throughput of GnuPG symmetric ciphers

Werner Koch wk at
Thu Aug 4 16:56:02 CEST 2005

On Thu, 4 Aug 2005 08:10:00 -0500, Ryan Malayter said:

> My test show 7-zip yields ~228 Mbps on a 2.4 GHz P4. The only cipher
> available with this program is AES256 in (I believe) ECB mode.

Why encrypt at all when using ECB? ECB has no use except in very very
special cases.  

> Still, it seems a bit odd that this program generates AES-256
> throughput 2.78 times faster than the AES-256 implementation in
> GnuPG/libgcrypt on the same machine. I suppose those large lookup

Brian Gladmans code is pretty good but we can't include it into GnupG
for legal reasons (it is in the cintrib directory of 1.2, though) and
becuase it has been optimized for specific CPUs.

Yes. I'd like to see better optimized implementations but these days
it is hard to do unless you know exactly what CPU will run the code;
its not only about ia32, sparc, ppc.  Each ia32 compatible CPU needs
its own optimized implementation - a lot of work in particular if not
being paid for.

> tables in the Gladman code really speed things up. (I would not think
> the extra XOR operation used in GnuPG's CFB implementation would

Its not the xoring but more likely caching and alignment issues.

> Gladman's code uses large tables, which presumably makes it vulnerable
> to the recently publicized timing attacks. That should not be an issue
> for GnuPG, but might be for other programs that use libgcrypt.

When implementing crypto systems one should never ever allow using the
system as an oracle.



More information about the Gnupg-users mailing list