AES-GCM on Intel Westmere CPUs

See the following presentation on AES-NI given in the  Intel Developer forum 2009.

 

 

https://intel.wingateweb.com/us09/scheduler/downloadFileCounting.do?sesfid=C239E10A802EC197AD4281353FD5A150&abb=CCA01F8C140D7BDDE6DE76CF45C4DEA9&fn=6381CB830C2AD346923B6393BF9600B0974EDFE7768607DCCBE61C8BED76E8D6

If this direct link doesn't work, 

Go to http://www.intel.com/idf/training-sessions/

Click on "View Content Catalog"

and choose the presentation 

ECTS003    AES-NI: New Technology for Improving Encryption Efficiency and Enhancing Data Security in the Enterprise Cloud

 

 

This presentation shows how AES-GCM can be accelerated in hardware.

 

Especially see page 38, this gives some numbers. 

.         RSA-1024  with  AES-CBC and  HMAC-SHA1    gives 835 SSL Sessions per second.

.         RSA-1024   with   AES-GCM   gives 1216 SSL Sessions per second.

 

Both these numbers are with hardware acceleration turned on.  The difference is because AES-GCM is an authenticated encryption, so there is no need to do a separate HMAC-SHA1, whereas AES-CBC is encryption only. That is why AES-GCM  gives better results.

 

Although these numbers are for SSL, it can extended to an  XML Encryption use case as well.  Imagine that you have generated an AES content encryption key, and used that to do a data encryption followed by an HMAC signing . Finally you have use a RSA key to encrypt this AES content key. By using this AES-GCM encryption algorithm you can avoid the HMAC signing, and you will get better thorougput.

 

Martin, please feel free to add more clarification or comments to this email.

 

Pratik

 

 

 

Received on Tuesday, 24 November 2009 23:19:27 UTC