1 (edited by zkertesz 2020-01-14 05:22:42)

Topic: AES CBC much encrypt slower than decrypt


I'm working on a personal project (file encryption) and did some benchmarks on the AES (with and without AESNI).
The software implementation works as expected, got similar encryption and decryption speeds.

Library built with:

./configure --enable-aescbc
make src/libwolfssl.la

test code built with:

gcc -O3 -Wall -o aes_test aes_enc_dec.c -lwolfssl

Software AES, AMD A4-5050 @ 1.5GHz

> encrypt/AES256/CBC mode: 1178.002 msec,  64 MB,    54 MB/sec [     432.00 mbit/sec |   0.4 gbit/sec ]
> decrypt/AES256/CBC mode: 1146.915 msec,  64 MB,    55 MB/sec [     440.00 mbit/sec |   0.4 gbit/sec ]

Software AES, i7-9880H

> encrypt/AES256/CBC mode: 288.164 msec,  64 MB,   222 MB/sec [    1776.00 mbit/sec |   1.7 gbit/sec ]
> decrypt/AES256/CBC mode: 290.760 msec,  64 MB,   220 MB/sec [    1760.00 mbit/sec |   1.7 gbit/sec ]

Now with AESNI:

Library built with:

./configure --enable-aesni --enable-intelasm --enable-intelrand --enable-harden
make src/libwolfssl.la

test code built, as before, with:

gcc -O3 -Wall -o aes_test aes_enc_dec.c -lwolfssl

AESNI, AMD A4-5050 @ 1.5GHz

> encrypt/AES256/CBC mode: 257.483 msec,  64 MB,   248 MB/sec [    1984.00 mbit/sec |   1.9 gbit/sec ]
> decrypt/AES256/CBC mode:  58.154 msec,  64 MB,  1100 MB/sec [    8800.00 mbit/sec |   8.6 gbit/sec ]

AESNI, i7-9880H

> encrypt/AES256/CBC mode:  69.183 msec,  64 MB,   925 MB/sec [    7400.00 mbit/sec |   7.2 gbit/sec ]
> decrypt/AES256/CBC mode:  15.122 msec,  64 MB,  4232 MB/sec [   33856.00 mbit/sec |  33.1 gbit/sec ]

There's a huge performance increase when using AESNI. But I'm curious why the decryption process is more than 4 times faster.
As far as I know the encryption and decryption performance should be more-or-less the same. The software implementation shows this as well.

Is there something I've missed?


Post's attachments

aes_enc_dec.c 4.33 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.


Re: AES CBC much encrypt slower than decrypt

Hi @zkertesz,

The short answer is parallelization of the decrypts.

The software solution does an encrypt block by block and a decrypt block by block in sequence thus you see similar performance times. There is no way around the encrypt block by block in sequence because you can't encrypt the next block until the current block is finished (this is the whole point of "block chaining").

However when decrypting you can parallelize the decrypts because all blocks are already encrypted and to decrypt a given block you just need the block that preceeded it so let's imagine this scenario:

BlockA -> BlockB -> BlockC -> BlockD ->BlockE

During encryption you have to encrypt in sequence:
BlockA before you can encrypt BlockB, BlockB before BlockC and so on. HOWEVER not with decrypt.

During Decryption you can decypt BlockE using BlockD's encrypted version while at the same time decrypting BlockD with BlockCs' encrypted version while at the same time decrypting BlockC with BlockBs' encrypted version etc. It takes more memory because you load a copy of the encrypted BlockC for decrypting blockD while also loading another copy of encrypted BlockC to decrypt BlockC (hope this all makes sense).

Anyway long story short we could achieve something similar in Software also, we just have not yet added a parallelized software solution where the AESNI and intel hardware have implemented parallelized decrypt.

Hope this helps.

- K

Re: AES CBC much encrypt slower than decrypt

Hey Kaleb,

Yes, that makes perfect sense.

Thanks a lot.


Re: AES CBC much encrypt slower than decrypt


A pleasure, and great question by the way! Let us know if there is anything else we can assist with.

Can you tell us a bit about what it is you are working on that's driving this investigation? We love to hear about the new and exciting ways and products wolfSSL is being evaluated for!