Home

AESNI

AES-NI, short for AES New Instructions, is a set of dedicated hardware instructions added to several x86 processors to accelerate the Advanced Encryption Standard (AES). By implementing core AES rounds and key-generation steps in hardware, AES-NI speeds up encryption and decryption and reduces CPU overhead for cryptographic tasks such as TLS handshakes, disk encryption, and VPN traffic. The instruction set comprises six instructions: AESENC, AESENCLAST, AESDEC, AESDECLAST, AESKEYGENASSIST, and AESIMC. These perform the main AES round transformations, the final round, the inverse operations for decryption, and the AES key schedule, respectively. For Galois/Counter Mode (GCM) authentication, carry-less multiply instructions in the PCLMULQDQ family are frequently used alongside AES-NI, though they are separate hardware features.

AES-NI first appeared with Intel's Westmere microarchitecture around 2010, and AMD later implemented compatible instructions in

With AES-NI, software AES routines can execute more efficiently than pure software implementations, yielding performance improvements

its
processors.
Since
then,
most
modern
Intel
and
AMD
CPUs
expose
AES-NI,
and
software
cryptographic
libraries
can
detect
and
automatically
exploit
it
when
available.
in
encryption-heavy
workloads.
It
does
not
change
AES
security
parameters
or
algorithms;
it
simply
accelerates
them.
Adoption
depends
on
hardware
support
and
on
compiler
and
library
support
to
enable
the
instructions.