Paper 2016/714

All the AES You Need on Cortex-M3 and M4

Peter Schwabe and Ko Stoffelen

Abstract

This paper describes highly-optimized AES-{128, 192, 256}-CTR assembly implementations for the popular ARM Cortex-M3 and M4 embedded microprocessors. These implementations are about twice as fast as existing implementations. Additionally, we provide the fastest bitsliced constant-time and masked implementations of AES-128-CTR to protect against timing attacks, power analysis and other (first-order) side-channel attacks. All implementations, including an architecture-specific instruction scheduler and register allocator, which we use to minimize expensive loads, are released into the public domain.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. SAC 2016
Contact author(s)
k stoffelen @ cs ru nl
History
2016-10-19: revised
2016-07-21: received
See all versions
Short URL
https://ia.cr/2016/714
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/714,
      author = {Peter Schwabe and Ko Stoffelen},
      title = {All the AES You Need on Cortex-M3 and M4},
      howpublished = {Cryptology ePrint Archive, Paper 2016/714},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/714}},
      url = {https://eprint.iacr.org/2016/714}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.