{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T00:54:09Z","timestamp":1772499249243,"version":"3.50.1"},"reference-count":42,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T00:00:00Z","timestamp":1709164800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"AMD"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Cryptographic primitives nowadays are not only implemented in high-performance systems but also in small-scale systems, which are increasingly powered by open-source processors, such as RISC-V. In this work, we leverage RISC-V\u2019s modular base instruction set and architecture to propose a generic instruction set extension (ISE) for symmetric cryptography. We adapt the work from Engels et al. in ARITH\u201913, the non-linear\/linear instruction set extension (NLU), which presents a generic hardware\/software co-design solution for efficient symmetric crypto implementations through a hardware unit extending the 8-bit AVR instruction set. These new instructions realize non-linear and linear layers, which are widely used to implement the block ciphers in symmetric cryptography. Our proposal modifies and extends the NLU instructions to a 32-bit RISC-V architecture; hence, we call the proposed ISE \u2018NLU-V\u2019. The proposed architecture is integrated into the open-source RISC-V implementation \u2018Icicle\u2019 and synthesized on a Xilinx Kintex-7 XC7K160T FPGA. The area overhead for the proposed NLU-V ISE is 1088 slice registers and 4520 LUTs. As case studies, the PRESENT and AES block ciphers are implemented using the new ISE on RISC-V in assembly. Our evaluation metric to showcase the performance gain, Z \u2018time-area-product (TAP)\u2019 (the execution time in clock cycles times code memory consumption), reflects the impact of the proposed family of instructions on the performance of the cipher implementations. The simulations show that the NLU-V achieves 89% gain for PRESENT and 68% gain for AES. Further, the NLU-V requires 44% less lines of code for the PRESENT and 23% less for the AES implementation.<\/jats:p>","DOI":"10.3390\/cryptography8010009","type":"journal-article","created":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T08:13:44Z","timestamp":1709194424000},"page":"9","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["NLU-V: A Family of Instruction Set Extensions for Efficient Symmetric Cryptography on RISC-V"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-0425-9522","authenticated-orcid":false,"given":"Hakan","family":"Uzuner","sequence":"first","affiliation":[{"name":"Faculty of Computer Science and Mathematics, University of Passau, 94032 Passau, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3193-8440","authenticated-orcid":false,"given":"Elif Bilge","family":"Kavun","sequence":"additional","affiliation":[{"name":"Faculty of Computer Science and Mathematics, University of Passau, 94032 Passau, Germany"}]}],"member":"1968","published-online":{"date-parts":[[2024,2,29]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Paillier, P., and Verbauwhede, I. (2007). Cryptographic Hardware and Embedded Systems, Proceedings of the CHES 2007, Vienna, Austria, 10\u201313 September 2007, Springer.","DOI":"10.1007\/978-3-540-74735-2"},{"key":"ref_2","unstructured":"FIPS 197 (2022, February 15). Advanced Encryption Standard (AES), Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.197.pdf."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Engels, S., Kavun, E.B., Paar, C., Yal\u00e7\u0131n, T., and Mihajloska, H. (2013, January 7\u201310). A Non-Linear\/Linear Instruction Set Extension for Lightweight Ciphers. Proceedings of the 2013 IEEE 21st Symposium on Computer Arithmetic, Austin, TX, USA.","DOI":"10.1109\/ARITH.2013.36"},{"key":"ref_4","unstructured":"Atmel (2022, February 15). ATmega8 Datasheet. Available online: https:\/\/ww1.microchip.com\/downloads\/en\/DeviceDoc\/Atmel-2486-8-bit-AVR-microcontroller-ATmega8_L_datasheet.pdf."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Marshall, B., Page, D., and Pham, T.H. (2022, February 15). A lightweight ISE for ChaCha on RISC-V. Cryptology ePrint Archive, Paper 2021\/1030. Available online: https:\/\/eprint.iacr.org\/2021\/1030.","DOI":"10.1109\/ASAP52443.2021.00011"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Marshall, B., Page, D., and Hung Pham, T. (2021, January 7\u20139). A Lightweight ISE for ChaCha on RISC-V. Proceedings of the 2021 IEEE 32nd International Conference on Application-specific Systems, Architectures and Processors (ASAP), Virtual Conference.","DOI":"10.1109\/ASAP52443.2021.00011"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Marshall, B., Page, D., and Pham, T. (2020, January 17). Implementing the Draft RISC-V Scalar Cryptography Extensions. Proceedings of the Hardware and Architectural Support for Security and Privacy (HASP \u201920), Virtual, Greece.","DOI":"10.1145\/3458903.3458904"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Biryukov, A. (2007). Fast Software Encryption, Springer.","DOI":"10.1007\/978-3-540-74619-5"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Biham, E. (1997). Fast Software Encryption, Springer.","DOI":"10.1007\/BFb0052329"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Goubin, L., and Matsui, M. (2006). Cryptographic Hardware and Embedded Systems, Proceedings of the CHES 2006, Yokohama, Japan, 10\u201313 October 2006, Springer.","DOI":"10.1007\/11894063"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Clavier, C., and Gaj, K. (2009). Cryptographic Hardware and Embedded Systems, Proceedings of the CHES 2009, Lausanne, Switzerland, 6\u20139 September 2009, Springer.","DOI":"10.1007\/978-3-642-04138-9"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Juels, A., and Paar, C. (2012). RFID. Security and Privacy, Springer.","DOI":"10.1007\/978-3-642-25286-0"},{"key":"ref_13","unstructured":"Rivest, R.L., Robshaw, M.J., Sidney, R., and Yin, Y.L. (1998, January 20\u201322). The RC6TM Block Cipher. Proceedings of the First Advanced Encryption Standard (AES) Conference, Ventura, CA, USA. Available online: https:\/\/citeseerx.ist.psu.edu\/document?repid=rep1&type=pdf&doi=61b9b24c25c2e1e4cf4acbf93a7578121429d758."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Song, J.S., Kwon, T., and Yung, M. (2006). Information Security Applications, Springer.","DOI":"10.1007\/11604938"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Preneel, B., and Takagi, T. (2011). Cryptographic Hardware and Embedded Systems, Proceedings of the CHES 2011, Nara, Japan, 28 September\u20131 October 2011, Springer.","DOI":"10.1007\/978-3-642-23951-9"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Preneel, B., and Takagi, T. (2011). Cryptographic Hardware and Embedded Systems, Proceedings of the CHES 2011, Nara, Japan, 28 September\u20131 October 2011, Springer.","DOI":"10.1007\/978-3-642-23951-9"},{"key":"ref_17","first-page":"1","article-title":"Serpent: A Proposal for the Advanced Encryption Standard","volume":"174","author":"Anderson","year":"1998","journal-title":"NIST AES Propos."},{"key":"ref_18","unstructured":"RISC-V (2022, February 15). RISC-V Specifications. Available online: https:\/\/riscv.org\/technical\/specifications\/."},{"key":"ref_19","unstructured":"RISC-V (2022, February 15). RISC-V Specifications Volume 1, Unprivileged Spec v. 20191213. Available online: https:\/\/github.com\/riscv\/riscv-isa-manual\/releases\/download\/Ratified-IMAFDQC\/riscv-spec-20191213.pdf."},{"key":"ref_20","unstructured":"RISC-V (2022, February 15). RISC-V Specifications Volume 2, Privileged Spec v. 20211203. Available online: https:\/\/github.com\/riscv\/riscv-isa-manual\/releases\/download\/Priv-v1.12\/riscv-privileged-20211203.pdf."},{"key":"ref_21","unstructured":"Marshall, B., Newell, G.R., Page, D., Saarinen, M.J.O., and Wolf, C. (2022, February 15). The Design of Scalar AES Instruction Set Extensions for RISC-V. Cryptology ePrint Archive, Report 2020\/930. Available online: https:\/\/ia.cr\/2020\/930."},{"key":"ref_22","unstructured":"Asanovi\u0107, K., Avizienis, R., Bachrach, J., Beamer, S., Biancolin, D., Celio, C., Cook, H., Dabbelt, D., Hauser, J., and Izraelevitz, A. (2016). The Rocket Chip Generator, EECS Department, University of California. Available online: http:\/\/www2.eecs.berkeley.edu\/Pubs\/TechRpts\/2016\/EECS-2016-17.html."},{"key":"ref_23","unstructured":"Marshall, B. (2022, March 30). SCARV: A Side-Channel Hardened RISC-V Platform. Available online: https:\/\/github.com\/scarv\/scarv."},{"key":"ref_24","unstructured":"Bernstein, D.J. (2008, January 13\u201314). ChaCha, A Variant of Salsa20. Proceedings of the Workshop Record of SASC, Lausanne, Switzerland. Available online: https:\/\/cr.yp.to\/chacha\/chacha-20080120.pdf."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alkim, E., Evkan, H., Lahr, N., Niederhagen, R., and Petri, R. (2022, February 15). ISA Extensions for Finite Field Arithmetic\u2014Accelerating Kyber and NewHope on RISC-V. Cryptology ePrint Archive, Report 2020\/049. Available online: https:\/\/ia.cr\/2020\/049.","DOI":"10.46586\/tches.v2020.i3.219-242"},{"key":"ref_26","unstructured":"Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Seiler, G., and Stehl\u00e9, D. (2022, February 15). CRYSTALS\u2014Kyber: A CCA-Secure Module-Lattice-Based KEM. Cryptology ePrint Archive, Report 2017\/634. Available online: https:\/\/ia.cr\/2017\/634."},{"key":"ref_27","unstructured":"Alkim, E., Avanzi, R., Bos, J., Ducas, L., de la Piedra, A., P\u00f6ppelmann, T., Schwabe, P., and Stebila, D. (2022, March 30). NewHope. Available online: https:\/\/newhopecrypto.org\/index.shtml."},{"key":"ref_28","unstructured":"Claire Wolf Symbiotic GmbH (2022, March 29). RISC-V Bitmanip Extension Document Version 0.94-Draft. Available online: https:\/\/raw.githubusercontent.com\/riscv\/riscv-bitmanip\/master\/bitmanip-draft.pdf."},{"key":"ref_29","unstructured":"RISC-V Foundations Bitmanip Extension Working Group (2022, March 30). RISC-V Bitmanip (Bit Manipulation) Extension. Available online: https:\/\/github.com\/riscv\/riscv-bitmanip\/tree\/main-history."},{"key":"ref_30","unstructured":"RISC-V (2022, February 21). RISC-V Exchange: Cores & SoCs. Available online: https:\/\/riscv.org\/exchange\/cores-socs\/."},{"key":"ref_31","unstructured":"Edgecombe, G. (2022, February 15). Icicle\u201432-bit RISC-V Implementation. Available online: https:\/\/github.com\/grahamedgecombe\/icicle."},{"key":"ref_32","unstructured":"The Regents of the University of California (2022, February 15). RISC-V GNU Compiler Tool Chain. Available online: https:\/\/github.com\/riscv-collab\/riscv-gnu-toolchain."},{"key":"ref_33","unstructured":"Fiaz, F., and Masud, S. (2004, January 18). Design and Implementation of A Hardware Divider in Finite Field. Proceedings of the National Conference on Emerging Technologies, Karachi, Pakistan. Available online: https:\/\/www.researchgate.net\/publication\/237228696_Design_and_Implementation_of_a_Hardware_Divider_in_Finite_Field."},{"key":"ref_34","unstructured":"Ward, R.W., and Molteno, D.T.C.A. (2022, February 15). Efficient Hardware Calculation of Inverses in GF(28). Available online: https:\/\/api.semanticscholar.org\/CorpusID:27223451."},{"key":"ref_35","first-page":"77","article-title":"The Verilog HDL-based Design of Multiplicative Inverse Value of GF(28) Auto-Generator Using Extended Euclid Algorithm Method for Advanced Encryption Standard Algorithm","volume":"Volume 1","author":"Mei","year":"2013","journal-title":"Integrated Electronics: Designs and Systems"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"828","DOI":"10.1109\/TCSI.2008.919757","article-title":"Arithmetic Unit for Finite Field GF(2m)","volume":"55","author":"Chen","year":"2008","journal-title":"IEEE Trans. Circuits Syst. I Regul. Pap."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/S0898-1221(98)00014-5","article-title":"Polynomial Division Using Left Shift Register","volume":"35","author":"Sarkar","year":"1998","journal-title":"Comput. Math. Appl."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Rao, J.R., and Sunar, B. (2005). Cryptographic Hardware and Embedded Systems, Proceedings of the CHES 2005, Edinburgh, UK, 29 August\u20131 September 2005, Springer.","DOI":"10.1007\/11545262"},{"key":"ref_39","unstructured":"Canright, D. (2022, February 15). A Very Compact Rijndael S-Box. Available online: https:\/\/core.ac.uk\/download\/pdf\/36694529.pdf."},{"key":"ref_40","unstructured":"Moradi, A., Poschmann, A., Ling, S., Paar, C., and Wang, H. Advances in Cryptology, Proceedings of the EUROCRYPT 2011, Tallinn Estonia, 15\u201319 May 2011, Springer."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"73","DOI":"10.46586\/tches.v2020.i2.73-98","article-title":"FENL: An ISE to Mitigate Analogue Micro-architectural Leakage","volume":"2020","author":"Gao","year":"2020","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_42","unstructured":"Uzuner, H. (2022, March 30). NLU-V. Available online: https:\/\/github.com\/UzunerH\/MasterThesisCode."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/1\/9\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:06:49Z","timestamp":1760105209000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/1\/9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,29]]},"references-count":42,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["cryptography8010009"],"URL":"https:\/\/doi.org\/10.3390\/cryptography8010009","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,2,29]]}}}