Assembly optimization of an AES-128-CTR algorithm based on a Cortex-M4 core

doi:10.3969/j.issn.1000-5641.2022.04.007

Abstract

Abstract:

With the rapid development of the Internet of Things, embedded hardware products face great challenges in data security. The AES (Advanced Encryption Standard) algorithm has the advantages of strong attack resistance, fast operation speed and flexible block length in the field of data encryption and decryption. The speed of this algorithm on microcontroller platforms is far inferior to general-purpose CPUs (Central Processing Units) which have an extended instruction set for AES encryption. To solve this problem, a speed optimized AES algorithm in CTR (Counter) mode based on the Cortex-M4 core instruction set is implemented using assembly language. The kernel’s unique barrel shifter and three-stage pipeline are used to optimize the round transformation of the algorithm, and the number of instruction cycles is reduced. Testing on an FRDM-K82F development board shows that the assembly optimization of the algorithm is substantially more efficient than the code implemented using the C language, and it offers more advantages in both cost and power consumption compared to hardware encryption based on the coprocessor.

Key words: assembly optimization, AES, Cortex-M4

CLC Number:

TN918.4

Dongxuan YANG, Ganggang ZHANG, Xinliang LIU. Assembly optimization of an AES-128-CTR algorithm based on a Cortex-M4 core[J]. Journal of East China Normal University(Natural Science), 2022, 2022(4): 67-78.

Figures/Tables 10

Fig.1

Table 1

Fig.2

Fig.3

Fig.4

Table 2

Table 3

Table 4

Table 5

Fig.5

References 25

1	胡荣群, 罗杰. 嵌入式系统的安全分析. 计算机与现代化, 2007, (2): 93- 96.
2	徐绘凯, 刘跃, 马振邦, 等. MQTT 安全大规模测量研究. 信息网络安全, 2020, 20 (9): 37- 41.
3	陈颖, 陈长松, 胡红钢. SM4 硬件电路的功耗分析研究. 信息网络安全, 2018, (5): 52- 58.
4	尚文利, 尹隆, 刘贤达, 等. 工业控制系统安全可信环境构建技术及应用. 信息网络安全, 2019, (6): 1- 10.
5	LAU D. Secure bootloader implementation [EB/OL]. (2012-10-14)[2021-03-05]. https://www.nxp.com/docs/en/application-note/AN4605.pdf.
6	曾小波, 易志中, 焦歆. 基于 51 核的 AES 算法高速硬件设计与实现. 电子科技, 2016, 29 (1): 36- 39.
7	NASSER Y, BAZZOUN M A, ABDUL-NABI S. AES algorithm implementation for a simple low cost portable 8-bit microcontroller [C]//2016 Sixth International Conference on Digital Information Processing and Communications. 2016: 214-218.
8	章登义, 毛从武, 李永忠. AES 算法及其在 DSP 中优化实现. 计算机工程与科学, 2005, 27 (9): 7- 9.
9	LI Q J, ZHONG C W, ZHAO K Y, et al. Implementation and analysis of AES encryption on GPU [C]//2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems. 2012: 843-848.
10	张月华, 张新贺, 刘鸿雁. AES 算法优化及其在 ARM 上的实现. 计算机应用, 2011, 31 (6): 1539- 1542.
11	张小梅. AES 算法在 ARM 核嵌入式系统上的优化实现. 计算机应用与软件, 2012, 29 (5): 285- 288.
12	张金辉, 郭晓彪, 符鑫. AES 加密算法分析及其在信息安全中的应用. 信息网络安全, 2011, (5): 31- 33.
13	ATASU K, BREVEGLIERI L, MACCHETTI M. Efficient AES implementations for ARM based platforms [C]//Proceedings of the 2004 Association for Computing Machinery Annual Symposium on Applied Computing. 2004: 841-845.
14	DAEMEN J, RIJMEN V. AES proposal: Rijndael [EB/OL]. (1999-09-03)[2020-10-08]. https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf.
15	BIHAM E. A fast new DES implementation in software [C]//Proceedings of the 4th International Workshop on Fast Software Encryption. 1997: 260-272.
16	MATSUI M, NAKAJIMA J. On the power of bitslice implementation on Intel Core2 processor [C]//Cryptographic Hardware and Embedded Systems-CHES 2007. 2007: 121-134.
17	REBEIRO C, SELVAKUMAR D, DEVI A S L. Bitslice implementation of AES [C]//Proceedings of the 5th International Conference on Cryptology and Network Security. 2006: 203-212.
18	HAMBURG M. Accelerating AES with vector permute instructions [C]//Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems. 2009: 18-32.
19	王子派. ARM 系列微处理器架构初探. 电子世界, 2016, (14): 56- 57.
20	BERNSTEIN D J, SCHWABE P. New AES software speed records [C]//Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology. 2008: 322-336.
21	EMMANUEL B, HASSAN H. Extended Barrel-Shifter for versatile QC-LDPC decoders. IEEE Wireless Communications Letters, 2020, 9 (5): 643- 647.
22	DWORKIN M. Recommendation for block cipher modes of operation [C]//National Institute of Standards and Technology Special Publication. 2001: 800-38A.
23	AUSTIN T, BLAAUW D, MUDGE T, et al. Making typical silicon matter with razor. Computer, 2004, 37 (3): 57- 65.
24	HUNTER M. Optimizing performance on Kinetis K-series MCUs [EB/OL]. (2014-06-11)[2021-03-03]. https://www.nxp.com/docs/en/application-note/AN4745.pdf.
25	NIKOLAIDIS S, LAOPOULOS T. Instruction-level power consumption estimation of embedded processors for low-power applications [J]. Computer Standards & Interfaces, 2002, 24: 133-137.

类型	指令	指令数量/个
加载	LDR, LDM, LDRB	208
存储	STR	4
移位	LSL, LSR	160
掩码	AND	176
异或	EOR	168
其他	ADD, POP, PUSH	4

实现方案	功能	指令周期数/个	code data/byte	ro data/byte	rw data/byte
汇编优化	加密/解密	613	2128	1024	264
汇编优化	密钥扩展	272	744	1024	208
tiny-AES-C	加密/解密	3924	1772	267	260
tiny-AES-C	密钥扩展	1059	248	256	220
硬件LTC	加密/解密和密钥扩展	165	496

实现方案	1块/个	2块/个	4块/个	8块/个	64块/个	256块/个	512块/个
硬件LTC	647	501	328	245	172	165	165
汇编优化	790	701	657	654	618	614	613
tiny-AES-C	3976	3950	3937	3930	3924	3924	3924

实现方案	单块加密指令周期数/个	处理器平台	说明
文献[10]	1234665.0	ARM S3C2440	C语言, 即时生成S盒, 轮数不展开
文献[11]	9799.0	ARM S3C2440	C语言, 查表, 轮数展开
Cryptovia公司嵌入式加密库产品	1463.0	ARM Cortex-M3	汇编语言生成库, 未公开优化方案, 未包含密钥扩展
ARM公司 Mbed TLS开源SSL库	42792.0	ARM Cortex-M3	C语言, 未包含密钥扩展
OpenSSL库	11.2	Intel i5	汇编语言, CPU特有AES-NI加速指令
WolfSSL库	49170.0	ARM Cortex-M4	C语言, 未包含密钥扩展

实现方案	运行电流 @ 3.3 V 4 MHz 系统时钟
实现方案	数据预处理 /mA	准备阶段 /mA	操作阶段 /mA	平均 /mA
硬件LTC	1.877	1.596	1.635	1.627
汇编优化	1.639	1.613	1.559	1.574