optimized AES GCM
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Jun 1 17:04:44 CEST 2011
Hello,
I've ported Andy Polyakov's GCM code for intel processors using
PCLMULQDQ instruction and benchmarked it. The difference is quite
impressive:
Nettle's AES and GCM:
Testing DH_ANON_AES_128_GCM_SHA256 with 15360 packet size: Processed
259.65 Mb in 5.00 secs: 51.92 Mb/sec
Testing ANON_DH_AES_128_CBC_SHA1 with 15360 packet size: Processed
274.53 Mb in 5.00 secs: 54.88 Mb/sec
Andy's assembly code (AES-NI + PCLMULQDQ):
Testing DH_ANON_AES_128_GCM_SHA256 with 15360 packet size: Processed
1.87 Gb in 5.00 secs: 0.37 Gb/sec
Testing ANON_DH_AES_128_CBC_SHA1 with 15360 packet size: Processed
671.59 Mb in 5.00 secs: 134.29 Mb/sec
The CPU was: Intel(R) Xeon(R) CPU X5670 @ 2.93GHz
regards,
Nikos
More information about the Gnutls-devel
mailing list