Tim,

Do you have a Haswell powered machine at your disposal?
JDK-7184394[1] should have addressed this issue

Thanks,

Ivan

[1] - https://bugs.openjdk.java.net/browse/JDK-7184394

On 28 Mar 2014, at 01:29, Tim Whittington <jdk-security-...@whittington.net.nz> 
wrote:

> Hi all
> 
> I’ve noticed that the performance of the AES/GCM implementation in the JDK 8 
> SunJCE provider is very slow.
> 
> On a simple micro-benchmark (standard caveats etc. etc.) encrypting 10 MB 
> blocks of random data (not decrypt) I get the following rough throughputs:
> 
> AES/ECB +UseAESIntrinsics - 600 MB/s (btw this is awesome fast for Java, up 
> from about 300 MB/s in Java 7)
> AES/ECB -UseAESIntrinsics - 120 MB/s (again a good bump from about 90 MB/s in 
> Java 7)
> AES/GCM - 4 MB/s
> 
> 4 MB/s is pretty catastrophic (especially compared to the stellar baseline 
> AES performance).
> 
> A quick peek in a profiler reveals pretty much all the time is in 
> GHash.blockMult()/getBit()/shift().
> The performance of the AES/GCM mode is comparable to other pure Java 
> implementations without table based multiplier optimisations (which typically 
> provide speeds in the 40-60 MB/s on the same micro-benchmark).
> 
> I wonder if the JDK implementation could adopt one of those approaches or 
> (better) implement an intrinsic to speed this up (perhaps using the CLMUL 
> interaction set when available).
> 
> cheers
> tim
> 
> —
> 
> java version "1.8.0"
> Java(TM) SE Runtime Environment (build 1.8.0-b132)
> Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)
> 
> Darwin <redacted> 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 
> PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64
> 
> 

Reply via email to