Carry-Less Multiplication Instruction, Usage for the GCM Mode
The Intel® PCLMULQDQ instruction is a new instruction available beginning with the all new 2010 Intel® Core™ processor family based on the 32nm Intel® microarchitecture codename Westmere. The PCLMULQDQ instruction performs carry-less multiplication of two 64-bit operands.
This paper provides information on the instruction, and its usage for computing the Galois Hash. It also provides code examples for the usage of PCLMULQDQ, together with the Intel® AES New Instructions for efficient implementation of AES in Galois Counter Mode (AES-GCM).
This version of the paper also provides high performance code examples for AES-GCM, and discloses, for the first time, their measured performance numbers.
PCLMULQDQ is a new processor instruction that Intel is introducing in the 2010 Intel® Core™ processor family based on the 32nm Intel® microarchitecture codename Westmere, entering production starting the end of 2009. It computes the carry-less product of two 64-bit operands.
This paper provides details the PCLMULQDQ instruction, and describes several algorithms for using it for computing the Galois Hash, which is the underlying computation of the Galois Counter Mode (GCM).<./p>
An important usage model is AES in Galois counter Mode (AES-GCM), where the AES encryption/decryption part can be implemented efficiently using the Intel AES New Instructions which are also being introduced (see Reference , http://software.intel.com/en-us/articles/advanced-encryption-standard-aes-instructions-set/ for details) . This paper provides code examples for AES-GCM, using the new instructions, and also discloses their resulting performance.
Read the full Carry-Less Multiplication Instruction, Usage for the GCM Mode.