Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V
The fixslicing implementation strategy was originally introduced as a new representation for the hardware-oriented GIFT block cipher to achieve very efficient software constant-time implementations. In this article, we show that the fundamental idea underlying the fixslicing technique is not of inte...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Journal Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/160598 |
| _version_ | 1811691843802365952 |
|---|---|
| author | Adomnicai, Alexandre Peyrin, Thomas |
| author2 | Temasek Laboratories @ NTU |
| author_facet | Temasek Laboratories @ NTU Adomnicai, Alexandre Peyrin, Thomas |
| author_sort | Adomnicai, Alexandre |
| collection | NTU |
| description | The fixslicing implementation strategy was originally introduced as a new representation for the hardware-oriented GIFT block cipher to achieve very efficient software constant-time implementations. In this article, we show that the fundamental idea underlying the fixslicing technique is not of interest only for GIFT, but can be applied to other ciphers as well. Especially, we study the benefits of fixslicing in the case of AES and show that it allows to reduce by 52% the amount of operations required by the linear layer when compared to the current fastest bitsliced implementation on 32-bit platforms. Overall, we report that fixsliced AES-128 allows to reach 80 and 91 cycles per byte on ARM Cortex-M and E31 RISC-V processors respectively (assuming pre-computed round keys), improving the previous records on those platforms by 21% and 26%. In order to highlight that our work also directly improves masked implementations that rely on bitslicing, we report implementation results when integrating first-order masking that outperform by 12% the fastest results reported in the literature on ARM Cortex-M4. Finally, we demonstrate the genericity of the fixslicing technique for AES-like designs by applying it to the Skinny-128 tweakable block ciphers. |
| first_indexed | 2024-10-01T06:26:20Z |
| format | Journal Article |
| id | ntu-10356/160598 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T06:26:20Z |
| publishDate | 2022 |
| record_format | dspace |
| spelling | ntu-10356/1605982022-07-30T20:12:33Z Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V Adomnicai, Alexandre Peyrin, Thomas Temasek Laboratories @ NTU Engineering::Computer science and engineering Bitslicing Fixslicing The fixslicing implementation strategy was originally introduced as a new representation for the hardware-oriented GIFT block cipher to achieve very efficient software constant-time implementations. In this article, we show that the fundamental idea underlying the fixslicing technique is not of interest only for GIFT, but can be applied to other ciphers as well. Especially, we study the benefits of fixslicing in the case of AES and show that it allows to reduce by 52% the amount of operations required by the linear layer when compared to the current fastest bitsliced implementation on 32-bit platforms. Overall, we report that fixsliced AES-128 allows to reach 80 and 91 cycles per byte on ARM Cortex-M and E31 RISC-V processors respectively (assuming pre-computed round keys), improving the previous records on those platforms by 21% and 26%. In order to highlight that our work also directly improves masked implementations that rely on bitslicing, we report implementation results when integrating first-order masking that outperform by 12% the fastest results reported in the literature on ARM Cortex-M4. Finally, we demonstrate the genericity of the fixslicing technique for AES-like designs by applying it to the Skinny-128 tweakable block ciphers. Nanyang Technological University Published version The authors are supported by a Temasek Labs grant (DSOCL16194) and a joint WASP/NTU grant. 2022-07-27T06:07:52Z 2022-07-27T06:07:52Z 2020 Journal Article Adomnicai, A. & Peyrin, T. (2020). Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V. IACR Transactions On Cryptographic Hardware and Embedded Systems, 2021(1), 402-425. https://dx.doi.org/10.46586/tches.v2021.i1.402-425 2569-2925 https://hdl.handle.net/10356/160598 10.46586/tches.v2021.i1.402-425 2-s2.0-85118420602 1 2021 402 425 en DSOCL1619 IACR Transactions on Cryptographic Hardware and Embedded Systems © 2020 Alexandre Adomnicai, Thomas Peyrin. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| spellingShingle | Engineering::Computer science and engineering Bitslicing Fixslicing Adomnicai, Alexandre Peyrin, Thomas Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V |
| title | Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V |
| title_full | Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V |
| title_fullStr | Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V |
| title_full_unstemmed | Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V |
| title_short | Fixslicing AES-like ciphers new bitsliced AES speed records on ARM-Cortex M and RISC-V |
| title_sort | fixslicing aes like ciphers new bitsliced aes speed records on arm cortex m and risc v |
| topic | Engineering::Computer science and engineering Bitslicing Fixslicing |
| url | https://hdl.handle.net/10356/160598 |
| work_keys_str_mv | AT adomnicaialexandre fixslicingaeslikeciphersnewbitslicedaesspeedrecordsonarmcortexmandriscv AT peyrinthomas fixslicingaeslikeciphersnewbitslicedaesspeedrecordsonarmcortexmandriscv |