As opposed to most previous high-performance software implementations of operation modes -- that have considered the encryption of single messages -- we propose to process multiple messages in parallel. We demonstrate that this message scheduling is of significant advantage for most modes. As a baseline for longer messages, the performance of AES-CBC encryption on a single core increases by factor 6.8 when adopting this approach.
For the first time, we report optimized AES-NI implementations of the novel AE modes OTR, CLOC, COBRA, SILC, McOE-G, POET and Julius -- both with single and multiple messages. For almost all AE modes considered, we obtain a consistent speed-up when processing multiple messages in parallel. Notably, among the nonce-based modes, CCM, CLOC and SILC get by factor 3.7 faster, achieving a performance comparable to GCM (the latter, however, possessing classes of weak keys), with OCB3 still performing at only 0.77 cpb. Among the nonce-misuse resistant modes, McOE-G receives a speed-up by more than factor 4 with a performance of about 1.62 cpb, with COPA consistently performing best at 1.45 cpb.
Category / Keywords: implementation / authenticated encryption, CAESAR, AES-NI, COBRA, COPA, GCM, McOE-G, OCB3, OTR, POET, CLOC, SILC, JAMBU, Julius Date: received 10 Mar 2014, last revised 3 Jun 2014 Contact author: ewti at dtu dk Available format(s): PDF | BibTeX Citation Note: Added more AE modes (CLOC, SILC, JAMBU, Julius); updated performance numbers. Version: 20140603:073600 (All versions of this report) Short URL: ia.cr/2014/186 Discussion forum: Show discussion | Start new discussion