Abstract
The Galois/Counter Mode is an authenticated encryption scheme which is included in protocols such as TLS and IPSec. Its implementation requires multiplication over a binary finite field, an operation which is costly to implement in software. Recent processors have included instructions aimed to speed up binary polynomial multiplication, an operation which can be used to implement binary field multiplication. Some processors of the ARM architecture, which was reported in 2014 to be present in 95 % of smartphones, include such instructions. In particular, recent devices such as the iPhone 5 s and Galaxy Note 4 have ARMv8 processors, which provide instructions able to multiply two 64-bit binary polynomials and to encrypt using the AES cipher. In this work we present an optimized and timing-resistant implementation of GCM over AES-128 using these instructions. We have obtained timings of 1.71 cycles per byte for GCM authenticated encryption (9 times faster than the timing on ARMv7), 0.51 cycles per byte for GCM authentication only (11 times faster) and 1.21 cycles per byte for AES-128 encryption (8 times faster).
The second author was partially supported by a research productivity scholarship from CNPq Brazil.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Câmara, D., Gouvêa, C.P.L., López, J., Dahab, R.: Fast software polynomial multiplication on ARM processors using the NEON engine. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013 Workshops. LNCS, vol. 8128, pp. 137–154. Springer, Heidelberg (2013)
Gueron, S.: Intel’s new AES instructions for enhanced performance and security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)
Gueron, S.: AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition. Presented in DIAC 2013: Directions in Authenticated Ciphers (2014). http://2013.diac.cr.yp.to/slides/gueron.pdf
Gueron, S., Kounavis, M.E.: Intel carry-less multiplication instruction and its usage for computing the GCM mode. White Paper (2010)
López, J., Dahab, R.: High-speed software multiplication in \(\mathbb{F}_{2^m}\). In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 203–212. Springer, Heidelberg (2000)
McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)
Polyakov, A.: The OpenSSL project. OpenSSL Git repository (2014). http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f8cee9d08181f9e966ef01d3b69ba78b6cb7c8a8
Ranger, S.: Internet of things and wearables drive growth for ARM. ZDNet, April 2014. http://www.zdnet.com/internet-of-things-and-wearables-drive-growth-for-arm-7000028684/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Gouvêa, C.P.L., López, J. (2015). Implementing GCM on ARMv8. In: Nyberg, K. (eds) Topics in Cryptology –- CT-RSA 2015. CT-RSA 2015. Lecture Notes in Computer Science(), vol 9048. Springer, Cham. https://doi.org/10.1007/978-3-319-16715-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-16715-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16714-5
Online ISBN: 978-3-319-16715-2
eBook Packages: Computer ScienceComputer Science (R0)