throughput of GnuPG symmetric ciphers

Ryan Malayter malayter at
Thu Aug 4 15:10:00 CEST 2005

On 8/4/05, Werner Koch <wk at> wrote:
> So roughly libgcrypt gets 55% of the performance of OpenSSL with AES
> and 61% for 3DES.  This all with a higher level interface, a non ia32
> optimized AES.  I am pretty sure we can improve here but it will
> require to duplicate code for the modes (CBS,CFB) into the actual
> cipher implementation.

My test show 7-zip yields ~228 Mbps on a 2.4 GHz P4. The only cipher
available with this program is AES256 in (I believe) ECB mode.

I presume this performance is the result of the efficient Gladman code
and a P4-specific compiler optimizations used when building 7-zip.

Still, it seems a bit odd that this program generates AES-256
throughput 2.78 times faster than the AES-256 implementation in
GnuPG/libgcrypt on the same machine. I suppose those large lookup
tables in the Gladman code really speed things up. (I would not think
the extra XOR operation used in GnuPG's CFB implementation would
account for so large a difference).

Gladman's very fast GPL-compatible code (as used in 7-zip) is
available at
He has C, C++, and x86 assembly implementations. You might want to
take a look.

Gladman's code uses large tables, which presumably makes it vulnerable
to the recently publicized timing attacks. That should not be an issue
for GnuPG, but might be for other programs that use libgcrypt.

All problems can be solved by diplomacy, but violence and treachery
are equally effective, and more fun.

More information about the Gnupg-users mailing list