The Community for Technology Leaders
RSS Icon
Issue No.01 - January (2011 vol.60)
pp: 135-138
Krzysztof Jankowski , Intel, Shannon
Pierre Laurent , Intel, Shannon
The level of interest in Galois Counter Mode (GCM) Authenticated Encryption rose significantly within the last few years. GCM is interesting because it is the only authenticated encryption standard that can be implemented in a fully pipelined or parallelized way and it is the most appropriate for encrypting packetized data. McGrew and Viega [CHECK END OF SENTENCE] described (but did not detail) how GHASH can be implemented with more than one multiplier operating in parallel. This paper details how that can be done and shows that, when N multipliers are used, and the multipliers use the approach of multiplying polynomials then applying a modular reduction, a single modular reduction can be used instead on N separate operations. This optimization can be used even when there is a single multiplier, which makes this implementation strategy have a broader appeal. Recently Intel has introduced new ISA instructions into the next generation CPU core, namely: AES family and PCLMULQDQ operating in XMM registers domain. In this paper, we discuss the example implementation of proposed GHASH modifications using above instructions.
Software, data encryption, AES, GCM, performance evaluation of algorithms.
Krzysztof Jankowski, Pierre Laurent, "Packed AES-GCM Algorithm Suitable for AES/PCLMULQDQ Instructions", IEEE Transactions on Computers, vol.60, no. 1, pp. 135-138, January 2011, doi:10.1109/TC.2010.147
[1] D. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM)," documents/ proposedmodes/ gcmgcm-spec.pdf, May 2005.
[2] M. Dworkin, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC," publications/nistpubs/ 800-38DSP-800-38D.pdf, Nov. 2007.
[3] J. Viega and D. McGrew, "The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)," RFC 4106, http://www., June 2005.
[4] M. Badra, "Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode," RFC 5487,, Mar. 2009.
[5] S. Gueron, "Advanced Encryption Standard (AES) Instructions Set," Intel Software Network, advanced-encryption-standard-aes-instructions-set , Apr. 2009.
[6] S. Gueron and M. Kounavis, "Carry-Less Multiplication and Its Usage for Computing the GCM Mode," Intel Software Network, http://software. carry-less-multiplication-and-its-usage-for- computing-the-gcm-mode , May 2009.
[7] Intel Software Network, "Intel Software Development Emulator," intel-software-development-emulator, Mar. 2009.
[8] The Yasm Modular Assembler Project,, 2010.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool