Improving the Efficiency of Cryptography Algorithms on Resource-Constrained Embedded Systems via RISC-V Instruction Set Extensions

This work presents the design and evaluation of RISC-V implementations of AES-128, AES-256, SHA-256, and SHA-512, both with and without specialized instructions from the Zkne and Zknh ISA extensions. In our evaluation, we use the Ibex implementation of the RISC-V ISA, a simple low-area 2-stage pipeline design, and the TinyCrypt library, a collection of low-overhead C implementations of widely employed cryptography algorithms. Several criteria relevant to low-complexity embedded systems are measured and compared, such as area costs for the hardware side; stack usage and code density for the software side; illustrating the trade-offs emerging from using specialized RISC-V instructions in the aforementioned algorithms. Clock cycle count gains of 42.57x, 44.81x, 1.45x and 1.74x were observed, as well as 4.16x, 4.16x, 1.58x and 1.63x gains in memory usage efficiency and 27.81x, 28.91x, 1.45x and 1.79x gains in energy efficiency, with an overhead of 10% in die area cost. The extended TinyCrypt library with hardware accelerated implementations and extended Ibex processor RTL are available open-source at https://github.com/cggewehr/RISCV- crypto.