The Intel AES Instructions Set and the SHA-3 Candidates

  • Authors:

  • Ryad Benadjila;Olivier Billet;Shay Gueron;Matt J. Robshaw

  • Affiliations:

  • Orange Labs, Issy les Moulineaux, France;Orange Labs, Issy les Moulineaux, France;University of Haifa, Israel and Intel Corporation, Haifa, Israel;Orange Labs, Issy les Moulineaux, France

  • Venue:
  • ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

The search for SHA-3 is now well-underway and the 51 submissions accepted for the first round reflected a wide variety of design approaches. A significant number were built around Rijndael/AES-based operations and, in some cases, the AES round function itself. Many of the design teams pointed to the forthcoming Intel AES instructions set, to appear on Westmere chips during 2010, when making a variety of performance claims. In this paper we study, for the first time, the likely impact of the new AES instructions set on all the SHA-3 candidates that might benefit. As well as distinguishing between those algorithms that are AES-based and those that might be described as AES-inspired, we have developed optimised code for all the former. Since Westmere processors are not yet available, we have developed a novel software technique based on publicly available information that allows us to accurately emulate the performance of these algorithms on the currently available Nehalem processor. This gives us the most accurate insight to-date of the potential performance of SHA-3 candidates using the Intel AES instructions set.