You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Xianda Ke (JIRA)" <ji...@apache.org> on 2016/05/20 11:33:12 UTC

[jira] [Created] (CRYPTO-59) support GCM in Apache Commons Crypto

Xianda Ke created CRYPTO-59:
-------------------------------

             Summary: support GCM in Apache Commons Crypto
                 Key: CRYPTO-59
                 URL: https://issues.apache.org/jira/browse/CRYPTO-59
             Project: Commons Crypto
          Issue Type: Improvement
            Reporter: Xianda Ke


Galois/Counter Mode (GCM) is a mode of operation for symmetric key cryptographic block ciphers, It is an authenticated encryption algorithm designed to provide both data authenticity (integrity) and confidentiality.

h5. 1) GCM becomes the most popular AE(AD) mode
Galois Counter Mode(GCM) has become the most popular Authenticated Encryption with Associated Data (AEAD) mode today.
The popularity is due in part to the fact that GCM is extremely fast, but mostly it's because the mode is patent-free.

h5. 2) Java implemenation of GCM has poor performance.
(environment: Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz)
GCM performance in Java 7/8 is very poor, only 3.8 MB/s.
GCM throughput can be up to 200+ MB/s in Java 9, but still fall behind OpenSSL(more than 1 GB/s).

h5. 3) Good performance of OpenSSL based on hardware acceleration
GCM can take full advantage of parallel processing and implementing GCM can make efficient use of an instruction pipeline or a hardware pipeline.Intel has also introduced a new processor instruction PCLMULQDQ for computing the Galois Hash, which is the underlying computation of the Galois Counter Mode (GCM).
Recent versions of OpenSSL has provided good implementations with hardware acceleration([OpenSSL ticket|https://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest]).
GCM performance on Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz
{code}
$ openssl speed -evp aes-128-gcm

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-gcm     340821.25k   833407.19k  1064581.38k  1162904.23k  1181409.69k
{code}

It would be better to support GCM in Apache Commons Crypto. Based on OpenSSL, Apache Commons Crypto can have good performance.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)