- From: Pratik Datta <PRATIK.DATTA@oracle.com>
- Date: Tue, 24 Nov 2009 15:18:44 -0800 (PST)
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: "Dixon, Martin G" <martin.g.dixon@intel.com>
- Message-ID: <0cc6b88e-7b82-4e5d-ac7a-0f225c2de458@default>
See the following presentation on AES-NI given in the Intel Developer forum 2009. https://intel.wingateweb.com/us09/scheduler/downloadFileCounting.do?sesfid=C239E10A802EC197AD4281353FD5A150&abb=CCA01F8C140D7BDDE6DE76CF45C4DEA9&fn=6381CB830C2AD346923B6393BF9600B0974EDFE7768607DCCBE61C8BED76E8D6 If this direct link doesn't work, Go to http://www.intel.com/idf/training-sessions/ Click on "View Content Catalog" and choose the presentation ECTS003 AES-NI: New Technology for Improving Encryption Efficiency and Enhancing Data Security in the Enterprise Cloud This presentation shows how AES-GCM can be accelerated in hardware. Especially see page 38, this gives some numbers. . RSA-1024 with AES-CBC and HMAC-SHA1 gives 835 SSL Sessions per second. . RSA-1024 with AES-GCM gives 1216 SSL Sessions per second. Both these numbers are with hardware acceleration turned on. The difference is because AES-GCM is an authenticated encryption, so there is no need to do a separate HMAC-SHA1, whereas AES-CBC is encryption only. That is why AES-GCM gives better results. Although these numbers are for SSL, it can extended to an XML Encryption use case as well. Imagine that you have generated an AES content encryption key, and used that to do a data encryption followed by an HMAC signing . Finally you have use a RSA key to encrypt this AES content key. By using this AES-GCM encryption algorithm you can avoid the HMAC signing, and you will get better thorougput. Martin, please feel free to add more clarification or comments to this email. Pratik
Received on Tuesday, 24 November 2009 23:19:27 UTC