IETF Logo Mail Archive

Re: [openpgp] OpenPGP encryption block modes

Werner Koch <wk@gnupg.org> Thu, 11 August 2022 10:18 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A17C15A72E for <openpgp@ietfa.amsl.com>; Thu, 11 Aug 2022 03:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWmJVpp6y0xK for <openpgp@ietfa.amsl.com>; Thu, 11 Aug 2022 03:18:11 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D08AC15A721 for <openpgp@ietf.org>; Thu, 11 Aug 2022 03:18:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=YdHB8oJQvrUup6kGMXxRA8fXLrXbzf7gewwfKLHGu9M=; b=SR18svMi9WY513njhER827avd7 e3GQlX6VCSMroB3joVBMpJReK2YkV+/GN/vCq/ZUlLqp5vhoSb9XtsWCs38G2+lWH3aHY8m9N16zl xkW/JyDiBK5OxaAmRaZNpAhaUvRjbxGSvtWlvLSKa3ODu35kH41siELzVaEdOb6bqbPY=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1oM5GR-0002dk-Bf for <openpgp@ietf.org>; Thu, 11 Aug 2022 12:18:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1oM5EY-0006Vj-1u; Thu, 11 Aug 2022 12:16:10 +0200
From: Werner Koch <wk@gnupg.org>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: openpgp@ietf.org
References: <YuFc+w02FiRQmHcg@watt.59.ca> <87bktajjvq.fsf@thinkbox> <YuKpxp0/Dy1DfC19@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com> <YuvlHdLz0Sfle7Ot@ohm.59.ca> <87a68ji1bv.fsf@wheatstone.g10code.de> <YvPGY8ArcKD7Hr1p@watt.59.ca> <YvQoC1g5rzKCfCVp@tapette.crustytoothpaste.net>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
Date: Thu, 11 Aug 2022 12:16:04 +0200
In-Reply-To: <YvQoC1g5rzKCfCVp@tapette.crustytoothpaste.net> (brian m. carlson's message of "Wed, 10 Aug 2022 21:50:03 +0000")
Message-ID: <871qtnozkr.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Eco_terrorism_Hillal_Stranded_Nigeria_Mena_Glock_Air_Marshal_Riot_lo"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/EClglAHbpD2NTbnR0u9EE2tZmLU>
Subject: Re: [openpgp] OpenPGP encryption block modes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 10:18:16 -0000

On Wed, 10 Aug 2022 21:50, brian m. carlson said:

> at 866 MB/s.  This is a laptop with a Core i7-1280P and 32 GB of RAM
> using OpenSSL 3.0.5[0], which tends to have excellent performance.

I can throw in some other numbers from Libgcrypt 1.10.1 [0]

On a i5-2410M CPU @ 2.30GHz T220:

 AES256         |  nanosecs/byte   mebibytes/sec   cycles/byte  auto Mhz
        CFB enc |      2.42 ns/B     393.8 MiB/s      7.00 c/B      2890
        CFB dec |     0.367 ns/B      2596 MiB/s      1.06 c/B      2890
        GCM enc |      1.31 ns/B     726.5 MiB/s      3.79 c/B      2890
        GCM dec |     0.980 ns/B     973.6 MiB/s      2.83 c/B      2890
       GCM auth |     0.610 ns/B      1564 MiB/s      1.76 c/B      2890
        OCB enc |     0.399 ns/B      2390 MiB/s      1.15 c/B      2890
        OCB dec |     0.391 ns/B      2439 MiB/s      1.13 c/B      2890
       OCB auth |     0.379 ns/B      2516 MiB/s      1.10 c/B      2890
 SHA1           |      1.88 ns/B     507.8 MiB/s      5.43 c/B      2890
 SHA256         |      4.41 ns/B     216.0 MiB/s     12.76 c/B      2890
 SHA512         |      3.05 ns/B     312.5 MiB/s      8.82 c/B      2890

On a i5-10210U CPU @ 1.60GHz NUC:

 AES256         |  nanosecs/byte   mebibytes/sec   cycles/byte  auto Mhz
        CFB enc |     0.900 ns/B      1059 MiB/s      3.59 c/B      3989
        CFB dec |     0.219 ns/B      4350 MiB/s     0.875 c/B      3989
        GCM enc |     0.315 ns/B      3029 MiB/s      1.32 c/B      4188
        GCM dec |     0.315 ns/B      3025 MiB/s      1.32 c/B      4188
       GCM auth |     0.098 ns/B      9745 MiB/s     0.410 c/B      4189
        OCB enc |     0.209 ns/B      4565 MiB/s     0.875 c/B      4188
        OCB dec |     0.212 ns/B      4495 MiB/s     0.889 c/B      4188
       OCB auth |     0.209 ns/B      4562 MiB/s     0.876 c/B      4188
 SHA1           |     0.877 ns/B      1087 MiB/s      3.50 c/B      3988
 SHA256         |      2.01 ns/B     475.4 MiB/s      8.00 c/B      3988
 SHA512         |      1.40 ns/B     683.6 MiB/s      5.56 c/B      3988

On a AMD Ryzen 7 4800U NUC:

 AES256         |  nanosecs/byte   mebibytes/sec   cycles/byte  auto Mhz
        CFB enc |     0.819 ns/B      1164 MiB/s      3.50 c/B      4269
        CFB dec |     0.113 ns/B      8431 MiB/s     0.481 c/B      4256
        GCM enc |     0.242 ns/B      3938 MiB/s      1.03 c/B      4260±1
        GCM dec |     0.243 ns/B      3931 MiB/s      1.04 c/B      4268±3
       GCM auth |     0.120 ns/B      7931 MiB/s     0.513 c/B      4264±1
        OCB enc |     0.134 ns/B      7142 MiB/s     0.569 c/B      4259
        OCB dec |     0.131 ns/B      7297 MiB/s     0.556 c/B      4258±1
       OCB auth |     0.132 ns/B      7210 MiB/s     0.563 c/B      4259
 SHA1           |     0.443 ns/B      2151 MiB/s      1.89 c/B      4262±1
 SHA256         |     0.475 ns/B      2010 MiB/s      2.02 c/B      4265
 SHA512         |      1.22 ns/B     783.6 MiB/s      5.17 c/B      4245±4


I can't find our GnuPG benchmarks comparing CFB and OCB right now, but
the above numbers should give some hints: For the Ryzen OCB encryption
is roughly 15 times faster than CFB+SHA1.  Decryption is 4 times faster.



Salam-Shalom,

   Werner



[0] Libgcrypt 1.10:
    ./bench-slope --cpu-mhz auto cipher aes256
    ./bench-slope --cpu-mhz auto hash sha1 sha256
-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

v2.23.0 | Report a Bug | By Email