[math-fun] Can these AES instructions be used for anything else?
FYI -- Are these specialized AES instructions useful for any other interesting computations? http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-... Intel® Advanced Encryption Standard (AES) Instructions Set - Rev 3.01 Submitted by Shay Gueron (Intel) on Thu, 08/02/2012 - 14:11 Introduction Intel® AES instructions are a new set of instructions available beginning with the all new 2010 Intel® Core processor family based on the 32nm Intel® microarchitecture codename Westmere. These instructions enable fast and secure data encryption and decryption, using the Advanced Encryption Standard (AES) which is defined by FIPS Publication number 197. Since AES is currently the dominant block cipher, and it is used in various protocols, the new instructions are valuable for a wide range of applications. The architecture consists of six instructions that offer full hardware support for AES. Four instructions support the AES encryption and decryption, and other two instructions support the AES key expansion. The AES instructions have the flexibility to support all usages of AES, including all standard key lengths, standard modes of operation, and even some nonstandard or future variants. They offer a significant increase in performance compared to the current pure-software implementations. Beyond improving performance, the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES. In addition, they make AES simple to implement, with reduced code size, which helps reducing the risk of inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks. This paper gives an overview of the AES algorithm and Intel's new AES instructions. It provides guidelines and demonstrations for using these instructions to write secure and high performance AES implementations. This version of the paper also provides a high performance library for implementing AES in the ECB/CBC/CTR modes, and discloses for the first time, the measured performance numbers. [Revisions history: Rev. 1.0 in 4/2008; Rev. 2.0 in 4/2009; Rev. 3.0 in 5/2010; Rev. 3.01 in 9/2012] Download Article http://download-software.intel.com/sites/default/files/article/165683/aes-wp...
They seem completely specialized for doing big blocks of the AES algorithms, so my guess is probably not otherwise useful. My first thought was actually wondering if the NSA had any covert input into the hardware design, ostensibly to prevent various attacks but perhaps to build in something for themselves. In any case, the widely available hardware implementation might make it easier and/or cheaper to mount brute-force attacks. --ms On 2014-02-11 09:23, Henry Baker wrote:
FYI -- Are these specialized AES instructions useful for any other interesting computations?
http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-...
Intel® Advanced Encryption Standard (AES) Instructions Set - Rev 3.01
Submitted by Shay Gueron (Intel) on Thu, 08/02/2012 - 14:11
Introduction
Intel® AES instructions are a new set of instructions available beginning with the all new 2010 Intel® Core™ processor family based on the 32nm Intel® microarchitecture codename Westmere. These instructions enable fast and secure data encryption and decryption, using the Advanced Encryption Standard (AES) which is defined by FIPS Publication number 197. Since AES is currently the dominant block cipher, and it is used in various protocols, the new instructions are valuable for a wide range of applications.
The architecture consists of six instructions that offer full hardware support for AES. Four instructions support the AES encryption and decryption, and other two instructions support the AES key expansion.
The AES instructions have the flexibility to support all usages of AES, including all standard key lengths, standard modes of operation, and even some nonstandard or future variants. They offer a significant increase in performance compared to the current pure-software implementations.
Beyond improving performance, the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES. In addition, they make AES simple to implement, with reduced code size, which helps reducing the risk of inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks.
This paper gives an overview of the AES algorithm and Intel's new AES instructions. It provides guidelines and demonstrations for using these instructions to write secure and high performance AES implementations. This version of the paper also provides a high performance library for implementing AES in the ECB/CBC/CTR modes, and discloses for the first time, the measured performance numbers.
[Revisions history: Rev. 1.0 in 4/2008; Rev. 2.0 in 4/2009; Rev. 3.0 in 5/2010; Rev. 3.01 in 9/2012]
Download Article
http://download-software.intel.com/sites/default/files/article/165683/aes-wp...
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
participants (2)
-
Henry Baker -
Mike Speciner