Re: [openpgp] SHA-x performance (was: SHA3 algorithm ids)

Peter Gutmann <> Tue, 11 August 2015 17:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 086941ACE27 for <>; Tue, 11 Aug 2015 10:49:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id N37skBhigUfl for <>; Tue, 11 Aug 2015 10:49:01 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2C9AA1AC3E2 for <>; Tue, 11 Aug 2015 10:49:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1439315342; x=1470851342; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=D+q1otGRl5xJRSgsjRH9+dGOCYfU8jsfFbf+qqTtjh4=; b=MIEyESApGNzZtjNrZs5lke8iB60jp3ojmNSsUKzVjNZ4wRcLoN0cWXkR DLoqTDDwMbq3lnk78aIiV/FcjwsvsSqkRtRxrJgK+iJb0tAsC1ay7vHmR y3flPdq8kMnN79qTsT6Pivki2rRPu18gtwKElhxU7PzVvgAg0SDOXmjsx BOurP9xjkYq09eRfND8ELUffG41qYzeX18jME+rxwM72AYLXWGIUITTy2 HBO/knE8fp8ea6JJPRJqHi1POQIO66J6FAKEEMAZcUdZqWCvU1ameeh0A 5uEbCPJ8H08VA8oV5hRU5CntdUajOMD4rINz+EkrZ6LzMl7rVkXbCv2di Q==;
X-IronPort-AV: E=Sophos;i="5.15,654,1432555200"; d="scan'208";a="34435902"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES128-SHA; 12 Aug 2015 05:49:01 +1200
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Wed, 12 Aug 2015 05:48:59 +1200
From: Peter Gutmann <>
To: Werner Koch <>
Thread-Topic: SHA-x performance (was: [openpgp] SHA3 algorithm ids)
Thread-Index: AQHQ1FtvD5rLGhGylEatY9bW9pkXy54HEj++
Date: Tue, 11 Aug 2015 17:48:59 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: Phillip Hallam-Baker <>, Derek Atkins <>, ianG <>, Daniel Kahn Gillmor <>, IETF OpenPGP <>
Subject: Re: [openpgp] SHA-x performance (was: SHA3 algorithm ids)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Aug 2015 17:49:04 -0000

Werner Koch <> writes:

>Does anyone know a summary of SHA-256 performance on standard CPUs with
>dedicated SHA hardware?

This is focusing on entirely the wrong end of the performance scale,
benchmarking anything on an i7 (or whatever) is pretty much irrelevant because
no matter how you implement it (with hardware assist, software-only, handcoded
asm, C, Visual Basic, whatever), it's still going to be way faster than you
ever need.  The only difference will be whether it's 100x faster than required
or 200x faster.  

Where it matters is IoT implementations, 180MHz STM32's and the like.  For
example on a Cortex A7 (which is way more powerful than most IoT devices use,
but I happen to have figures at hand for it), SHA2-512 is more than an order
of magnitude slower than SHA2-256.  SHA-3 is too new to have figures
available, but I'd guess it's going to be a lot worse than that.  That's what
you need to benchmark for, systems where speed is actually an issue.