Software-based parallel GHASH: a contiguous approach

Hayato Fujii; Isabela Rossales

doi:10.5753/sbseg_estendido.2025.12963

Hayato Fujii KRYPTUS Information Security S.A.
Isabela Rossales KRYPTUS Information Security S.A.

DOI: https://doi.org/10.5753/sbseg_estendido.2025.12963

Resumo

Galois/Counter Mode (GCM) is a widely adopted block cipher mode of operation. Such degree of adoption has led to optimizations at every level, to the point that dedicated hardware support and specialized CPU instructions were developed, reducing the encryption process’ computational overhead. In this proposal, multiple threads concurrently perform encryption and compute the GHASH function — an essential component of GCM — on disjoint segments of the input message. Upon completion, the intermediate authentication tags derived from each segment are combined into a single final authentication tag. This approach exploits a subtle aspect not explicitly addressed in the original specification, which presents GHASH as a strictly serial algorithm.

Referências

Abdellatif, K. M., Chotin-Avot, R., and Mehrez, H. (2012). Efficient parallel-pipelined GHASH for message authentication. In 2012 International Conference on Reconfigurable Computing and FPGAs, page 1–6. IEEE.

Akdemir, K., Dixon, M., Feghali, W., Fay, P., Gopal, V., Guilford, J., Ozturk, E., Wolrich, G., and Zohar, R. (2010). Breakthrough AES Performance with Intel AES New Instructions. Technical report, Intel.

Dworkin, M. (2007). Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. Technical report, National Institute of Standards and Technology.

Foor, D. (2025). Pre-draft Public Comments on SP 800-38D Rev. 1. [link].

Gopal, V., Ozturk, E., Feghali, W., Guilford, J., Wolrich, G., and Dixon, M. (2010). Optimized Galois-Counter-Mode Implementation on Intel Architecture Processors. Technical report, Intel.

Gouvêa, C. P. L. and López, J. (2015). Implementing GCM on ARMv8. In Nyberg, K., editor, Topics in Cryptology — CT-RSA 2015, pages 167–180, Cham. Springer International Publishing.

Gueron, S. (2023). Constructions based on the AES round and polynomial multiplications that are efficient on modern processor architectures. In Third NIST Workshop on Block Cipher Modes of Operation.

Gueron, S. and Kounavis, M. E. (2010). Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode. Technical report, Intel.

Hoang, V.-P., Nguyen, V.-T., Nguyen, A.-T., and Pham, C.-K. (2017). A low power AES-GCM authenticated encryption core in 65nm SOTB CMOS process. In 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS), pages 112–115.

Jankowski, K. and Laurent, P. (2011). Packed AES-GCM Algorithm Suitable for AES/PCLMULQDQ Instructions. IEEE Transactions on Computers, 60(1):135–138.

Kohno, T. (2003). The CWC-AES Dual-Use Mode. Internet-Draft draft-irtf-cfrg-cwc-01, Internet Engineering Task Force.

Lee, J., Kim, D., and Seo, S. C. (2025). Parallel implementation of GCM on GPUs. ICT Express, 11(2):310–316.

McGrew, D. A. and Viega, J. (2005). The Galois/Counter Mode of Operation (GCM).

Technical report, Cisco Systems Inc. and Secure Software.

Satoh, A., Sugawara, T., and Aoki, T. (2009). High-Performance Hardware Architectures for Galois Counter Mode. IEEE Trans. Computers, 58:917–930.

Wang, J., Shou, G., Hu, Y., and Guo, Z. (2010). High-speed architectures for GHASH based on efficient bit-parallel multipliers. In 2010 IEEE International Conference on Wireless Communications, Networking and Information Security, pages 582–586.

Wi-Fi Alliance (2025). WPA3 Specification. [link].

Zhang, C., Li, L., Xu, J., and Wang, Z. (2009). High-throughput GCM VLSI architecture for IEEE 802.1ae applications. In 2009 IEEE International Symposium on Circuits and Systems (ISCAS), pages 900–903.