Skip to content
Optimized assembly implementations of crypto for the RV32I (RISC-V) architecture
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
aes128ctrbs Initial upload Jul 2, 2019
freedom-e-sdk @ 4bc2e51
keccakf1600 Initial upload Jul 2, 2019

RISC-V Crypto


This repository contains optimized assembly implementations of various cryptographic primitives. They are part of a research paper with the title 'Efficient Cryptography on the RISC-V Architecture'.

  • aes128tables contains a table-based AES-128 implementation. This should only be used if you are aware of the risks of cache-based timing attacks and you can guarantee that this is of no concern for your specific use case.
  • aes128ctrbs contains a bitsliced AES-128-CTR implementation.
  • chacha20 contains an implementation of the ChaCha20 stream cipher.
  • keccakf1600 contains an implementation of the Keccak-f[1600] permutation.

Compilation instructions

This code uses SiFive's Freedom E SDK that is included as git submodule. That SDK requires that you have the RISC-V GNU toolchain and RISCV OpenOCD. For the GNU toolchain, make sure that multilib is enabled such that you can cross-compile for 32-bit targets. Then put both tools in you $PATH or edit the Makefile and add their locations to BIN_DIR. Once that is done, simply calling make should be sufficient to build 4 binaries in their respective directories. These binaries target the HiFive1 development board.

Using the binaries

Connect the HiFive1 over USB. In one terminal, execute ./ on Linux. This will execute screen on /dev/ttyUSB1. In another terminal, execute ./ <dir/binary.elf>. This uses riscv64-unknown-elf-gdb and openocd to flash the binary to the HiFive1 board.

You can’t perform that action at this time.