Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Performance of Cryptographic Operations

Cryptographic operations are compute-intensive and do have an impact on overall application performance. However, not all operations and, for a given operation, all algorithms use the same number of CPU cycles for each unit of data processed. In fact, when selecting a particular algorithm for an application, speed of processing is an important criterion.

Table 3-2 lists the encryption and decryption rate (in Kbytes per second) for a number of algorithms. These measurements were taken on a 900MHz AMD Athlon machine running Windows 2000 and Sun's J2SE v1.4 JVM in server mode using repeated processing of a large (more than 1 MB) text file. The time spent in I/O and initialization and a few minutes of JVM warmup is not included in the reported figures.

Table 3-2. Encryption/Decryption Performance Measurements

Transformation, Keysize

Encryption Rate (KBytes/sec)

Decryption Rate (KBytes/sec)

DES/CBC/PKCS5Padding, 56 bits



TripleDES/ECB/PKCS5Padding, 112 bits



Blowfish, 128 bits






These figures indicate that Blowfish is the fastest among all the reported algorithms. Interestingly, the decryption is significantly slower than encryption with Blowfish.

How about signature creation and verification performance? Table 3-3 has the measurement figures for signing and verifying the same document.

Table 3-3. Signature Creation/Verification Performance

Algorithm, Keysize

Signing Rate (KBytes/sec)

Verification Rate (KBytes/sec)

SHA1WithDSA, 512 bits



SHA1WithDSA, 1024 bits



SHA1WithRSA, 512 bits



SHA1WithRSA, 1024 bits



It is quite obvious that signing and verifying are significantly faster than encryption and decryption operations. Also, SHA1WithRSA is almost one and a half times faster than SHA1WithDSA.

These measurements are taken with the "crypttool bench" command. Use it within your environment to compare different algorithms and estimate crypto overhead for your application.

There are many ways to speed up the performance of these operations. A commonly used mechanism, especially for large volume applications, is to use special cryptographic accelerator cards. As most of the cryptographic algorithms can have extremely efficient hardware-based implementations, an order of magnitude improvement is not uncommon.

  • + Share This
  • 🔖 Save To Your Account