{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T06:38:20Z","timestamp":1763707100156,"version":"build-2065373602"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"6","funder":[{"name":"Institute for Information & communications Technology Promotio"},{"name":"Korea governmen"},{"name":"Research on Blockchain Security Technology for IoT Services","award":["2018-0-00264"],"award-info":[{"award-number":["2018-0-00264"]}]},{"name":"Institute of Information & communications Technology Planning & Evaluation"},{"name":"Development and Demonstration of PQC-Based Joint Certificate PKI Technology, 50%","award":["RS-2025-02306395"],"award-info":[{"award-number":["RS-2025-02306395"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2025,11,30]]},"abstract":"\n Advanced Encryption Standard (AES) in Galois\/Counter Mode (GCM) delivers both confidentiality and integrity, yet poses performance and security challenges on resource-limited microcontrollers. In this article, we present an optimized AES-GCM implementation for the 32-bit ARM Cortex-M4 that combines the Fixslicing AES approach with the FACE (Fast AES-CTR Encryption) strategy, significantly reducing redundant computations in AES-CTR. We further examine two GHASH implementations, a 4-bit\n table-based<\/jats:monospace>\n approach and a Karatsuba-based constant-time variant, to balance speed, memory usage, and resistance to timing attacks. Our evaluations on an STM32F4 microcontroller show that the Fixslicing and FACE method reduces the AES-128 GCTR cycle counts by up to 19.41%, while the\n Table-based<\/jats:monospace>\n GHASH achieves nearly double the speed of its Karatsuba counterpart. These results confirm that with the right mix of bit-slicing optimizations, counter-mode caching, and lightweight polynomial multiplication, secure and efficient AES-GCM can be obtained even on low-power embedded devices.\n <\/jats:p>","DOI":"10.1145\/3766074","type":"journal-article","created":{"date-parts":[[2025,9,5]],"date-time":"2025-09-05T11:28:25Z","timestamp":1757071705000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Optimizing AES-GCM on 32-Bit ARM Cortex-M4 Microcontrollers: Fixslicing and FACE-Based Approach"],"prefix":"10.1145","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6757-6109","authenticated-orcid":false,"given":"Hyunjun","family":"Kim","sequence":"first","affiliation":[{"name":"Hansung University","place":["Seoul, Korea (the Republic of)"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0069-9061","authenticated-orcid":false,"given":"Hwajeong","family":"Seo","sequence":"additional","affiliation":[{"name":"Computer, Hansung University","place":["Seoul, Korea (the Republic of)"]}]}],"member":"320","published-online":{"date-parts":[[2025,10,10]]},"reference":[{"key":"e_1_3_1_2_2","first-page":"402","article-title":"Fixslicing AES-like ciphers: New bitsliced AES speed records on ARM-cortex m and RISC-V","author":"Adomnicai Alexandre","year":"2021","unstructured":"Alexandre Adomnicai and Thomas Peyrin. 2021. Fixslicing AES-like ciphers: New bitsliced AES speed records on ARM-cortex m and RISC-V. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 1 (2021), 402\u2013425.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_1_3_2","volume-title":"ARMv7-M Architecture Reference Manual","author":"Limited Arm","year":"2014","unstructured":"Arm Limited. 2014. ARMv7-M Architecture Reference Manual. Technical Report ARM DDI 0403E.b. Arm Ltd., Cambridge, UK. Retrieved from https:\/\/developer.arm.com\/documentation\/ddi0403\/latest"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3711"},{"key":"e_1_3_1_5_2","unstructured":"Daniel J Bernstein. 2005. Cache-timing attacks on AES. http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf"},{"key":"e_1_3_1_6_2","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1007\/BFb0052352","volume-title":"Fast Software Encryption: 4th International Workshop, FSE\u201997 Haifa, Israel, January 20\u201322 1997 Proceedings 4","author":"Biham Eli","year":"1997","unstructured":"Eli Biham. 1997. A fast new DES implementation in software. In Fast Software Encryption: 4th International Workshop, FSE\u201997 Haifa, Israel, January 20\u201322 1997 Proceedings 4. Springer, 260\u2013272."},{"key":"e_1_3_1_7_2","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/11894063_16","volume-title":"Cryptographic Hardware and Embedded Systems-CHES 2006: 8th International Workshop, Yokohama, Japan, October 10-13, 2006. Proceedings","author":"Bonneau Joseph","year":"2006","unstructured":"Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES. In Cryptographic Hardware and Embedded Systems-CHES 2006: 8th International Workshop, Yokohama, Japan, October 10-13, 2006. Proceedings. Springer, 201\u2013215."},{"issue":"3","key":"e_1_3_1_8_2","doi-asserted-by":"crossref","first-page":"e70094","DOI":"10.1002\/ett.70094","article-title":"AES-8: A lightweight AES for resource-constrained IoT devices","volume":"36","author":"Dhanda Sumit Singh","year":"2025","unstructured":"Sumit Singh Dhanda, Brahmjit Singh, Poonam Jindal, Vinod Kumar, and Sachin Kumar Gupta. 2025. AES-8: A lightweight AES for resource-constrained IoT devices. Transactions on Emerging Telecommunications Technologies 36, 3 (2025), e70094.","journal-title":"Transactions on Emerging Telecommunications Technologies"},{"key":"e_1_3_1_9_2","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1007\/978-3-319-16715-2_9","volume-title":"Topics in Cryptology\u2014CT-RSA 2015: The Cryptographer\u2019s Track at the RSA Conference 2015, San Francisco, CA, USA, April 20-24, 2015, Proceedings","author":"Gouv\u00eaa Conrado PL","year":"2015","unstructured":"Conrado PL Gouv\u00eaa and Julio L\u00f3pez. 2015. Implementing gcm on armv8. In Topics in Cryptology\u2014CT-RSA 2015: The Cryptographer\u2019s Track at the RSA Conference 2015, San Francisco, CA, USA, April 20-24, 2015, Proceedings. Springer, 167\u2013180."},{"key":"e_1_3_1_10_2","first-page":"10","article-title":"Intel\u00ae carry-less multiplication instruction and its usage for computing the GCM mode","author":"Gueron Shay","year":"2010","unstructured":"Shay Gueron and Michael E Kounavis. 2010. Intel\u00ae carry-less multiplication instruction and its usage for computing the GCM mode. White Paper (2010), 10.","journal-title":"White Paper"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2019.2911278"},{"issue":"1","key":"e_1_3_1_12_2","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1109\/TC.2010.147","article-title":"Packed AES-GCM algorithm suitable for AES\/PCLMULQDQ instructions","volume":"60","author":"Jankowski Krzysztof","year":"2010","unstructured":"Krzysztof Jankowski and Pierre Laurent. 2010. Packed AES-GCM algorithm suitable for AES\/PCLMULQDQ instructions. IEEE Transactions on Computers 60, 1 (2010), 135\u2013138.","journal-title":"IEEE Transactions on Computers"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04138-9_1"},{"issue":"20","key":"e_1_3_1_14_2","doi-asserted-by":"crossref","first-page":"10192","DOI":"10.3390\/app122010192","article-title":"Secure and robust Internet of Things with high-speed implementation of PRESENT and GIFT block ciphers on GPU","volume":"12","author":"Kim Hyunjun","year":"2022","unstructured":"Hyunjun Kim, Siwoo Eum, Wai-Kong Lee, Sokjoon Lee, and Hwajeong Seo. 2022. Secure and robust Internet of Things with high-speed implementation of PRESENT and GIFT block ciphers on GPU. Applied Sciences 12, 20 (2022), 10192.","journal-title":"Applied Sciences"},{"issue":"22","key":"e_1_3_1_15_2","doi-asserted-by":"crossref","first-page":"4236","DOI":"10.3390\/math10224236","article-title":"Efficient implementation of SPEEDY block cipher on cortex-M3 and RISC-V microcontrollers","volume":"10","author":"Kim Hyunjun","year":"2022","unstructured":"Hyunjun Kim, Siwoo Eum, Minjoo Sim, and Hwajeong Seo. 2022. Efficient implementation of SPEEDY block cipher on cortex-M3 and RISC-V microcontrollers. Mathematics 10, 22 (2022), 4236.","journal-title":"Mathematics"},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.3390\/app10093131"},{"key":"e_1_3_1_17_2","doi-asserted-by":"crossref","first-page":"620","DOI":"10.1007\/978-3-662-48324-4_31","volume-title":"Cryptographic Hardware and Embedded Systems\u2013CHES 2015: 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings 17","author":"Longo Jake","year":"2015","unstructured":"Jake Longo, Elke De Mulder, Dan Page, and Michael Tunstall. 2015. SoC it to EM: Electromagnetic side-channel attacks on a complex system-on-chip. In Cryptographic Hardware and Embedded Systems\u2013CHES 2015: 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings 17. Springer, 620\u2013640."},{"key":"e_1_3_1_18_2","article-title":"The galois\/counter mode of operation (GCM)","volume":"20","author":"McGrew David","year":"2004","unstructured":"David McGrew and John Viega. 2004. The galois\/counter mode of operation (GCM). Submission to NIST Modes of Operation Process 20 (2004), 0278\u20130070. https:\/\/csrc.nist.rip\/groups\/ST\/toolkit\/BCM\/documents\/proposedmodes\/gcm\/gcm-spec.pdf","journal-title":"Submission to NIST Modes of Operation Process"},{"key":"e_1_3_1_19_2","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1109\/IoTDI.2018.00023","volume-title":"2018 IEEE\/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI)","author":"Nguyen Hung","year":"2018","unstructured":"Hung Nguyen, Radoslav Ivanov, Linh TX Phan, Oleg Sokolsky, James Weimer, and Insup Lee. 2018. LogSafe: Secure and scalable data logger for IoT devices. In 2018 IEEE\/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, 141\u2013152."},{"key":"e_1_3_1_20_2","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1007\/978-3-319-64701-2_20","volume-title":"Network and System Security: 11th International Conference, NSS 2017, Helsinki, Finland, August 21\u201323, 2017, Proceedings 11","author":"Nishikawa Naoki","year":"2017","unstructured":"Naoki Nishikawa, Hideharu Amano, and Keisuke Iwai. 2017. Implementation of bitsliced AES encryption on CUDA-enabled GPU. In Network and System Security: 11th International Conference, NSS 2017, Helsinki, Finland, August 21\u201323, 2017, Proceedings 11. Springer, 273\u2013287."},{"key":"e_1_3_1_21_2","doi-asserted-by":"crossref","first-page":"469","DOI":"10.46586\/tches.v2018.i3.469-499","article-title":"FACE: Fast AES CTR mode encryption techniques based on the reuse of repetitive data","author":"Park Jin Hyung","year":"2018","unstructured":"Jin Hyung Park and Dong Hoon Lee. 2018. FACE: Fast AES CTR mode encryption techniques based on the reuse of repetitive data. IACR Transactions on Cryptographic Hardware and Embedded Systems (2018), 469\u2013499.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_1_22_2","unstructured":"Thomas Pornin. [n. d.]. BearSSL. Retrieved from https:\/\/bearssl.org. Accessed: 2025-03-16."},{"key":"e_1_3_1_23_2","unstructured":"Thomas Pornin. 2016. BearSSL: GHASH constant-time multiplication implementation (ghash_ctmul.c). Retrieved from https:\/\/bearssl.org\/gitweb\/?p=BearSSL;a=blob;f=src\/hash\/ghash_ctmul.cAccessed: 2025-03-16."},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38348-9_9"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.3390\/cryptography4020015"},{"key":"e_1_3_1_26_2","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/11935070_14","volume-title":"International Conference on Cryptology and Network Security","author":"Rebeiro Chester","year":"2006","unstructured":"Chester Rebeiro, David Selvakumar, and ASL Devi. 2006. Bitslice implementation of AES. In International Conference on Cryptology and Network Security. Springer, 203\u2013212."},{"key":"e_1_3_1_27_2","doi-asserted-by":"crossref","first-page":"3679","DOI":"10.1109\/SP54263.2024.00062","volume-title":"2024 IEEE Symposium on Security and Privacy (SP)","author":"Rodrigues Cristiano","year":"2024","unstructured":"Cristiano Rodrigues, Daniel Oliveira, and Sandro Pinto. 2024. BUSted!!! Microarchitectural side-channel attacks on the MCU bus interconnect. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE, 3679\u20133696."},{"key":"e_1_3_1_28_2","volume-title":"Intel\u00ae Advanced Encryption Standard Instructions (AES\u2013 NI)","author":"Rott Jeffrey Keith","year":"2012","unstructured":"Jeffrey Keith Rott. 2012. Intel\u00ae Advanced Encryption Standard Instructions (AES\u2013 NI). Intel Corporation. Retrieved from https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/advanced-encryption-standard-instructions-aes-ni.htmlIntel Developer Zone technical article, ID 658986."},{"key":"e_1_3_1_29_2","first-page":"180","volume-title":"International Conference on Selected Areas in Cryptography","author":"Schwabe Peter","year":"2016","unstructured":"Peter Schwabe and Ko Stoffelen. 2016. All the AES you need on cortex-M3 and M4. In International Conference on Selected Areas in Cryptography. Springer, 180\u2013194."},{"issue":"2","key":"e_1_3_1_30_2","first-page":"1","article-title":"Advanced encryption standard","volume":"6","author":"Selent Douglas","year":"2010","unstructured":"Douglas Selent. 2010. Advanced encryption standard. Rivier Academic Journal 6, 2 (2010), 1\u201314.","journal-title":"Rivier Academic Journal"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2953230"},{"issue":"5","key":"e_1_3_1_32_2","doi-asserted-by":"crossref","first-page":"2181","DOI":"10.1109\/TII.2017.2776250","article-title":"An efficient and secure automotive wireless software update framework","volume":"14","author":"Steger Marco","year":"2017","unstructured":"Marco Steger, Carlo Alberto Boano, Thomas Niedermayr, Michael Karner, Joachim Hillebrand, Kay Roemer, and Werner Rom. 2017. An efficient and secure automotive wireless software update framework. IEEE Transactions on Industrial Informatics 14, 5 (2017), 2181\u20132193.","journal-title":"IEEE Transactions on Industrial Informatics"}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3766074","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T08:35:42Z","timestamp":1760085342000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3766074"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,10]]},"references-count":31,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,11,30]]}},"alternative-id":["10.1145\/3766074"],"URL":"https:\/\/doi.org\/10.1145\/3766074","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"type":"print","value":"1539-9087"},{"type":"electronic","value":"1558-3465"}],"subject":[],"published":{"date-parts":[[2025,10,10]]},"assertion":[{"value":"2025-04-04","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-22","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}