Computer Science, University of Bristol
Markku-Juhani O. Saarinen , PQShield, UK
Claire Wolf , Symbiotic EDA
Download:
DOI: 10.46586/tches.v2021.i1.109-136
URL: https://tches.iacr.org/index.php/TCHES/article/view/8729
Search ePrint
Search Google
Abstract: Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1K and 8.2K gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.
Video from TCHES 2020
BibTeX
@article{tches-2020-30762,
  title={The design of scalar AES Instruction Set Extensions for RISC-V},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 1},
  pages={109-136},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8729},
  doi={10.46586/tches.v2021.i1.109-136},
  author={Ben Marshall and G. Richard Newell and Daniel Page and Markku-Juhani O. Saarinen and Claire Wolf},
  year=2020
}