throughput of GnuPG symmetric ciphers

Werner Koch wk at
Thu Aug 4 12:11:48 CEST 2005

On Thu, 4 Aug 2005 18:00:18 +0930, Roscoe  said:

> I suggest looking at openssl. I'd hazard a guess that most nix OS's
> end up with it installed.

Libgcrypt, basicaly using the same code as gpg, gives this numbers:

$ ./benchmark cipher
           ECB             CBC             CFB             CTR             
           --------------- --------------- --------------- --------------- 
3DES         120ms   120ms   140ms   150ms   130ms   150ms   180ms   180ms 
CAST5         50ms    60ms    60ms    80ms    70ms    70ms   110ms   100ms 
BLOWFISH     100ms    70ms   110ms    80ms   120ms   130ms   160ms   150ms 
AES           40ms    50ms    50ms    50ms    50ms    60ms    90ms    90ms 
AES192        40ms    50ms    50ms   100ms    60ms    60ms   100ms   100ms 
AES256        50ms    60ms    60ms    70ms    60ms    70ms   100ms   110ms 
TWOFISH       40ms    40ms    50ms    50ms    50ms    60ms    90ms    90ms 
DES           50ms    60ms    60ms    80ms    60ms    70ms   110ms   120ms 
TWOFISH128    30ms    40ms    50ms    60ms    50ms    50ms   100ms    90ms 
SERPENT128   100ms    80ms   110ms    90ms   110ms   120ms   150ms   150ms 
SERPENT192   100ms    80ms   110ms   100ms   110ms   110ms   150ms   150ms 
SERPENT256   100ms    90ms   100ms   100ms   110ms   110ms   220ms   150ms 
RFC2268_40   140ms    90ms   150ms   110ms   150ms   150ms   190ms   190ms 

Times are 1000 calls to the crypt function working on a buffer of 1000
bytes (rounded down to the blocksize). This is on a 1500Mhz Pentium

Thus the AES CFB, as used by gpg, works at about 20MB/s. 3DES is 7.5

openssl shows (it does not support CFB):
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      25263.00k    38052.71k    38510.45k    38602.41k    38637.10k
des ede3          9195.18k    11783.00k    11792.49k    11792.78k    11785.56k

So roughly libgcrypt gets 55% of the performance of OpenSSL with AES
and 61% for 3DES.  This all with a higher level interface, a non ia32
optimized AES.  I am pretty sure we can improve here but it will
require to duplicate code for the modes (CBS,CFB) into the actual
cipher implementation.



More information about the Gnupg-users mailing list