Performance (was Re: AES test module)

Rémi Guyomarch rguyom at
Wed Oct 4 09:17:16 CEST 2000

On Tue, Oct 03, 2000 at 08:01:22PM +0200, Werner Koch wrote:
> Hi,
> you will find a GnuPG cipher module for Rijndael on

Here's a little benchmark I did on the various 'standard' ciphers in
GnuPG :

ALGO      BITS   K6/400  Cel/500
--------  ----   ------  -------
CAST5     128    35.5    49.0
BLOWFISH  128    35.4    40.0
RIJNDAEL  128    31.0    44.5
3DES      168    12.2    19.0
RIJNDAEL  192    28.7    41.3
TWOFISH   256    25.0    33.5
RIJNDAEL  256    26.6    38.5

A few comments :

o The most important column is the right one. I bet there's way more
Celerons, PPro, PII and PIII (which share the same basic core) in the
field than K6s.

o Cast5 is really fast. I think this is due to its use of bit rotation
which are very fast on PPro and friends (and very slow everywhere else).

o Rijndael is also very fast, Rijndael-256 beats Twofish by a
significant margin, Rijndael-192 is sligtly faster than Blowfish-128
(and two times faster than 3DES) and Rijndael-128 is not so far away
from Cast5 :)

o 3DES is dead slow. I haven't included IDEA in this table, but it's
roughly in the same class.

o Keep in mind that Rijndael hasn't received yet the same amount of
optimisation than, say, Blowfish or (3)DES.

Now, the gory details :

Everything was compiled with gcc 2.95.2 using "-O2 -fomit-frame-pointer".
I compiled the Rijndael cipher statically into gnupg, not as a
module. This save a register on x86 and it's only fair compared to the
other static ciphers.

The K6 machine is running FreeBSD 4.1.1
The Celeron machine is running OpenBSD 2.7

The timing was done with :

time dd if=/dev/zero bs=1m count=128 | g10/gpg -z 0 -c --digest-algo
MD5 --cipher-algo [ALGO] > /dev/null

I only used the "user" time, system time spent in piping from
/dev/zero to /dev/null isn't very interesting.

There's not significant difference between SHA1 and MD5,


More information about the Gnupg-devel mailing list