optimized AES GCM

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Jun 1 17:04:44 CEST 2011


Hello,
 I've ported Andy Polyakov's GCM code for intel processors using
PCLMULQDQ instruction and benchmarked it. The difference is quite
impressive:

Nettle's AES and GCM:
Testing DH_ANON_AES_128_GCM_SHA256 with 15360 packet size: Processed
259.65 Mb in 5.00 secs: 51.92 Mb/sec
Testing ANON_DH_AES_128_CBC_SHA1 with 15360 packet size: Processed
274.53 Mb in 5.00 secs: 54.88 Mb/sec

Andy's assembly code (AES-NI + PCLMULQDQ):
Testing DH_ANON_AES_128_GCM_SHA256 with 15360 packet size: Processed
1.87 Gb in 5.00 secs: 0.37 Gb/sec
Testing ANON_DH_AES_128_CBC_SHA1 with 15360 packet size: Processed
671.59 Mb in 5.00 secs: 134.29 Mb/sec


The CPU was: Intel(R) Xeon(R) CPU X5670  @ 2.93GHz

regards,
Nikos




More information about the Gnutls-devel mailing list