AES improvements on Intel CPUs
Werner Koch
wk at gnupg.org
Wed Feb 16 18:51:47 CET 2011
Hi!
The last days a played a bit with a loaned box from Intel (Core i5) and
implemented asm code to use the AES-NI instructions. It is quite an
improvement over the pure C code:
First without AES-NI (AES-128, AES-192 and AES-256):
$ ./benchmark --cipher-repetitions 100 --alignment 16 \
--disable-hwf intel-aesni cipher aes aes192 aes256
ECB/Stream CBC CFB OFB CTR
-------------- --------------- --------------- --------------- ---------------
1360ms 1350ms 1170ms 1180ms 1120ms 1120ms 1550ms 1570ms 1730ms 1740ms
1560ms 1570ms 1370ms 1400ms 1320ms 1320ms 1750ms 1770ms 1930ms 1930ms
1770ms 1770ms 1560ms 1600ms 1520ms 1520ms 1950ms 1970ms 2140ms 2130ms
Now with AES-NI (AES-128, AES-192 and AES-256):
$ ./benchmark --cipher-repetitions 100 --alignment 16 \
cipher aes aes192 aes256
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
80ms 90ms 250ms 220ms 140ms 70ms 300ms 290ms 440ms 430ms
110ms 110ms 260ms 250ms 160ms 80ms 320ms 320ms 450ms 450ms
130ms 130ms 290ms 260ms 200ms 100ms 340ms 340ms 470ms 470ms
Of course, most other crypto libs use these instructions also. CFB mode
has been optimized because that is what OpenPGP requires. CBC and CTR
will follow as time permits. 64 bit is not yet supported. There is a
lot of room for more improvements of course.
We are using inline asm and this may result in problems with some gcc
versions. Please report such problems. There is a configure option to
disable the use of AES-NI.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list