A Comparative Analysis of Hardware Acceleration Support for the Advanced Encryption Standard (AES) in CPU Architectures
The Advanced Encryption Standard (AES) is a widely adopted encryption algorithm, with hardware acceleration playing a critical role in improving its performance and security. While AES can be implemented in software, many CPU manufacturers provide hardware acceleration instructions to maximize the performances and to minimize the power consumption. This blog post analyzes AES acceleration support in four major CPU architectures: Intel, AMD, ARM, and RISC-V.
1. Overview of AES Acceleration Instructions
AES acceleration instructions enable efficient cryptographic operations by utilizing dedicated hardware. The primary AES acceleration instruction sets include:
-
Intel AES-NI (Advanced Encryption Standard - New Instructions)
-
AMD AES-NI (Same instruction set as Intel)
-
ARMv8-A Cryptographic Extensions
-
RISC-V AES Extension (Zk extension, Standard Cryptographic Extension)
These instructions significantly enhance AES operations, achieving performance improvements of 4 to 10 times compared to software implementations.
2. Comparison of AES Acceleration Support by the Architecture
|
CPU Architecture |
AES Acceleration Instruction |
AES Acceleration Supported
|
Features
|
Performances and Security
|
|
Intel
|
Advanced Encryption Standard - New Instructions (AES-NI) [1] |
Yes [1] |
Introduced in 2010, strong security [1]
|
High performances, Fast key scheduling [1]
|
|
AMD
|
Advanced Encryption Standard - New Instructions (AES-NI) |
Yes [2] |
Same instruction set as Intel [2]
|
Similar performances as Intel [2]
|
|
ARM
|
Cryptographic Extensions (ARMv8-A)
|
Yes [3] |
Widely supported in mobile and server processors [3]
|
High efficiency in low-power environments [3]
|
|
RISC-V
|
Zk AES Extension
|
Partial [4] |
Optional RISC-V ISA extension, Still in early adoption stage [4]
|
Requires further optimization [4]
|
For RISC-V, AES acceleration is considered partial because the AES instruction set is optional in the RISC-V ISA. In contrast, Intel, AMD, and ARM treat AES acceleration as a standard feature. The Zk extension (Zknd, Zkne, Zknh) provides AES support, but its implementation varies by manufacturer, resulting in inconsistent support among different RISC-V processors. Many commercial RISC-V CPUs do not come with the Zk extension, relying instead on software-based AES. Even when enabled, performance lags behind that of Intel, AMD, and ARM due to early-stage optimizations and fewer hardware implementations. Future standardization and optimizations could improve RISC-V's AES acceleration to match that of other architectures.
Conclusion
AES acceleration instructions play a critical role in modern CPUs by enhancing both security and performance. Intel and AMD lead in AES performance with their mature AES-NI support, while ARM delivers high efficiency in mobile and low-power environments. Although RISC-V incorporates AES acceleration as part of its optional extensions, it still lags in terms of optimization and widespread adoption. Future developments in RISC-V AES acceleration, including improved hardware implementations and software optimizations, may bridge the performance gap with established architectures. Ongoing research and benchmarking will be essential to assess RISC-V’s competitiveness in cryptographic workloads.
References
[1]Gueron, S. Intel advanced encryption standard (AES) new instructions set, May 2010. URL: http://www. intel. com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper. pdf.
[2] Luna, D., Pettersson, M., & Sagonas, K. (2005, July). Efficiently compiling a functional language on AMD64: the HiPE experience. In Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming (pp. 1
[3] Wang, K. C. (2023). ARMv8 Architecture and Programming. In Embedded and Real-Time Operating Systems (pp. 505-792). Cham: Springer International Publishing.
[4] Marshall, B., Page, D., & Pham, T. (2020, October). Implementing the draft risc-v scalar cryptography extensions. In Proceedings of the 9th International Workshop on Hardware and Architectural Support for Security and Privacy (pp. 1-8).
Edited By: Windhya Rankothge, PhD, Canadian Institute for Cybersecurity
Related Blogs: The Critical Role of Hardware Security Modules (HSMs) in Public Key Infrastructure (PKI)