Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Performance of Cryptographic Operations

Cryptographic operations are compute-intensive and do have an impact on overall application performance. However, not all operations and, for a given operation, all algorithms use the same number of CPU cycles for each unit of data processed. In fact, when selecting a particular algorithm for an application, speed of processing is an important criterion.

Table 3-2 lists the encryption and decryption rate (in Kbytes per second) for a number of algorithms. These measurements were taken on a 900MHz AMD Athlon machine running Windows 2000 and Sun's J2SE v1.4 JVM in server mode using repeated processing of a large (more than 1 MB) text file. The time spent in I/O and initialization and a few minutes of JVM warmup is not included in the reported figures.

Table 3-2. Encryption/Decryption Performance Measurements

Transformation, Keysize

Encryption Rate (KBytes/sec)

Decryption Rate (KBytes/sec)

DES/CBC/PKCS5Padding, 56 bits

2720

2302

TripleDES/ECB/PKCS5Padding, 112 bits

1080

1010

Blowfish, 128 bits

5090

3010

PBEWithMD5AndDES

2660

2270

These figures indicate that Blowfish is the fastest among all the reported algorithms. Interestingly, the decryption is significantly slower than encryption with Blowfish.

How about signature creation and verification performance? Table 3-3 has the measurement figures for signing and verifying the same document.

Table 3-3. Signature Creation/Verification Performance

Algorithm, Keysize

Signing Rate (KBytes/sec)

Verification Rate (KBytes/sec)

SHA1WithDSA, 512 bits

12080

11890

SHA1WithDSA, 1024 bits

11780

11580

SHA1WithRSA, 512 bits

16950

16910

SHA1WithRSA, 1024 bits

16070

16000

It is quite obvious that signing and verifying are significantly faster than encryption and decryption operations. Also, SHA1WithRSA is almost one and a half times faster than SHA1WithDSA.

These measurements are taken with the "crypttool bench" command. Use it within your environment to compare different algorithms and estimate crypto overhead for your application.

There are many ways to speed up the performance of these operations. A commonly used mechanism, especially for large volume applications, is to use special cryptographic accelerator cards. As most of the cryptographic algorithms can have extremely efficient hardware-based implementations, an order of magnitude improvement is not uncommon.

  • + Share This
  • 🔖 Save To Your Account