Paper 2020/1123

Fixslicing AES-like Ciphers: New bitsliced AES speed records on ARM-Cortex M and RISC-V

Alexandre Adomnicai and Thomas Peyrin

Abstract

The fixslicing implementation strategy was originally introduced as a new representation for the hardware-oriented GIFT block cipher to achieve very efficient software constant-time implementations. In this article, we show that the fundamental idea underlying the fixslicing technique is not of interest only for GIFT, but can be applied to other ciphers as well. Especially, we study the benefits of fixslicing in the case of AES and show that it allows to reduce by 52% the amount of operations required by the linear layer when compared to the current fastest bitsliced implementation on 32-bit platforms. Overall, we report that fixsliced AES-128 allows to reach 80 and 87 cycles per byte on ARM Cortex-M and E31 RISC-V processors respectively (assuming pre-computed round keys), improving the previous records on those platforms by 21% and 30%. In order to highlight that our work also directly improves masked implementations that rely on bitslicing, we report implementation results when integrating first-order masking that outperform by 12% the fastest results reported in the literature on ARM Cortex-M4. Finally, we demonstrate the genericity of the fixslicing technique for AES-like designs by applying it to the Skinny-128 tweakable block ciphers.

Note: Update some results for the fixsliced implementations thanks to an improvement suggested by Peter Dettman.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2021
Keywords
AESARMRISC-VFixslicing
Contact author(s)
alex adomnicai @ gmail com
History
2020-11-19: last of 8 revisions
2020-09-21: received
See all versions
Short URL
https://ia.cr/2020/1123
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1123,
      author = {Alexandre Adomnicai and Thomas Peyrin},
      title = {Fixslicing {AES}-like Ciphers: New bitsliced {AES} speed records on {ARM}-Cortex M and {RISC}-V},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1123},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1123}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.