The Intel AES Instructions Set and the SHA-3 Candidates
نویسندگان
چکیده
The search for SHA-3 is now well-underway and the 51 accepted submissions reflect a wide variety of design approaches. A significant number are built around Rijndael/AES-based operations and, in some cases, the AES round function itself. Many of the design teams have pointed to the forthcoming Intel AES instructions set, to appear on Westmere chips during 2010, when making a variety of performance claims. In this paper we study, for the first time, the likely impact of the new AES instructions set on all the SHA-3 candidates that might benefit. As well as distinguishing between those algorithms that are AES-based and those that might be described as AES-inspired, we have developed optimised code for all the former. Since Westmere processors are not yet available, we have developed a novel software technique based on publicly available information that allows us to accurately emulate the performance of these algorithms on the currently available Nehalem processor. This gives us the most accurate insight to-date of the potential performance of SHA-3 candidates using the Intel AES instructions set.
منابع مشابه
Dear NIST , all , In round 1 technical evaluation , NIST intends to perform an efficiency analysis on Intel
We would like to explain why AES instructions should be considered: Based on our observation that Intel CPU performance figures of several SHA-3 candidates are due to the use of instructions in SSE, we think that new version of SSE which employs AES instructions should be considered as the same way as the current version of it. We expect that Intel CPUs with AES instructions will be widely used...
متن کاملByte Slicing Grøstl - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
Grøstl is an AES-based hash function and one of the 5 finalists of the SHA-3 competition. In this work we present high-speed implementations of Grøstl for small 8-bit CPUs and large 64-bit CPUs with the recently introduced AES instructions set. Since Grøstl does not use the same MDS mixing layer as the AES, a direct application of the AES instructions seems difficult. In contrast to previous fi...
متن کاملPAEQ: Parallelizable Permutation-based Authenticated Encryption (Full Version)
We propose a new authenticated encryption scheme PAEQ, which employs a fixed public permutation. In contrast to the recent sponge-based proposals, our scheme is fully parallelizable. It also allows flexible key and nonce length, and is one of the few which achieves 128-bit security for both confidentiality and data authenticity with the same key length. The permutation within PAEQ is a new desi...
متن کاملPerformance Analysis of the SHA-3 Candidates on Exotic Multi-core Architectures
The NIST hash function competition to design a new cryptographic hash standard ‘SHA-3’ is currently one of the hot topics in cryptologic research, its outcome heavily depends on the public evaluation of the remaining 14 candidates. There have been several cryptanalytic efforts to evaluate the security of these hash functions. Concurrently, invaluable benchmarking efforts have been made to measu...
متن کاملComparison of seven SHA-3 candidates software implementations on smart cards
In this work, we present and compare seven SHA-3 second-round candidates implementations on two different architectures used on smart cards: the Intel 8051 and the ARM7TDMI. After presenting the performances of our implementations, we explain for each candidate the main differences between our 8-bit and 32-bit implementations. Then, we compare our results to those of two benchmarks published at...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009