TY - JOUR AU - Marshall, Ben AU - Newell, G. Richard AU - Page, Dan AU - Saarinen, Markku-Juhani O. AU - Wolf, Claire PY - 2020/12/03 Y2 - 2024/03/29 TI - The design of scalar AES Instruction Set Extensions for RISC-V JF - IACR Transactions on Cryptographic Hardware and Embedded Systems JA - TCHES VL - 2021 IS - 1 SE - Articles DO - 10.46586/tches.v2021.i1.109-136 UR - https://tches.iacr.org/index.php/TCHES/article/view/8729 SP - 109-136 AB - <p>Secure, efficient execution of AES is an essential requirement on most computing platforms. Dedicated Instruction Set Extensions (ISEs) are often included for this purpose. RISC-V is a (relatively) new ISA that lacks such a standardized ISE. We survey the state-of-the-art industrial and academic ISEs for AES, implement and evaluate five different ISEs, one of which is novel. We recommend separate ISEs for 32 and 64-bit base architectures, with measured performance improvements for an AES-128 block encryption of 4x and 10x with a hardware cost of 1.1<em>K</em> and 8.2<em>K</em> gates respectively, when compared to a software-only implementation based on use of T-tables. We also explore how the proposed standard bit-manipulation extension to RISC-V can be harnessed for efficient implementation of AES-GCM. Our work supports the ongoing RISC-V cryptography extension standardisation process.</p> ER -