The design of scalar AES Instruction Set Extensions for RISC-V

Marshall, Ben; Newell, G. Richard; Page, Daniel; Saarinen, Markku–Juhani O.; Wolf, Claire

doi:10.46586/tches.v2021.i1.109-136

Cited by 28 publications

(21 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In another work [8], authors have investigated a separate instruction set extension for 32-and 64-bit base architectures. eir results show better performances for an AES-128 block encryption compared to software implementation.…”

Section: Related Workmentioning

confidence: 99%

An Efficient Lightweight Cryptographic Instructions Set Extension for IoT Device Security

Youssef

Abdelli

Dridi

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

The Internet of Things is changing all sectors such as manufacturing, agriculture, city infrastructure, and the automotive industry. All these applications ask for secure processors that can be embedded in the IoT devices. Furthermore, these devices are restricted in terms of computing capabilities, memory, and power consumption. A major challenge is how to meet the need for security in such resource-constrained devices. This paper presents a customized version of LEON3, the ReonV RISCV (Reduced Instruction Set Computer-five) processor, dedicated for IoT applications that has strong effective security mechanisms built in at the design stage. Firstly, efficient lightweight cipher designs are elaborated and validated. Then, the proposed cryptographic instructions (PRESENT and PRINCE) are integrated into the default instruction set architecture of the ReonV processor core. The instruction set extensions (ISE) of lightweight cipher modules can be instantiated in software routines exactly as the instructions of the base architecture. A single instruction is needed to implement a full lightweight cryptographic instruction. The customized ReonV RISCV processor is implemented on a Xilinx FPGA platform and is evaluated for Slice LUTs plus FF-pairs, frequency, and throughput. Obtained results show that our proposed concepts not only can achieve good encryption results with high performance and reduced cost but also are secure enough to resist against the most common attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

An Efficient Lightweight Cryptographic Instructions Set Extension for IoT Device Security

Youssef

Abdelli

Dridi

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The x86, ARM, MIPS, POWER, and SPARC architectures all have dedicated instructions for accelerating AES, most of which re-use SIMD or Vector register files to accommodate the entire 128-block size. The standardisation process for RISC-V AES-specific acceleration instructions is ongoing at the time of writing, with the current proposals outlined in [MNSW21].…”

Section: Aesmentioning

confidence: 99%

An Instruction Set Extension to Support Software-Based Masking

Gao

Großschädl

Marshall

et al. 2021

TCHES

Self Cite

View full text Add to dashboard Cite

In both hardware and software, masking can represent an effective means of hardening an implementation against side-channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores the use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative with respect to both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure.

show abstract

“…Ben Marshall [22] et al explored and proposed six requirements that a standard AES extension scheme should follow, including supporting all the parameter sets of AES, which has good universality for any design under the RISC-V architecture. However, the cost of being all-inclusive is the sacrifice of some efficiency and safety.…”

Section: Related Workmentioning

confidence: 99%

“…In this section, we describe the design of AES custom instructions and the architecture of the coprocessor. Unlike [22], our AES extended instructions can process tens of bytes of data at a time (there may be hundreds of bytes when processing multimedia data such as images) and will not expose the intermediate value in the encryption to the application. Driven by instructions, our coprocessor can continuously read or write memory from the starting address while performing AES encryption operations to shorten the running time.…”

Section: Aes Coprocessormentioning

confidence: 99%

A Lightweight AES Coprocessor Based on RISC-V Custom Instructions

Pan

Liu

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the increasing popularity of the Internet of Things (IoT), the issue of its information security has drawn more and more attention. To overcome the resource constraint barrier for secure and reliable data transmission on the widely used IoT devices such as wireless sensor network (WSN) nodes, many researcher studies consider hardware acceleration of traditional cryptographic algorithms as one of the effective methods. Meanwhile, as one of the current research topics in the reduced instruction set computer (RISC), RISC-V provides a solid foundation for implementing domain-specific architecture (DSA). To this end, we propose an extended instruction scheme for the advanced encryption standard (AES) based on RISC-V custom instructions and present a coprocessor designed on the open-source core Hummingbird E203. The AES coprocessor uses direct memory access channels to achieve parallel data access and processing, which provides flexibility in memory space allocation and improves the efficiency of cryptographic components. Applications with embedded AES custom instructions running on an experimental prototype of the field-programmable gate array (FPGA) platform demonstrated a 25.3% to 37.9% improvement in running time over previous similar works when processing no less than 80 bytes of data. In addition, the application-specific integrated circuit (ASIC) experiments show that in most cases, the coprocessor only consumes up to 20% more power than the necessary AES operations.

show abstract

The design of scalar AES Instruction Set Extensions for RISC-V

Cited by 28 publications

References 19 publications

An Efficient Lightweight Cryptographic Instructions Set Extension for IoT Device Security

An Efficient Lightweight Cryptographic Instructions Set Extension for IoT Device Security

An Instruction Set Extension to Support Software-Based Masking

A Lightweight AES Coprocessor Based on RISC-V Custom Instructions

Contact Info

Product

Resources

About