Cryptography Reference
In-Depth Information
rounds AES is using (which in turn depends on the three key lengths supported by
AES). This precomputation adds usually a small latency to the decryption operation
relative to encryption.
4.6 Implementation in Software and Hardware
We briefly comment on the efficiency of the AES cipher with respect to software
and hardware implementation.
Software
Unlike DES, AES was designed such that an efficient software implementation is
possible. A straightforward implementation of AES which directly follows the data
path description, such as the description given in this chapter, is well suited for 8-
bit processors such as those found on smart cards, but is not particularly efficient
on 32-bit or 64-bit machines, which are common in today's PCs. In a naıve imple-
mentation, all time-critical functions (Byte Substitution, ShiftRows, MixColumn)
operate on individual bytes. Processing 1 byte per instruction is inefficient on mod-
ern 32-bit or 64-bit processors.
However, the Rijndael designers proposed a method which results in fast soft-
ware implementations. The core idea is to merge all round functions (except the
rather trivial key addition) into one table look-up. This results in four tables, each
of which consists of 256 entries, where each entry is 32 bits wide. These tables
are named a
T-Box
. Four table accesses yield 32 output bits of one round. Hence,
one round can be computed with 16 table look-ups. On a 1.2-GHz Intel processor,
a throughput of 400 Mbit/s (or 50 MByte/s) is possible. The fastest known imple-
mentation on a 64-bit Athlon CPU achieves a theoretical throughput of more than
1.6 Gbit/s. However, conventional hard disc encryption tools with AES or an open-
source implementation of AES reach a perfomance of a few hundred Mbit/s on
similar platforms.
Hardware
Compared to DES, AES requires more hardware resources for an implementation.
However, due to the high integration density of modern integrated circuits, AES
can be implemented with very high throughputs in modern ASIC or FPGA (field
programmable gate array — these are programmable hardware devices) technol-
ogy. Commercial AES ASICs can exceed throughputs of 10Gbit/sec. Through par-
allelization of AES encryption units on one chip, the speed can be further increased.
It can be said that symmetric encryption with today's ciphers is extremely fast, not
only compared to asymmetric cryptosystems but also compared to other algorithms
