Cryptology ePrint Archive: Report 2009/129
Faster and Timing-Attack Resistant AES-GCM
Emilia Kasper and Peter Schwabe
Abstract: We present a bitsliced implementation of AES encryption in counter mode for
64-bit Intel processors. Running at 7.59 cycles/byte on a Core~2, it is up to 25% faster than previous implementations,
while simultaneously offering protection against timing attacks. In
particular, it is the only cache-timing-attack resistant
implementation offering competitive speeds for stream as well as for
packet encryption: for 576-byte packets, we improve performance over
previous bitsliced implementations by more than a factor of 2. We also report more than 30%
improved speeds for lookup-table based Galois/Counter mode
authentication, achieving 10.68 cycles/byte for authenticated
encryption. Furthermore, we present the first constant-time
implementation of AES-GCM that has a reasonable speed of $21.99$
cycles/byte, thus offering a full suite of timing-analysis resistant software for authenticated encryption.
Category / Keywords: implementation / AES, Galois/Counter mode, cache-timing attacks, fast implementations
Date: received 19 Mar 2009, last revised 16 Jun 2009
Contact author: emilia kasper at esat kuleuven be
Available format(s): PDF | BibTeX Citation
Version: 20090616:130911 (All versions of this report)
Short URL: ia.cr/2009/129
[ Cryptology ePrint archive ]