Cryptology ePrint Archive: Report 2016/714

All the AES You Need on Cortex-M3 and M4

Peter Schwabe and Ko Stoffelen

Abstract: This paper describes highly-optimized AES-{128, 192, 256}-CTR assembly implementations for the popular ARM Cortex-M3 and M4 embedded microprocessors. These implementations are about twice as fast as existing implementations. Additionally, we provide the fastest bitsliced constant-time and masked implementations of AES-128-CTR to protect against timing attacks, power analysis and other (first-order) side-channel attacks. All implementations, including an architecture-specific instruction scheduler and register allocator, which we use to minimize expensive loads, are released into the public domain.

Category / Keywords: implementation /

Original Publication (in the same form): SAC 2016

Date: received 18 Jul 2016, last revised 19 Oct 2016

Contact author: k stoffelen at cs ru nl

Available format(s): PDF | BibTeX Citation

Version: 20161019:091914 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]