Cryptology ePrint Archive: Report 2020/1123

Fixslicing AES-like Ciphers: New bitsliced AES speed records on ARM-Cortex M and RISC-V

Alexandre Adomnicai and Thomas Peyrin

Abstract: The fixslicing implementation strategy was originally introduced as a new representation for the hardware-oriented GIFT block cipher to achieve very efficient software constant-time implementations. In this article, we show that the fundamental idea underlying the fixslicing technique is not of interest only for GIFT, but can be applied to other ciphers as well. Especially, we study the benefits of fixslicing in the case of AES and show that it allows to reduce by 52% the amount of operations required by the linear layer when compared to the current fastest bitsliced implementation on 32-bit platforms. Overall, we report that fixsliced AES-128 allows to reach 80 and 91 cycles per byte on ARM Cortex-M and E31 RISC-V processors respectively (assuming pre-computed round keys), improving the previous records on those platforms by 21% and 26%. In order to highlight that our work also directly improves masked implementations that rely on bitslicing, we report implementation results when integrating first-order masking that outperform by 12% the fastest results reported in the literature on ARM Cortex-M4. Finally, we demonstrate the genericity of the fixslicing technique for AES-like designs by applying it to the Skinny-128 tweakable block ciphers.

Category / Keywords: implementation / AES, ARM, RISC-V, Fixslicing

Original Publication (in the same form): IACR-CHES-2021

Date: received 16 Sep 2020, last revised 29 Oct 2020

Contact author: alex adomnicai at gmail com

Available format(s): PDF | BibTeX Citation

Note: Update some results for fixsliced implementations thanks to an improvement suggested by Peter Dettman

Version: 20201029:080654 (All versions of this report)

Short URL: ia.cr/2020/1123


[ Cryptology ePrint archive ]