Hi Tim,

CLMUL acceleration is being looked into.

Tony

On 03/27/2014 02:28 PM, Tim Whittington wrote:
Hi all

I’ve noticed that the performance of the AES/GCM implementation in the JDK 8 
SunJCE provider is very slow.

On a simple micro-benchmark (standard caveats etc. etc.) encrypting 10 MB 
blocks of random data (not decrypt) I get the following rough throughputs:

AES/ECB +UseAESIntrinsics - 600 MB/s (btw this is awesome fast for Java, up 
from about 300 MB/s in Java 7)
AES/ECB -UseAESIntrinsics - 120 MB/s (again a good bump from about 90 MB/s in 
Java 7)
AES/GCM - 4 MB/s

4 MB/s is pretty catastrophic (especially compared to the stellar baseline AES 
performance).

A quick peek in a profiler reveals pretty much all the time is in 
GHash.blockMult()/getBit()/shift().
The performance of the AES/GCM mode is comparable to other pure Java 
implementations without table based multiplier optimisations (which typically 
provide speeds in the 40-60 MB/s on the same micro-benchmark).

I wonder if the JDK implementation could adopt one of those approaches or 
(better) implement an intrinsic to speed this up (perhaps using the CLMUL 
interaction set when available).

cheers
tim

—

java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)

Darwin <redacted> 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 PST 
2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64


Reply via email to