RVOPcode
Home/Instructions/AES64 Decrypt Middle
AES64DSM

RISC-V AES64DSM Instruction Details

Instruction ManualR-type

AES middle-round decrypt (RV64): two 64-bit source registers represent the full state and apply inverse ShiftRows/SubBytes/MixColumns

Instruction Syntax

aes64dsm rd, rs1, rs2
Operand Breakdown
Destination rd: register receiving the operation result.
Source rs1: register holding the first operand.
Source rs2: register holding the second operand.
ZkndCrypto & Security
Related Search Terms
aes64dsm instructionRISC-V aes64dsmaes64dsm syntaxAES64 state halvesAES decrypt roundZknd

Instruction Encoding

31..25
funct7
24..20
rs2
19..15
rs1
14..12
funct3
11..7
rd
6..0
opcode

AES64DSM uses opcode 0110011 (0x33), funct3 001, funct7 0011111. The rs1 and rs2 fields select the two source registers, and rd selects the destination register.

Format: R-type
opcode: 0110011 (0x33)
funct3: 001 (0x1)
funct7: 0011111 (0x1f)

Instruction Behavior

aes64dsm is an RV64 AES decrypt middle-round instruction in Zknd. It uses rs1 and rs2 as two 64-bit source registers representing the full 128-bit AES state, applies Inverse ShiftRows, inverse SubBytes, and InvMixColumns, and writes half of the next-round output to rd. The full 128-bit output is normally produced by executing the official paired instruction with reversed source-register order; round-key XOR is not implicitly performed by this AES64 round instruction.

Quick Understanding & Search Notes

AES64DSM is a Zknd scalar cryptography instruction for AES middle-round decrypt half-block. This page is checked against the official scalar crypto extension, avoiding confusion among round functions, key schedule steps, and operand sources.

RV64 instruction: rs1/rs2 together represent the full AES state, and the instruction produces half of the next-round output; compute the other half with reversed source-register order.
Scalar crypto instructions use integer X registers, and the official spec requires the relevant crypto instructions to be implemented with data-independent execution latency.
aes64* forms are defined only for RV64.
RISC-V Unprivileged ISA Manual: Scalar cryptography extensions 1.0.1

Common Usage Scenarios

Crypto & Security

Understand this scenario with real code like «aes64dsm a0, a1, a2».

Data Protection

Understand this scenario with real code like «aes64dsm a0, a1, a2».

Pre-Use Checklist

Syntax Check
  • Confirm the current instruction format is R-type.
  • Confirm the operand order matches the example.
Semantic Check
  • Ensure the destination register usage is compatible with the calling convention.
  • Confirm this is not the lower-level form of a pseudo-instruction expansion.

Pitfalls / Common Confusions

RV64 only; this AES64 form is not available on RV32.
rs1 and rs2 are the two 64-bit halves of the current AES state; do not describe rs2 as a fixed round-key operand.
Middle-round forms include MixColumns/InvMixColumns; final-round forms do not.
One execution produces only half of the 128-bit state output; compute the other half using the official reversed source-register order.

FAQ

Does AES64DSM use floating-point or vector registers?

No. These scalar crypto extension instructions use integer X registers.

Is AES64DSM a complete algorithm implementation?

No. It is a low-level step from AES, SHA, SM3, or SM4; software still combines instructions with the algorithm schedule, round constants, or round keys.