kent.overstr...@gmail.com (Kent Overstreet) writes: > On Tue, Sep 20, 2016 at 10:23:20AM -0400, Theodore Ts'o wrote: >> On Tue, Sep 20, 2016 at 03:15:19AM -0800, Kent Overstreet wrote: >> > Not on the list or I would've replied directly, but on Haswell, ChaCha20 >> > (in >> > software) is over 2x as fast as AES (in hardware), at realistic (for a >> > filesystem) block sizes: >> >> On Skylake and Broadwell processors, AES is faster (the posting is >> from a ChaCha20 enthusiast): >> >> https://blog.cloudflare.com/it-takes-two-to-chacha-poly/ > > The performance delta in his graphs isn't near as big as what I've measured, > which makes me suspect OpenSSL's ChaCha20 implementation isn't nearly as fast > as > the kernel's.
The other thing to keep in mind is this (aka what's true for a big intel cpu isn't true everywhere): "The new cipher suites are fast. As Adam Langley described, ChaCha20-Poly1305 is three times faster than AES-128-GCM on mobile devices. Spending less time on decryption means faster page rendering and better battery life." https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/ The argument made by Bernstein is in a nutshell than "CPUs are optimized for video games and thus ciphers should use the same instructions which makes games 'faster'" (I'd recommend to read his whole email to understand what he means): https://moderncrypto.org/mail-archive/noise/2016/000699.html ) Or as one person commented on the net https://news.ycombinator.com/item?id=12264321 : Bernstein agrees with you. His point isn't that it's dumb that CPUs are optimized for games. It's that cipher designers should have enough awareness of trends in CPU development to design ciphers that take advantage of the same features that games do. That's what he did with Salsa/ChaCha. *His subtext is that over the medium term he believes his ciphers will outperform AES, despite AES having AES-NI hardware support.* (emphasis mine) -- Mathieu Chouquet-Stringer The sun itself sees not till heaven clears. -- William Shakespeare -- -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
