1. Final Project, 18.377, 2016 Kyle Kotowick
AES-GCM in Julia
Final Project, , 2016
Kyle Kotowick

2. AES: Advanced Encryption Standard
a.k.a. Rijndael encryption
Specification from US National Institute of Standards and Technology
Superseded Data Encryption Standard (DES) in 2001
Block cipher (encrypts 128 bits)
Symmetric key (same key for encryption/decryption)
Supports key lengths of 128, 192, or 256 bits
Universal adoption

3. Modes OF OPERATION AES cipher block size is 128 bits
Who ever wants to encrypt only 128 bits?
Need methods for encrypting larger files
“Just segment into 128-bit chunks and encrypt each one individually!” – Electronic Codebook Mode (ECB)
Fully parallelizable!

4. Modes of Operation More complex modes are “chained” or use “counters”
Sequential nature of chaining/counting makes parallelization more difficult

5. Authentication Encryption provides secrecy
How do you know if it’s the right secret?
Someone may have modified the data during transmission
Even if they don’t know the secret, they can still mess with it
Need secrecy and authenticity
Can be done separately
That’s boring
Some modes of operation combine both, called “authenticated encryption”

6. Modes of Operation Mode Acronym Encryption Parallelizable
Decryption Parallelizable
Authenticated
Cipher Block Chaining
CBC No
Yes
Cipher Feedback
CFB
Output Feedback
OFB
Counter
CTR
Counter CBC-MAC
CCM
Galois-Counter
GCM

7. Encryption in Julia Two existing AES encryption packages for Julia
Nettle.jl
Julia wrapper around libnettle (GNU library)
Provides AES block cipher and CBC mode of operation
Super fast
AES.jl
Native Julia code
Provides AES block cipher and several modes of operation (CBC, CFB, OFB, CTR)
Neither provide Galois-Counter Mode!
Seems like an opportunity for a final project

8. The Plan
Implement Galois Counter Mode (GCM) as explicitly defined in the NIST recommendation D
Not optimized, but known to work
Use Nettle.jl for base AES block cipher
Refactor code to optimize performance in serial
Implement AES block cipher natively at bit level
Attempt to implement parallelization of the code

9. Difficulties AES block cipher is defined at byte-level
GCM mode is defined at bit-level
Julia conversions to/from BitArrays use little-endian
GCM mode definition uses big-endian
Conversion between all these things is slow
Julia’s BitArrays have poor support
e.g. can only convert Int64 to binary string (1 byte per bit), not to BitArray
Hard to debug ciphertext
You have no idea what it’s supposed to look like
Which operation/function is causing the error?

10. Step 1: Implementing GCM
Implemented directly from NIST “Special Publication D”
It works! It’s as slow as molasses in winter, but it works!
Encryption
Decryption
Authentication

11. Step 2: Serial Optimization
In-place array manipulation
Merged some loops
Removed unnecessary iterations
~56% reduction in computation time
~45% reduction in memory allocations
~42% reduction in total memory usage

12. Step 3: Native AES Cipher
Implemented directly from NIST “Federal Information Processing Standards Publication 197”
Validated against Nettle.jl AES cipher
Allowed code to be fully self-contained (no external dependencies)
~626% increase in computation time
~899% increase in memory allocations
~849% increase in total memory usage
But no dependencies!

13. Step 4: Parallelization
Didn’t get this far

14. Computation Time

15. Memory Allocations

16. Memory Usage

17. Conclusion Implemented GCM as defined by specifications
Used some tips and tricks to improve serial performance
Implemented AES, so library is fully self-contained and portable
Slow is an understatement
This library: developed part-time over 6 weeks by Kyle
Comparisons: developed by hundreds of people over many years
Future work:
Move to entirely byte-based code (no more BitArrays)
Much more serial optimization to do
Parallelize everything!