Paper 2014/186
AES-Based Authenticated Encryption Modes in Parallel High-Performance Software
Andrey Bogdanov, Martin M. Lauridsen, and Elmar Tischhauser
Abstract
Authenticated encryption (AE) has recently gained renewed interest due to the ongoing CAESAR competition. This paper deals with the performance of block cipher modes of operation for AE in parallel software. We consider the example of the AES on Intel's new Haswell microarchitecture that has improved instructions for AES and finite field multiplication. As opposed to most previous high-performance software implementations of operation modes -- that have considered the encryption of single messages -- we propose to process multiple messages in parallel. We demonstrate that this message scheduling is of significant advantage for most modes. As a baseline for longer messages, the performance of AES-CBC encryption on a single core increases by factor 6.8 when adopting this approach. For the first time, we report optimized AES-NI implementations of the novel AE modes OTR, CLOC, COBRA, SILC, McOE-G, POET and Julius -- both with single and multiple messages. For almost all AE modes considered, we obtain a consistent speed-up when processing multiple messages in parallel. Notably, among the nonce-based modes, CCM, CLOC and SILC get by factor 3.7 faster, achieving a performance comparable to GCM (the latter, however, possessing classes of weak keys), with OCB3 still performing at only 0.77 cpb. Among the nonce-misuse resistant modes, McOE-G receives a speed-up by more than factor 4 with a performance of about 1.62 cpb, with COPA consistently performing best at 1.45 cpb.
Note: Added more AE modes (CLOC, SILC, JAMBU, Julius); updated performance numbers.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- authenticated encryptionCAESARAES-NICOBRACOPAGCMMcOE-GOCB3OTRPOETCLOCSILCJAMBUJulius
- Contact author(s)
- ewti @ dtu dk
- History
- 2014-06-03: last of 4 revisions
- 2014-03-10: received
- See all versions
- Short URL
- https://ia.cr/2014/186
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/186, author = {Andrey Bogdanov and Martin M. Lauridsen and Elmar Tischhauser}, title = {{AES}-Based Authenticated Encryption Modes in Parallel High-Performance Software}, howpublished = {Cryptology {ePrint} Archive, Paper 2014/186}, year = {2014}, url = {https://eprint.iacr.org/2014/186} }