Mapping AES Cryptography and Whirlpool Hashing onto the Cell BE architecture

The impressive computational power of the Cell Broadband Engine, coupled with its advanced security architecture, make it a perspective platform to implement cryptograpphic algorithms. This paper deals with mapping the AES symmetric-key cryptography and Whirlpool hash function onto the Cell Broadband Engine architecture. Based on the analysis of possible approaches to mapping AES onto Cell BE architecture, we finally focus on two schemes. The first of them is based on using the efficient implementation of simultaneous table lookups in a 256-entry byte table stored in 16 vector registers, to perform the SubBytes transformations. In the second scheme, we merge SubBytes, ShiftRows, and MixColumns into a single shorter sequence of operations, which is implemented using table lookups in four 1KB tables stored in memory. During the Conference, the performance results of the AES implementation on the Cell BE processor will be presented. In particular, we will report result of performance comparison of the first scheme, which is characterized by the extensive vectorization of operations on data stored entirely in registers, with the second scheme, which allows to decrease the number of operations at the cost of a lower degree of parallelism and longer time of access to data stored in the local memory of SPE. Another topic of research carried out in this work is related to the efficient implementation of the cryptographic hash algorithms on the Cell BE. One of potential alternatives to the traditional solutions is a hash function called Whirlpool. The block cipher used by Whirlpool is very similar to the AES algorithm. This allows us to adopt for the Whirlpool algorithm the both of schemes employed for the AES algorithm. At the same time, the important difference between these algorithms is that AES operates of data viewed as 4-by-4 matrices of bytes, while in Whirpool two parallel datapaths operate on input data and key material, each viewed as 8-by-8 matrices of bytes. It gives us much wider possibilities for parallelizing the Whrilpool algorithm on the Cell BE processor, even for compressing a single block of data. In the paper, for the first time, we propose how to decompose each datapath to provide its parallel execution on up to 4 SPEs. Such an approach would allow us to exploit efficiently the computing resources of all 8 SPEs in one Cell BE processor, even when processing a single stream of data. 2 Roman Wyrzykowski, Lukasz Kuczynski, and Krzysztof Rojek