[erlang-questions] SSL performance

Andreas Schultz aschultz@REDACTED
Wed Feb 11 16:29:43 CET 2015

Hi Jesper,

salsa20 might be indeed faster that AES-CTR, but you comparison is clearly biased ;-)

----- On 11 Feb, 2015, at 15:32, Jesper Louis Andersen jesper.louis.andersen@REDACTED wrote:


> Using the crypto application, encrypting 200 megabytes of 0'es with aes_ctr
> mode, IV = 16 bytes of 0'es, key = binary:copy(<<"foobar">>, 4) (192 bit key)
> takes 1.7 seconds. This is going to be the lower bound of an AES stream in CTR
> mode. If your core is slower, then 3 seconds doesn't sound wrong.
> Using the `enacl` application[0], Running 200 megabytes of 0'es through a
> secretbox (xsalsa20 cipher + poly1305 MAC!, it is more secure than AES-CTR)
> with a nonce of 24 bytes and a 256 bit secret key takes 397 milliseconds. If
> you had picked a sane cryptographic library, this would have been the lower
> limit :)

The cause for this is not the cryptographic library, but Erlang's interface to it.
Erlang's crypto application uses a non-optimized OpenSSL API to execute the AES
encryption, while enacl seems to uses an highly optimized version.

Normally when doing AES, you first have to schedule the key, creating an encryption
context and then reuse that context for every block. Since the crypto application
doesn't have stream_cipher versions of AES, it has to go through the key scheduling
on every invocation (every block). Also, OpenSSL can use assembler optimized AES
functions on modern CPU's, but those are only available when OpenSSL's EVP interfaces
are used. Erlang's crypto does not use those.

So, don't blame the speed on the cryptographic library, but on the interface to it.

When you want to compare the raw speed of crypto functions in OpenSSL, you should
use 'openssl speed', e.g. 'openssl speed -evp aes-192-ctr'.

On my  Intel i7-2760QM CPU @ 2.40GHz I get this:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-192-ctr     409914.49k  1352747.82k  2235027.29k  2834907.01k  3064111.10k
aes-192-gcm     266250.60k   694806.52k   953150.46k  1046909.52k  1073790.98k

So, even the slowest version with 16 Bytes/block achieves 266 MByte/s.


> Fact is, I can encrypt-then-mac 4.3 times faster than SSL can encrypt in AES-CTR
> mode.
> In any case, I don't think you are experiencing anything odd, besides slow
> cryptographic primitives.
> [0] https://github.com/jlouis/enacl - Full disclosure: I'm the author, and it
> requires OTP 17.3+ since it uses Steve Vinoski's dirty scheduler feature.
> --
> J.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780

More information about the erlang-questions mailing list