Re: [openpgp] OpenPGP encryption block modes
Werner Koch <wk@gnupg.org> Thu, 11 August 2022 10:18 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A17C15A72E for <openpgp@ietfa.amsl.com>; Thu, 11 Aug 2022 03:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWmJVpp6y0xK for <openpgp@ietfa.amsl.com>; Thu, 11 Aug 2022 03:18:11 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D08AC15A721 for <openpgp@ietf.org>; Thu, 11 Aug 2022 03:18:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=YdHB8oJQvrUup6kGMXxRA8fXLrXbzf7gewwfKLHGu9M=; b=SR18svMi9WY513njhER827avd7 e3GQlX6VCSMroB3joVBMpJReK2YkV+/GN/vCq/ZUlLqp5vhoSb9XtsWCs38G2+lWH3aHY8m9N16zl xkW/JyDiBK5OxaAmRaZNpAhaUvRjbxGSvtWlvLSKa3ODu35kH41siELzVaEdOb6bqbPY=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1oM5GR-0002dk-Bf for <openpgp@ietf.org>; Thu, 11 Aug 2022 12:18:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1oM5EY-0006Vj-1u; Thu, 11 Aug 2022 12:16:10 +0200
From: Werner Koch <wk@gnupg.org>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: openpgp@ietf.org
References: <YuFc+w02FiRQmHcg@watt.59.ca> <87bktajjvq.fsf@thinkbox> <YuKpxp0/Dy1DfC19@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com> <YuvlHdLz0Sfle7Ot@ohm.59.ca> <87a68ji1bv.fsf@wheatstone.g10code.de> <YvPGY8ArcKD7Hr1p@watt.59.ca> <YvQoC1g5rzKCfCVp@tapette.crustytoothpaste.net>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
Date: Thu, 11 Aug 2022 12:16:04 +0200
In-Reply-To: <YvQoC1g5rzKCfCVp@tapette.crustytoothpaste.net> (brian m. carlson's message of "Wed, 10 Aug 2022 21:50:03 +0000")
Message-ID: <871qtnozkr.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Eco_terrorism_Hillal_Stranded_Nigeria_Mena_Glock_Air_Marshal_Riot_lo"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/EClglAHbpD2NTbnR0u9EE2tZmLU>
Subject: Re: [openpgp] OpenPGP encryption block modes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 10:18:16 -0000
On Wed, 10 Aug 2022 21:50, brian m. carlson said: > at 866 MB/s. This is a laptop with a Core i7-1280P and 32 GB of RAM > using OpenSSL 3.0.5[0], which tends to have excellent performance. I can throw in some other numbers from Libgcrypt 1.10.1 [0] On a i5-2410M CPU @ 2.30GHz T220: AES256 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz CFB enc | 2.42 ns/B 393.8 MiB/s 7.00 c/B 2890 CFB dec | 0.367 ns/B 2596 MiB/s 1.06 c/B 2890 GCM enc | 1.31 ns/B 726.5 MiB/s 3.79 c/B 2890 GCM dec | 0.980 ns/B 973.6 MiB/s 2.83 c/B 2890 GCM auth | 0.610 ns/B 1564 MiB/s 1.76 c/B 2890 OCB enc | 0.399 ns/B 2390 MiB/s 1.15 c/B 2890 OCB dec | 0.391 ns/B 2439 MiB/s 1.13 c/B 2890 OCB auth | 0.379 ns/B 2516 MiB/s 1.10 c/B 2890 SHA1 | 1.88 ns/B 507.8 MiB/s 5.43 c/B 2890 SHA256 | 4.41 ns/B 216.0 MiB/s 12.76 c/B 2890 SHA512 | 3.05 ns/B 312.5 MiB/s 8.82 c/B 2890 On a i5-10210U CPU @ 1.60GHz NUC: AES256 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz CFB enc | 0.900 ns/B 1059 MiB/s 3.59 c/B 3989 CFB dec | 0.219 ns/B 4350 MiB/s 0.875 c/B 3989 GCM enc | 0.315 ns/B 3029 MiB/s 1.32 c/B 4188 GCM dec | 0.315 ns/B 3025 MiB/s 1.32 c/B 4188 GCM auth | 0.098 ns/B 9745 MiB/s 0.410 c/B 4189 OCB enc | 0.209 ns/B 4565 MiB/s 0.875 c/B 4188 OCB dec | 0.212 ns/B 4495 MiB/s 0.889 c/B 4188 OCB auth | 0.209 ns/B 4562 MiB/s 0.876 c/B 4188 SHA1 | 0.877 ns/B 1087 MiB/s 3.50 c/B 3988 SHA256 | 2.01 ns/B 475.4 MiB/s 8.00 c/B 3988 SHA512 | 1.40 ns/B 683.6 MiB/s 5.56 c/B 3988 On a AMD Ryzen 7 4800U NUC: AES256 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz CFB enc | 0.819 ns/B 1164 MiB/s 3.50 c/B 4269 CFB dec | 0.113 ns/B 8431 MiB/s 0.481 c/B 4256 GCM enc | 0.242 ns/B 3938 MiB/s 1.03 c/B 4260±1 GCM dec | 0.243 ns/B 3931 MiB/s 1.04 c/B 4268±3 GCM auth | 0.120 ns/B 7931 MiB/s 0.513 c/B 4264±1 OCB enc | 0.134 ns/B 7142 MiB/s 0.569 c/B 4259 OCB dec | 0.131 ns/B 7297 MiB/s 0.556 c/B 4258±1 OCB auth | 0.132 ns/B 7210 MiB/s 0.563 c/B 4259 SHA1 | 0.443 ns/B 2151 MiB/s 1.89 c/B 4262±1 SHA256 | 0.475 ns/B 2010 MiB/s 2.02 c/B 4265 SHA512 | 1.22 ns/B 783.6 MiB/s 5.17 c/B 4245±4 I can't find our GnuPG benchmarks comparing CFB and OCB right now, but the above numbers should give some hints: For the Ryzen OCB encryption is roughly 15 times faster than CFB+SHA1. Decryption is 4 times faster. Salam-Shalom, Werner [0] Libgcrypt 1.10: ./bench-slope --cpu-mhz auto cipher aes256 ./bench-slope --cpu-mhz auto hash sha1 sha256 -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
- [openpgp] The Argon2 proposal seems incomplete (D… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Werner Koch
- Re: [openpgp] The Argon2 proposal seems incomplet… Paul Wouters
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… brian m. carlson
- Re: [openpgp] The Argon2 proposal seems incomplet… Stephen Farrell
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- [openpgp] OpenPGP encryption block modes (Was: Th… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes (Was… Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes (Was… Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes (Was… Benjamin Kaduk
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Daniel Huigens
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes Aron Wussler
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Aron Wussler
- Re: [openpgp] OpenPGP encryption block modes (Was… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP encryption block modes (Was… Marcus Brinkmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes brian m. carlson
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes brian m. carlson
- Re: [openpgp] OpenPGP encryption block modes Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes (Was… Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Marcus Brinkmann
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Ángel
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Kahn Gillmor