Intel® C++ Compiler Classic Developer Guide and Reference

ID 767249
Date 7/13/2023
Public
Document Table of Contents

Intrinsics for Advanced Encryption Standard Implementation

The Intel® C++ Compiler Classic provides intrinsics to enable carry-less multiplication and encryption based on Advanced Encryption Standard (AES) specifications. The carry-less multiplication intrinsic corresponds to a single new instruction, PCLMULQDQ. The AES extension intrinsics correspond to AES extension intructions.

The AES extension instructions and the PCLMULQDQ instruction follow the same system software requirements for XMM state support and single-instruction multiple data (SIMD) floating-point exception support as Intel® Streaming SIMD Extensions 2 (Intel® SSE2), Intel® Streaming SIMD Extensions 3 (Intel® SSE3), Intel Supplemental Streaming SIMD Extensions 3 (SSSE3), and Intel® Streaming SIMD Extensions 4 (Intel® SSE4) extensions.

Intel®64 processors using 32nm processing technology support the AES extension instructions as well as the PCLMULQDQ instruction.

AES Encryption and Cryptographic Processing

AES encryption involves processing 128-bit input data (plaintext) through a finite number of iterative operation, referred to as AES round, into a 128-bit encrypted block (ciphertext). Decryption follows the reverse direction of iterative operation using the equivalent inverse cipher instead of the inverse cipher.

The cryptographic processing at each round involves two input data, one is the state, the other is the round key. Each round uses a different round key. The round keys are derived from the cipher key using a key schedule algorithm. The key schedule algorithm is independent of the data processing of encryption/decryption, and can be carried out independently from the encryption/decryption phase.

The AES standard supports cipher key of sizes 128, 192, and 256 bits. The respective cipher key sizes corresponds to 10, 12, and 14 rounds of iteration.

Carry-less Multiplication Instruction and AES Extension Instructions

A single instruction, PCLMULQDQ, performs carry-less multiplication for two binary numbers that are up to 64-bit wide.

The AES extensions provide:

  • two instructions to accelerate AES rounds on encryption (AESENC and AESENCLAST)
  • two instructions for AES rounds on decryption using the equivalent inverse cipher (AESDEC and AESENCLAST)
  • instructions for the generation of key schedules (AESIMC and AESENCLAST)

Detecting Support for Using Instructions

Before any application attempts to use the PCLMULQDQ or the AES extension instructions, it must first detect if the instructions are supported by the processor.

To detect support for the PCLMULQDQ instruction, your application must check the following:

CPUID.01H:ECX.PCLMULQDQ[bit 1] = 1.

To detect support for the AES extension instructions, your application must check the following:

CPUID.01H:ECX.AES[bit 25] = 1.

Operating systems that support handling of the SSE state also support applications that use AES extension instruction and the PCLMULQDQ instruction.