Paper 2014/186

AES-Based Authenticated Encryption Modes in Parallel High-Performance Software

Andrey Bogdanov, Martin M. Lauridsen, and Elmar Tischhauser

Abstract

Authenticated encryption (AE) has recently gained renewed interest due to the ongoing CAESAR competition. This paper deals with the performance of block cipher modes of operation for AE in parallel software. We consider the example of the AES on Intel's new Haswell microarchitecture that has improved instructions for AES and finite field multiplication. As opposed to most previous high-performance software implementations of operation modes -- that have considered the encryption of single messages -- we propose to process multiple messages in parallel. We demonstrate that this message scheduling is of significant advantage for most modes. As a baseline for longer messages, the performance of AES-CBC encryption on a single core increases by factor 6.8 when adopting this approach. For the first time, we report optimized AES-NI implementations of the novel AE modes OTR, CLOC, COBRA, SILC, McOE-G, POET and Julius -- both with single and multiple messages. For almost all AE modes considered, we obtain a consistent speed-up when processing multiple messages in parallel. Notably, among the nonce-based modes, CCM, CLOC and SILC get by factor 3.7 faster, achieving a performance comparable to GCM (the latter, however, possessing classes of weak keys), with OCB3 still performing at only 0.77 cpb. Among the nonce-misuse resistant modes, McOE-G receives a speed-up by more than factor 4 with a performance of about 1.62 cpb, with COPA consistently performing best at 1.45 cpb.

Note: Added more AE modes (CLOC, SILC, JAMBU, Julius); updated performance numbers.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
authenticated encryptionCAESARAES-NICOBRACOPAGCMMcOE-GOCB3OTRPOETCLOCSILCJAMBUJulius
Contact author(s)
ewti @ dtu dk
History
2014-06-03: last of 4 revisions
2014-03-10: received
See all versions
Short URL
https://ia.cr/2014/186
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/186,
      author = {Andrey Bogdanov and Martin M.  Lauridsen and Elmar Tischhauser},
      title = {{AES}-Based Authenticated Encryption Modes in Parallel High-Performance Software},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/186},
      year = {2014},
      url = {https://eprint.iacr.org/2014/186}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.