Hi Tim, CLMUL acceleration is being looked into.
Tony On 03/27/2014 02:28 PM, Tim Whittington wrote:
Hi all I’ve noticed that the performance of the AES/GCM implementation in the JDK 8 SunJCE provider is very slow. On a simple micro-benchmark (standard caveats etc. etc.) encrypting 10 MB blocks of random data (not decrypt) I get the following rough throughputs: AES/ECB +UseAESIntrinsics - 600 MB/s (btw this is awesome fast for Java, up from about 300 MB/s in Java 7) AES/ECB -UseAESIntrinsics - 120 MB/s (again a good bump from about 90 MB/s in Java 7) AES/GCM - 4 MB/s 4 MB/s is pretty catastrophic (especially compared to the stellar baseline AES performance). A quick peek in a profiler reveals pretty much all the time is in GHash.blockMult()/getBit()/shift(). The performance of the AES/GCM mode is comparable to other pure Java implementations without table based multiplier optimisations (which typically provide speeds in the 40-60 MB/s on the same micro-benchmark). I wonder if the JDK implementation could adopt one of those approaches or (better) implement an intrinsic to speed this up (perhaps using the CLMUL interaction set when available). cheers tim — java version "1.8.0" Java(TM) SE Runtime Environment (build 1.8.0-b132) Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode) Darwin <redacted> 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64
