Notes on the performance of encryption algorithms

| Comments (4) | TrackBacks (15) |
I get asked a lot about the performance of encryption. Here are some microbenchmarks that should give you the feel of the situation. Obviously, real protocols behave differently, but these should give you a feel for the order of magnitude.

Symmetric Encryption Algorithms

AlgorithmSpeed (MB/s)
3DES (EDE)24

Message Digests

AlgorithmSpeed (MB/s)

Public Key Algorithms

AlgorithmPrivate Key Ops/sPublic key ops/s

All measurements taken using OpenSSL on a single-processor 3 GHz Pentium running FreeBSD.

The take home message here is that well designed communications security systems are fast enough for almost any practical Internet communications scenario and most Intranet ones. For the few cases where you actually need speeds that approach or exceed 1Gb/s, acceleration hardware is readily available.

15 TrackBacks

Listed below are links to blogs that reference this entry: Notes on the performance of encryption algorithms.

TrackBack URL for this entry:

debt ratio from debt ratio on August 10, 2005 1:13 PM

debt ratio Read More

psychotherapy from psychotherapy on August 13, 2005 1:40 PM

psychotherapy Read More

real estate appraisal from real estate appraisal on August 30, 2005 6:58 AM

real estate appraisal Read More

diploma Read More

storage sheds from storage sheds on October 26, 2005 9:33 PM

storage sheds Read More

christmas costumes from christmas costumes on November 21, 2005 2:03 AM

christmas costumes Read More

christmas santa Read More

Hentai comic story from Sample hardcore sex clips on December 10, 2005 1:44 PM
kelly blue book from kelly blue book on January 9, 2006 3:01 AM

kelly blue book Read More

Payday Loans is a niceblog. Read More

drugs without prescriptions from drugs without prescriptions on January 20, 2006 8:05 PM

Presbyterianism sprinting inflation McPherson adumbrated,winter fosamax Read More

Blackjack Roulette Poker from Blackjack Roulette Poker on January 26, 2006 7:51 AM

South carolina lottery spectacular south carolina lottery slot machines punched-card slot machines. Read More

auto insurance quotes from auto insurance quotes on February 28, 2006 1:42 PM

sex,subfields:debugged kidnappings.hems!life insurance Read More


Interesting to compare different implementations. show values for a 2.1 GHz machine using the Crypto++ library rather than OpenSSL. Some of the ratios are quite different - for example, OpenSSL apparently has DES as fast as AES-128 and faster than AES-256. Crypto++ in contrast has AES-256 twice as fast as DES and AES-128 3 times as fast (it is called Rijndael there). Also the ratio between the hash and the encryption algorithms is somewhat different as well.

Brian Gladman has a new hand-tuned AES assembly language implementation at He reaches 18.08 cycles per byte for AES-128 and 24.58 for AES-256. If I understand how to convert this to MB/sec on a 3 GHz machine (divide into 3000) these are speeds of 166 MB/sec for AES-128 and 122 MB/sec for AES-256. Pretty fast!

People sometimes ask, which is faster, SHA-1 or AES? The conventional wisdom is that the hash functions are faster. But with these highly optimized AES implementations, they are just as fast or even faster than typical SHA-1. Nobody cares to hand-optimize SHA-1 for some reason.

EKR, it seems counterintuitive to me that the OpenSSL library implementation of HMAC-MD5 should have a superior benchmark to that of its implementaiton of MD5 (for those reading this who unfamiliar with HMAC-MD5, its definition implies performing MD5 on the entire message plus some additional overhead). Did you by any chance reverse the performance values for MD5 and HMAC-MD5?

Even software can be much better:

Hand tuned assembly on a 3 GHz Pentium can do 128b aes at 1.5 Gbps!

Leave a comment