Paper 2009/129

Faster and Timing-Attack Resistant AES-GCM

Emilia Kasper and Peter Schwabe

Abstract

We present a bitsliced implementation of AES encryption in counter mode for 64-bit Intel processors. Running at 7.59 cycles/byte on a Core~2, it is up to 25% faster than previous implementations, while simultaneously offering protection against timing attacks. In particular, it is the only cache-timing-attack resistant implementation offering competitive speeds for stream as well as for packet encryption: for 576-byte packets, we improve performance over previous bitsliced implementations by more than a factor of 2. We also report more than 30% improved speeds for lookup-table based Galois/Counter mode authentication, achieving 10.68 cycles/byte for authenticated encryption. Furthermore, we present the first constant-time implementation of AES-GCM that has a reasonable speed of $21.99$ cycles/byte, thus offering a full suite of timing-analysis resistant software for authenticated encryption.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
AESGaloisCounter modecache-timing attacksfast implementations
Contact author(s)
emilia kasper @ esat kuleuven be
History
2009-06-16: revised
2009-03-23: received
See all versions
Short URL
https://ia.cr/2009/129
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/129,
      author = {Emilia Kasper and Peter Schwabe},
      title = {Faster and Timing-Attack Resistant {AES}-{GCM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/129},
      year = {2009},
      url = {https://eprint.iacr.org/2009/129}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.