Full Program »
VASA: Vector AES Instructions for Security Applications
The symmetric cryptographic primitive of choice today is AES. This is because of its well-studied security and supporting hardware on a variety of platforms. Following the success of AES and the 128-bit AES-NI instructions for it, Intel has extended the x86 instruction set with Vector AES instructions. For the first time, we evaluate the performance impact these instructions have on complex AES processing beyond bulk encryption. In particular, we focus on the area of secure multi party computation where AES tasks are either independent – allowing easy use of VAES for the full speed-up – or where the AES tasks are dependent on the results of previous AES evaluations. For independent calls, we evaluate the performance impact using Microsoft CrypTFlow2 and the EMPOT library, both of which primarily use AES in counter mode. For dependent calls, we evaluate the performance impact using the ABY and EMP-AGMPC libraries. To get optimal efficiency from the hardware, enough independent tasks need to be presented for each batch of AES executions. We identify such batches using a deferred execution technique paired with early execution to reduce non-locality issues and more static techniques using circuit depth and explicit gate independence. Next, we present a performance and a modularity-focused technique to compute the AES operations efficiently while also immediately using the results and preparing the inputs. Using these techniques, we achieve a performance improvement via VAES of up to 28% for EMP-AGMPC and of up to 244% for ABY. With our additional, alternative garbling schemes, we achieve up to 171% better performance for ABY through the use of VAES. Additionally, our evaluations show overall performance benefits of up to 24% for EMP-OT, up to 20% in total for CrypTFlow2 and up to 50% for the nonlinear layers of its privacy-preserving inference.