Login
Login

AES instruction set

{{short description|Instruction set extensions accelerating AES operations}}

An Advanced Encryption Standard instruction set (AES instruction set) is a set of instructions that are specifically designed to perform AES encryption and decryption operations efficiently. These instructions are typically found in modern processors and can greatly accelerate AES operations compared to software implementations. An AES instruction set includes instructions for key expansion, encryption, and decryption using various key sizes (128-bit, 192-bit, and 256-bit).

The instruction set is often implemented as a set of instructions that can perform a single round of AES along with a special version for the last round which has a slightly different method.

When AES is implemented as an instruction set instead of as software, it can have improved security, as its side channel attack surface is reduced.{{cite web |url=https://www.intel.in/content/dam/doc/white-paper/enterprise-security-aes-ni-white-paper.pdf |title=Securing the Enterprise with Intel AES-NI |access-date=2017-07-26 |url-status=live |archive-url=https://web.archive.org/web/20130331041411/http://www.intel.in/content/dam/doc/white-paper/enterprise-security-aes-ni-white-paper.pdf |archive-date=2013-03-31 |website=Intel Corporation}}

x86 architecture processors

AES-NI (or the Intel Advanced Encryption Standard New Instructions; AES-NI) was the first major implementation. AES-NI is an extension to the x86 instruction set architecture for microprocessors from Intel and AMD proposed by Intel in March 2008.{{cite web|url=http://softwareprojects.intel.com/avx/ |title=Intel Software Network |publisher=Intel |access-date=2008-04-05 |archive-url=https://web.archive.org/web/20080407095317/http://softwareprojects.intel.com/avx/ |archive-date=7 April 2008 |url-status=dead }}

A wider version of AES-NI, AVX-512 Vector AES instructions (VAES), is found in AVX-512.{{cite web|url=https://software.intel.com/en-us/intel-architecture-instruction-set-extensions-programming-reference|title=Intel Architecture Instruction Set Extensions and Future Features Programming Reference|access-date=October 16, 2017|publisher=Intel}}

=Instructions=

class="wikitable plainrowheaders"

! scope="col" | Instruction

! scope="col" | Description{{cite web|url=https://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf|title=Intel Advanced Encryption Standard (AES) Instruction Set White Paper|publisher=Intel|year=2010|author=Shay Gueron|access-date=2012-09-20}}

scope="row" | AESENC

| Perform one round of an AES encryption flow

scope="row" | AESENCLAST

| Perform the last round of an AES encryption flow

scope="row" | AESDEC

| Perform one round of an AES decryption flow

scope="row" | AESDECLAST

| Perform the last round of an AES decryption flow

scope="row" | AESKEYGENASSIST

| Assist in AES round key generation{{refn|group=note|The instruction computes 4 parallel subexpressions of AES key expansion on 4 32-bit words in a double quadword (aka SSE register) on bits X[127:96] for i=3 and X[63:32] for i=1 only. Two parallel AES S-box substitutions Y_0=SubWord(X_1) and Y_2=SubWord(X_3) are used in AES-256 and 2 subexpressions Y_1=RotWord(SubWord(X_1)) \oplus rcon and Y_3=RotWord(SubWord(X_3)) \oplus rcon are used in AES-128, AES-192, AES-256.}}

scope="row" | AESIMC

| Assist in AES decryption round key generation. Applies Inverse Mix Columns to round keys.

= Intel =

The following Intel processors support the AES-NI instruction set:{{cite web|url=https://ark.intel.com/Search/FeatureFilter?productType=processors|title=Intel Product Specification Advanced Search|website=Intel ARK}}

  • Westmere based processors, specifically:
  • Westmere-EP (a.k.a. Gulftown Xeon 5600-series DP server model) processors
  • Clarkdale processors (except Core i3, Pentium and Celeron)
  • Arrandale processors (except Celeron, Pentium, Core i3, Core i5-4XXM)
  • Sandy Bridge processors:
  • Desktop: all except Pentium, Celeron, Core i3{{cite web|url=http://www.anandtech.com/show/4083/the-sandy-bridge-review-intel-core-i5-2600k-i5-2500k-and-core-i3-2100-tested/2|title=The Sandy Bridge Review: Intel Core i7-2600K, i5-2500K and Core i3-2100 Tested|first=Anand Lal|last=Shimpi}}{{cite web|url=http://ark.intel.com/compare/53415,63913,58667,53480,53481,53482,53483,53484,53485,53490,53491,53492,53416,53414|title=Intel Product Specification Comparison}}
  • Mobile: all Core i7 and Core i5. Several vendors have shipped BIOS configurations with the extension disabled;{{cite web|url=http://forum.notebookreview.com/windows-os-software/582628-aes-ni-support-truecrypt-sandy-bridge-problem.html|title=AES-NI support in TrueCrypt (Sandy Bridge problem)|date=27 January 2022 }} a BIOS update is required to enable them.{{cite web | url=http://ark.intel.com/products/52224 | title=Some products can support AES New Instructions with a Processor Configuration update, in particular, i7-2630QM/i7-2635QM, i7-2670QM/i7-2675QM, i5-2430M/i5-2435M, i5-2410M/i5-2415M. Please contact OEM for the BIOS that includes the latest Processor configuration update.}}
  • Ivy Bridge processors
  • All i5, i7, Xeon and i3-2115C{{cite web|url=http://ark.intel.com/products/68332/Intel-Core-i3-2115C-Processor-(3MB-Cache-2_00-GHz)|title=Intel Core i3-2115C Processor (3M Cache, 2.00 GHz) Product Specifications}} only
  • Haswell processors (all except i3-4000m,{{cite web|url=http://ark.intel.com/products/75104/Intel-Core-i3-4000M-Processor-3M-Cache-2_40-GHz|title=Intel Core i3-4000M Processor (3M Cache, 2.40 GHz) Product Specifications}} Pentium and Celeron)
  • Broadwell processors (all except Pentium and Celeron)
  • Silvermont/Airmont processors (all except Bay Trail-D and Bay Trail-M)
  • Goldmont (and later) processors
  • Skylake (and later) processors

= AMD =

Several AMD processors support AES instructions:

  • "Heavy Equipment" processors
  • Bulldozer processors{{cite web|url=http://blogs.amd.com/work/2010/11/22/following-instructions/ |title=Following Instructions |publisher=AMD |date=November 22, 2010 |access-date=2011-01-04 |url-status=dead |archive-url=https://web.archive.org/web/20101126155830/http://blogs.amd.com/work/2010/11/22/following-instructions/ |archive-date=November 26, 2010 }}
  • Piledriver processors
  • Steamroller processors
  • Excavator processors and newer
  • Jaguar processors and newer
  • Puma processors and newer
  • Zen (and later) based processors

Hardware acceleration in other architectures

AES support with unprivileged processor instructions is also available in the latest SPARC processors (T3, T4, T5, M5, and forward) and in latest ARM processors. The SPARC T4 processor, introduced in 2011, has user-level instructions implementing AES rounds.{{cite web|title=SPARC T4 OpenSSL Engine|url=https://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine|publisher=Oracle|year=2011|author=Dan Anderson|access-date=2012-09-20}} These instructions are in addition to higher level encryption commands. The ARMv8-A processor architecture, announced in 2011, including the ARM Cortex-A53 and A57 (but not previous v7 processors like the Cortex A5, 7, 8, 9, 11, 15 {{Citation needed|date=January 2017}}) also have user-level instructions which implement AES rounds.{{cite web|title=ARMv8-A Technology Preview|url=http://www.arm.com/files/downloads/ARMv8_Architecture.pdf|publisher=ARM|year=2011|author=Richard Grisenthwaite|access-date=2012-09-20|archive-url=https://web.archive.org/web/20180610181021/https://www.arm.com/files/downloads/ARMv8_Architecture.pdf|archive-date=2018-06-10|url-status=dead}}

=x86 CPUs offering non-AES-NI acceleration interfaces=

VIA x86 CPUs and AMD Geode use driver-based accelerated AES handling instead. (See Crypto API (Linux).)

The following chips, while supporting AES hardware acceleration, do not support AES-NI:

  • AMD Geode LX processors{{cite web | url=https://www.amd.com/us/products/embedded/processors/geode-lx/Pages/geode-lx-processor-family-technical-specifications.aspx | title=AMD Geode LX Processor Family Technical Specifications | publisher=AMD}}
  • VIA, using VIA PadLock{{cite web | url=http://www.via.com.tw/en/initiatives/padlock/hardware.jsp#aes | title=VIA Padlock Security Engine | publisher=VIA | access-date=2011-11-14 | archive-date=2011-05-15 | archive-url=https://web.archive.org/web/20110515073323/http://www.via.com.tw/en/initiatives/padlock/hardware.jsp#aes | url-status=dead }}[http://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators Cryptographic Hardware Accelerators] on OpenWRT.org
  • VIA C3 Nehemiah C5P (Eden-N) processors{{cite web|url=http://www.via.com.tw/en/products/processors/eden-n/ |title=VIA Eden-N Processors |publisher=VIA |access-date=2011-11-14 |url-status=dead |archive-url=https://web.archive.org/web/20111111212545/http://www.via.com.tw/en/products/processors/eden-n/ |archive-date=2011-11-11 }}
  • VIA C7 Esther C5J processors{{cite web | url=http://www.via.com.tw/en/products/processors/c7/ | title=VIA C7 Processors | publisher=VIA | access-date=2011-11-14 | archive-date=2007-04-19 | archive-url=https://web.archive.org/web/20070419142654/http://www.via.com.tw/en/products/processors/c7-m/ | url-status=dead }}

=ARM architecture=

Programming information is available in ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile (Section A2.3 "The Armv8 Cryptographic Extension").{{cite web|url=https://developer.arm.com/documentation/ddi0487/latest/|title=Arm Architecture Reference Manual Armv8, for Armv8-A architecture profile|publisher=ARM|date=22 January 2021}}

The Marvell Kirkwood was the embedded core of a range of SoC from Marvell Technology, these SoC CPUs (ARM, mv_cesa in Linux) use driver-based accelerated AES handling. (See Crypto API (Linux).)

  • ARMv8-A architecture
  • ARM cryptographic extensions are optionally supported on ARM Cortex-A30/50/70 cores
  • Cryptographic hardware accelerators/engines
  • Allwinner
  • A10, A20, A30, A31, A80, A83T, H3 and A64 using Security System{{cite web|url=http://sunxi.montjoie.ovh/|title=Security System/Crypto Engine driver status|website=sunxi.montjoie.ovh}}
  • Broadcom
  • BCM5801/BCM5805/BCM5820 using Security Processor
  • NXP Semiconductors
  • i.MX6 onwards{{cite web|url=http://events17.linuxfoundation.org/sites/events/files/slides/2017-02%20-%20ELC%20-%20Hudson%20-%20Linux%20Cryptographic%20Acceleration%20on%20an%20MX6.pdf|title=Linux Cryptographic Acceleration on an i.MX6|publisher=Linux Foundation|date=February 2017|access-date=2018-05-02|archive-url=https://web.archive.org/web/20190826043222/http://events17.linuxfoundation.org/sites/events/files/slides/2017-02%20-%20ELC%20-%20Hudson%20-%20Linux%20Cryptographic%20Acceleration%20on%20an%20MX6.pdf|archive-date=2019-08-26|url-status=dead}}
  • Qualcomm
  • Snapdragon 810 onwards{{cite web|url=https://www.qualcomm.com/news/onq/2014/11/07/cryptographic-module-snapdragon-805-fips-140-2-certified|title=Cryptographic module in Snapdragon 805 is FIPS 140-2 certified |website=Qualcomm}}
  • Rockchip
  • RK30xx series onwards{{cite web|url=http://rockchip.wikidot.com/rk3128|title=RK3128 - Rockchip Wiki|website=Rockchip wiki|access-date=2018-05-02|archive-url=https://web.archive.org/web/20190128135332/http://rockchip.wikidot.com/rk3128|archive-date=2019-01-28|url-status=dead}}
  • Samsung
  • Exynos 7 series onwards{{cite web|url=https://www.anandtech.com/show/9330/exynos-7420-deep-dive/2|title=The Samsung Exynos 7420 Deep Dive - Inside A Modern 14nm SoC |website=AnandTech}}

=RISC-V architecture=

The scalar and vector cryptographic instruction set extensions for the RISC-V architecture were ratified respectively on 2022 and 2023, which allowed RISC-V processors to implement hardware acceleration for AES, GHASH, SHA-256, SHA-512, SM3, and SM4.

Before the AES-specific instructions were available on RISC-V, a number of RISC-V chips included integrated AES co-processors. Examples include:

  • Dual-core RISC-V 64 bits Sipeed-M1 support AES and SHA256.{{cite web| url=https://download.kamami.pl/p578357-Sipeed-M1-Datasheet-V1.1.pdf| title=Sipeed M1 Datasheet v1.1| date=2019-03-06| access-date=2021-05-03| website=kamami.pl}}
  • RISC-V architecture based ESP32-C (as well as Xtensa-based ESP32{{cite web| url=https://www.espressif.com/sites/default/files/documentation/esp32_datasheet_en.pdf| title=ESP32 Series Datasheet| date=2021-03-19| access-date=2021-05-03| website=www.espressif.com}}), support AES, SHA, RSA, RNG, HMAC, digital signature and XTS 128 for flash.{{cite web| url=https://www.cnx-software.com/2020/11/22/esp32-c3-wifi-ble-risc-v-processor-is-pin-to-pin-compatible-with-esp8266/| title=ESP32-C3 WiFi & BLE RISC-V processor is pin-to-pin compatible with ESP8266| access-date=2020-11-22| website=CNX-Software}}
  • Bouffalo Labs BL602/604 32-bit RISC-V supports various AES and SHA variants.{{cite web| url=https://www.bouffalolab.com/bl602| title=BL602-Bouffalo Lab (Nanjing) Co., Ltd.| access-date=2021-05-03| website=www.bouffalolab.com| archive-date=2021-06-18| archive-url=https://web.archive.org/web/20210618105735/https://www.bouffalolab.com/bl602| url-status=dead}}

=POWER architecture=

Since the Power ISA v.2.07, the instructions vcipher and vcipherlast implement one round of AES directly.{{cite web|url=https://ibm.ent.box.com/s/jd5w15gz301s5b5dt375mshpq9c3lh4u|title=Power ISA Version 2.07 B|access-date=2022-01-07}}

=IBM z/Architecture=

IBM z9 or later mainframe processors support AES as single-opcode (KM, KMC) AES ECB/CBC instructions via IBM's CryptoExpress hardware.{{cite web|title=IBM System z10 cryptography|url=http://www-03.ibm.com/systems/z/advantages/security/z10cryptography.html |archive-url=https://web.archive.org/web/20080813091048/http://www-03.ibm.com/systems/z/advantages/security/z10cryptography.html |url-status=dead |archive-date=August 13, 2008 |publisher=IBM|access-date=2014-01-27}} These single-instruction AES versions are therefore easier to use than Intel NI ones, but may not be extended to implement other algorithms based on AES round functions (such as the Whirlpool and Grøstl hash functions).

=Other architectures=

  • Atmel XMEGA{{cite web | url=http://www.atmel.com/Images/doc8106.pdf | title=Using the XMEGA built-in AES accelerator|access-date=2014-12-03}} (on-chip accelerator with parallel execution, not an instruction)
  • SPARC T3 and later processors have hardware support for several cryptographic algorithms, including AES.
  • Cavium Octeon MIPS{{cite web | url=http://www.cavium.com/newsevents_OCTEONMIPS64.html | title=Cavium Networks Launches Industry's Broadest Line of Single and Dual Core MIPS64-based OCTEON Processors Targeting Intelligent Next Generation Networks | access-date=2016-09-17 | archive-url=https://web.archive.org/web/20171207224755/http://cavium.com/newsevents_OCTEONMIPS64.html | archive-date=2017-12-07 | url-status=dead }} All Cavium Octeon MIPS-based processors have hardware support for several cryptographic algorithms, including AES using special coprocessor 3 instructions.

Performance

In AES-NI Performance Analyzed, Patrick Schmid and Achim Roos found "impressive results from a handful of applications already optimized to take advantage of Intel's AES-NI capability".{{cite web|title=AES-NI Performance Analyzed|url=http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html|publisher=Tom's Hardware|year=2010|author=P. Schmid and A. Roos |access-date=2010-08-10}} A performance analysis using the Crypto++ security library showed an increase in throughput from approximately 28.0 cycles per byte to 3.5 cycles per byte with AES/GCM versus a Pentium 4 with no acceleration.{{cite web|title=How to get fast AES calls?|author=T. Krovetz, W. Dai|work=Crypto++ user group |url=https://groups.google.com/group/cryptopp-users/msg/a688203c2314ef08|year=2010|access-date=2010-08-11}}{{cite web|title=Crypto++ 5.6.0 Pentium 4 Benchmarks|work=Crypto++ Website|url=http://www.cryptopp.com/benchmarks-p4.html|year=2009|access-date=2010-08-10| archive-url= https://web.archive.org/web/20100919121759/http://cryptopp.com/benchmarks-p4.html| archive-date= 19 September 2010 | url-status= live}}{{Failed verification|date=December 2017}} {{Better source needed|date=December 2017}}

Supporting software

Most modern compilers can emit AES instructions.

A lot of security and cryptography software supports the AES instruction set, including the following notable core infrastructure:

  • Apple's FileVault 2 full-disk encryption in macOS 10.10+
  • NonStop SSH2, NonStop cF SSL Library and BackBox VTC Software in HPE Tandem NonStop OS L-series{{cite web|url=https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c04179776 | title=NonStop SSH Reference Manual | access-date=2020-04-09}}{{cite web|url=https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c04833758 | title=NonStop cF SSL Library Reference Manual | access-date=2020-04-09}}{{cite web|url=https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c04203925 | title=BackBox H4.08Tape Encryption Option | access-date=2020-04-09}}
  • Cryptography API: Next Generation (CNG) (requires Windows 7){{cite web |url=https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/ | title=Intel Advanced Encryption Standard Instructions (AES-NI) |date=March 2, 2010 | publisher=Intel | access-date=2010-07-11| archive-url=https://web.archive.org/web/20100707065952/https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/| archive-date= 7 July 2010| url-status= live}}
  • Linux's Crypto API
  • Java 7 HotSpot
  • Network Security Services (NSS) version 3.13 and above{{cite web | url=https://bugzilla.mozilla.org/show_bug.cgi?id=706024 | title=AES-NI enhancements to NSS on Sandy Bridge systems | date=2012-05-02 | access-date=2012-11-25 }} (used by Firefox and Google Chrome)
  • Solaris Cryptographic Framework{{cite web|url=http://docs.oracle.com/cd/E19253-01/816-4557/scf-1/index.html|title=System Administration Guide: Security Services, Chapter 13 Solaris Cryptographic Framework (Overview)|date=September 2010|publisher=Oracle|access-date=2012-11-27}} on Solaris 10 onwards
  • FreeBSD's OpenCrypto API (aesni(4) driver){{cite web | url=http://www.freebsd.org/releases/8.2R/relnotes.html | title=FreeBSD 8.2 Release Notes | publisher=FreeBSD.org | date=2011-02-24 | access-date=2011-12-18 | archive-date=2011-04-12 | archive-url=https://web.archive.org/web/20110412153215/http://www.freebsd.org/releases/8.2R/relnotes.html | url-status=dead }}
  • OpenSSL 1.0.1 and above[https://archive.today/20120707203035/http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.1686 OpenSSL: CVS Web Interface]
  • GnuTLS{{cite web|title=Cryptographic Backend (GnuTLS 3.6.14)|url=https://gnutls.org/manual/html_node/Cryptographic-Backend.html|access-date=2020-06-26|website=gnutls.org}}
  • Libsodium{{cite web|url=https://download.libsodium.org/doc/secret-key_cryptography/aead#aes-256-gcm|title=AES-GCM in libsodium|website=libsodium.org}}
  • VeraCrypt{{cite web|url=https://www.veracrypt.fr/en/Hardware%20Acceleration.html|title=Hardware Acceleration|website=www.veracrypt.fr}}
  • Go programming language{{cite web|title=aes - The Go Programming Language|url=https://golang.org/pkg/crypto/aes/|access-date=2020-06-26|website=golang.org}}
  • BitLocker{{cite web|last=Shimpi|first=Anand Lal|title=The Clarkdale Review: Intel's Core i5 661, i3 540 & i3 530|url=https://www.anandtech.com/show/2901|access-date=2020-06-26|website=www.anandtech.com}}
  • Bloombase{{cite web|url=https://marketplace.intel.com/s/offering/a5b3b0000004dBTAAY/bloombase-storesafe-intelligent-storage-firewall|title=Bloombase StoreSafe Intelligent Storage Firewall}}
  • Vormetric{{cite web|url=https://www.dbta.com/Editorial/News-Flashes/Vormetric-Encryption-Adds-Support-for-Intel-AES-NI-Acceleration-Technology-82614.aspx|title=Vormetric Encryption Adds Support for Intel AES-NI Acceleration Technology|date=15 May 2012 }}

Application beyond AES

A fringe use of the AES instruction set involves using it on block ciphers with a similarly-structured S-box, using affine transform to convert between the two. SM4, Camellia and ARIA have been accelerated using AES-NI.{{cite web |last1=Saarinen |first1=Markku-Juhani O. |title=mjosaarinen/sm4ni: Demonstration that AES-NI instructions can be used to implement the Chinese Encryption Standard SM4 |url=https://github.com/mjosaarinen/sm4ni |website=GitHub |date=17 April 2020}}{{cite thesis | type = M.Sc. | last = Kivilinna | first = Jussi | date = 2013 | url = http://jultika.oulu.fi/files/nbnfioulu-201305311409.pdf | title = Block Ciphers: Fast Implementations on x86-64 Architecture | pages = 33,42 | publisher = University of Oulu | access-date = 2017-06-22}}{{cite journal | last1 = Yoo | first1 = Tae-Hee | last2 = Kivilinna | first2 = Jussi | last3 = Cho | first3 = Choong-Hee | date = 2023 | title = AVX-Based Acceleration of ARIA Block Cipher Algorithm | journal = IEEE Access | volume = 11 | issue = | pages = 77403–77415 | doi = 10.1109/ACCESS.2023.3298026 | doi-access = free | bibcode = 2023IEEEA..1177403Y }} The AVX-512 Galois Field New Instructions (GFNI) allows implementing these S-boxes in a more direct way.{{cite web |last1=Kivilinna |first1=Jussi |title=camellia-simd-aesni |website=GitHub |url=https://github.com/jkivilin/camellia-simd-aesni |date=19 April 2023 |quote=Newer x86-64 processors also support Galois Field New Instructions (GFNI) which allow implementing Camellia s-box more straightforward manner and yield even better performance.}}

New cryptographic algorithms have been constructed to specifically use parts of the AES algorithm, so that the AES instruction set can be used for speedups. The AEGIS family, which offers authenticated encryption, runs with at least twice the speed of AES.{{cite web |last1=Wu |first1=Hongjun |last2=Preneel |first2=Bart |title=AEGIS: A Fast Authenticated Encryption Algorithm (v1.1) |url=https://competitions.cr.yp.to/round3/aegisv11.pdf}} AEGIS is an "additional finalist for high-performance applications" in the CAESAR Competition.{{cite web |last1=Denis |first1=Frank |title=The AEGIS Family of Authenticated Encryption Algorithms |url=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html |website=cfrg.github.io |language=en}}

See also

Notes

{{Reflist|group=note}}

References

{{Reflist}}

External links

  • [https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/ Intel Advanced Encryption Standard Instructions (AES-NI)]
  • [https://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf AES instruction set whitepaper] (2.93 MiB, PDF) from Intel

{{AMD technology}}

{{Intel technology}}

{{Multimedia extensions|state=uncollapsed}}

{{Cryptography block}}

{{DEFAULTSORT:Aes Instruction Set}}

Category:X86 architecture

Category:X86 instructions

Category:AMD technologies

Category:Advanced Encryption Standard

Category:Hardware acceleration