W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2009

AES-GCM on Intel Westmere CPUs

From: Pratik Datta <PRATIK.DATTA@oracle.com>
Date: Tue, 24 Nov 2009 15:18:44 -0800 (PST)
Message-ID: <0cc6b88e-7b82-4e5d-ac7a-0f225c2de458@default>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: "Dixon, Martin G" <martin.g.dixon@intel.com>
See the following presentation on AES-NI given in the  Intel Developer forum 2009.




If this direct link doesn't work, 

Go to http://www.intel.com/idf/training-sessions/

Click on "View Content Catalog"

and choose the presentation 

ECTS003    AES-NI: New Technology for Improving Encryption Efficiency and Enhancing Data Security in the Enterprise Cloud



This presentation shows how AES-GCM can be accelerated in hardware.


Especially see page 38, this gives some numbers. 

.         RSA-1024  with  AES-CBC and  HMAC-SHA1    gives 835 SSL Sessions per second.

.         RSA-1024   with   AES-GCM   gives 1216 SSL Sessions per second.


Both these numbers are with hardware acceleration turned on.  The difference is because AES-GCM is an authenticated encryption, so there is no need to do a separate HMAC-SHA1, whereas AES-CBC is encryption only. That is why AES-GCM  gives better results.


Although these numbers are for SSL, it can extended to an  XML Encryption use case as well.  Imagine that you have generated an AES content encryption key, and used that to do a data encryption followed by an HMAC signing . Finally you have use a RSA key to encrypt this AES content key. By using this AES-GCM encryption algorithm you can avoid the HMAC signing, and you will get better thorougput.


Martin, please feel free to add more clarification or comments to this email.





Received on Tuesday, 24 November 2009 23:19:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:12 UTC