Performance of Cryptographic Operations

Cryptographic operations are compute-intensive and do have an impact on overall application performance. However, not all operations and, for a given operation, all algorithms use the same number of CPU cycles for each unit of data processed. In fact, when selecting a particular algorithm for an application, speed of processing is an important criterion.

Table 3-2 lists the encryption and decryption rate (in Kbytes per second) for a number of algorithms. These measurements were taken on a 900MHz AMD Athlon machine running Windows 2000 and Sun's J2SE v1.4 JVM in server mode using repeated processing of a large (more than 1 MB) text file. The time spent in I/O and initialization and a few minutes of JVM warmup is not included in the reported figures.

Table 3-2. Encryption/Decryption Performance Measurements
Transformation, KeysizeEncryption Rate (KBytes/sec)Decryption Rate (KBytes/sec)
DES/CBC/PKCS5Padding, 56 bits27202302
TripleDES/ECB/PKCS5Padding, 112 bits10801010
Blowfish, 128 bits50903010
PBEWithMD5AndDES26602270

These figures indicate that Blowfish is the fastest among all the reported algorithms. Interestingly, the decryption is significantly slower than encryption with Blowfish.

How about signature creation and verification performance? Table 3-3 has the measurement figures for signing and verifying the same document.

Table 3-3. Signature Creation/Verification Performance
Algorithm, KeysizeSigning Rate (KBytes/sec)Verification Rate (KBytes/sec)
SHA1WithDSA, 512 bits1208011890
SHA1WithDSA, 1024 bits1178011580
SHA1WithRSA, 512 bits1695016910
SHA1WithRSA, 1024 bits1607016000

It is quite obvious that signing and verifying are significantly faster than encryption and decryption operations. Also, SHA1WithRSA is almost one and a half times faster than SHA1WithDSA.

These measurements are taken with the "crypttool bench" command. Use it within your environment to compare different algorithms and estimate crypto overhead for your application.

There are many ways to speed up the performance of these operations. A commonly used mechanism, especially for large volume applications, is to use special cryptographic accelerator cards. As most of the cryptographic algorithms can have extremely efficient hardware-based implementations, an order of magnitude improvement is not uncommon.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.42.149