wolfSSL Increases Crypto Performance

“wolfSSL uses Intel`s extended instructions to accelerate crypto algorithms for IoT.

wolfSSL, an open source SSL/TLS security company has optimized the wolfSSL Transport Layer Security (TLS) library on 5th generation Intel® Core™ processors. With the inclusion of Intel’s extended instructions developers can use the wolfSSL libraries for applications on many devices, including embedded technologies. The resulting improvements mean end users will see enhanced speed and security with reduced power consumption across a wide range of devices including Internet of Things.

While cryptography arithmetic is often larger than many systems can support, even for 64-bit systems, by using Intel`s AVX1/2 SIMD instructions, developers can make use of the new optimizations to whittle down the compute needed, thereby reducing complexity and increasing performance. wolfSSL benchmarks show the wolfSSL secure hash algorithms are now significantly faster. The Advanced Vector Extensions perform multiple word operations with a single instruction (in parallel) to provide this boost in speed. wolfSSL also integrated Intel® Secure Key Technology (https://software.intel.com/en-us/blogs/2012/05/14/what-is-intelr-secure-key-technology ) to provide a high-quality, high-performance entropy source and random number generator.

Larry Stefonic, CEO of wolfSSL, adds “Handcrafting the world`s best crypto is our nature, so it is great to leverage Intel`s fantastic engineering support for the primitives to enhance our product. Our wolfSSL customers will enjoy better performance as a result of these software optimizations on 5th generation Intel Core processors.”
More detail on the performance can be found on the wolfSSL blog (http://www.yassl.com/yaSSL/Blog/Entries/2015/4/16_Intels_Extended_Instructions_Accelerates_Hash_Algorithms.html) while developers can download the latest release of wolfSSL on their website https://wolfssl.com/wordpress/yaSSL/download/downloadForm.php.

About wolfSSL:

Founded in 2004, wolfSSL is a dual licensed, open source and commercial company. wolfSSL provides high-end security, while also having a small enough footprint to be perfect for embedded systems.
For more information, please visit http://www.wolfSSL.com.”

Reference: http://www.prweb.com/releases/2015/04/prweb12660791.htm

Android Kerberos with FIPS 140-2 Crypto

Hi! A few years ago we collaborated with the MIT Kerberos team to port Kerberos to Android with wolfCrypt as the crypto engine. We have recently worked to get our wolfCrypt product FIPS 140-2 certified, and as such, can make a FIPS 140-2 version of Kerberos available to the market on Android and other platforms. Let us know if you’re interested and need any support. Contact us at info@wolfssl.com, or call +1 425 245 8247.

Intel’s Extended Instructions Accelerates Hash Algorithms

Curious about how new machine instructions can accelerate crypto algorithms?  Most recently we added Intel’s Advanced Vector Extensions (AVX1 and 2) to wolfSSL’s secure hash algorithms.  Benchmarks show it improves the performance of SHA-256, 384 and 512 up to 75% (See: figure below). 

Intel`s AVX1/2 allows 128bit/256bit registers to perform multiple word operations with a single instruction in parallel.
The hashes take advantage of the AVX register parallelism and functional stitching between AVX and conventional registers as well.

How can you get it? Simply specify –enable-intelasm during ./configure with our latest version. It checks the instruction availability at run time, and you get the maximum performance improvement on your machine.

For further detail visit our “wolfSSL / wolfCrypt Benchmarks” page (http://wolfssl.com/yaSSL/benchmarks-cyassl.html).

AVX1:1.8GHz, Intel Core i5
AVX2: Intel Broadwell

AVX2:    SHA-256  50 megs took 0.320 seconds, 156.118 MB/s Cycles per byte =  9.75  = 47%
AVX1:   SHA-256  50 megs took 0.272 seconds, 184.068 MB/s Cycles per byte = 11.89  = 39%
Normal: SHA-256  50 megs took 0.376 seconds, 132.985 MB/s Cycles per byte = 16.46

AVX2:    SHA-384  50 megs took 0.226 seconds, 221.318 MB/s Cycles per byte =  6.88  = 42%
AVX1:   SHA-384  50 megs took 0.192 seconds, 260.975 MB/s Cycles per byte =  8.39  = 9%
Normal: SHA-384  50 megs took 0.209 seconds, 239.743 MB/s Cycles per byte =  9.13

AVX2:    SHA-512  50 megs took 0.224 seconds, 223.120 MB/s Cycles per byte =  6.82  = 75%
AVX1:   SHA-512  50 megs took 0.188 seconds, 266.126 MB/s Cycles per byte =  8.22  = 50%
Normal: SHA-512  50 megs took 0.281 seconds, 177.997 MB/s Cycles per byte = 12.29

What is a Stream Cipher?

A stream cipher encrypts plaintext messages by applying an encryption algorithm with a pseudorandom cipher digit stream (keystream). Each bit of the message is encrypted one by one with the corresponding keystream digit. Stream ciphers are typically used in cases where speed and simplicity are both requirements. If a 128 bit block cipher such as AES were to be used in place of a stream cipher where it was encrypting messages of 32 bit blocks, 96 bits of padding would remain. This is an inefficient approach and one reason why a stream cipher would be preferred, since they operate on the smallest possible unit.

Some common stream ciphers include RC4 (which has been shown to be vulnerable to attacks), Salsa20, ChaCha (a seemingly better variant of Salsa20), Rabbit, and HC-256, among others. Block ciphers can be used in stream mode to act as a stream cipher. If a block cipher is run in CFB, OFB, or CTR mode, it does not require additional measures to handle messages that aren’t equivalent to the length of multiples of the block size and eliminates the padding effect.

For information on the stream ciphers that can be implemented with CyaSSL or to learn more about the wolfSSL lightweight, embedded SSL library, go to wolfssl.com or contact us at info@wolfssl.com.


[1] Stream cipher. (2014, November 19). In Wikipedia, The Free Encyclopedia. Retrieved 16:19,
19, 2014, from http://en.wikipedia.org/w/index.php?title=Stream_cipher&oldid=634494612.

[2] Margaret Rouse. Stream Cipher. (2005). Available URL:

[3] Block cipher mode of operation. (2014, December 12). In Wikipedia, The Free
Encyclopedia. Retrieved 17:13, December 19, 2014, from