Re: Crypto hardware performance
On Mon, 3 Dec 2007 16:33:29 -0600, Patrick O'Keefe <[EMAIL PROTECTED]> wrote: > >I understand that the CPACF instructions are just that - single >instructions. But so are AR, MVCL, and CFC - quite a range. >(I'm guessing that CFC takes a long time to execute. It's >description takes a long time to read!). I'm guessing that the >CPACF instructions are implemented in millicode and may not >execute quite as fast, and represent quite as light a load on the >CP, as AR (for example). > >One of the people here suggested that enabling the feature did >nothing more than enabled instruction decode - that the cycles >burned were about the same - hardware or software. I would like >to refute that if the appropriate doc exists. > >Pat O'Keefe when we were developing our tape encryption product for the z/VM environment, we did some timing and performance tests between the software implementations of popular encryption algorithms (DES, TDES, AES) and the hardware implementations IBM provides (CPACF) on the z9 boxes. The hardware implementation were anywhere between 100x and 255x times faster that the software ones on processing significant amounts of data (over a megabyte, say). The software routines were hand coded in S/390 assembler for maximum performance, as well. Of course, the hardware instructions can execute for significant amounts of time as well; these instructions can return control with condition code 3 (I think) set, meaning that the instruction has not finished processing all of the data it needs to and should be reissued. DJ V/Soft z/VM and mainframe Linux expertise, training, consulting, and software development www.vsoft-software.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Crypto hardware performance
On Mon, 3 Dec 2007 15:46:59 -0600, Ernest Nachtigall <[EMAIL PROTECTED]> wrote: Thank you very much for joining the discussion. I'm afaid you're going to be swamped with questions for a while. >... Fo CPACF, is is a single OP code so beats >software routines thousands to one (TDES ASM routine has thousands of >instructions). >... I understand that the CPACF instructions are just that - single instructions. But so are AR, MVCL, and CFC - quite a range. (I'm guessing that CFC takes a long time to execute. It's description takes a long time to read!). I'm guessing that the CPACF instructions are implemented in millicode and may not execute quite as fast, and represent quite as light a load on the CP, as AR (for example). One of the people here suggested that enabling the feature did nothing more than enabled instruction decode - that the cycles burned were about the same - hardware or software. I would like to refute that if the appropriate doc exists. Pat O'Keefe -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Crypto hardware performance
On Mon, 3 Dec 2007 12:58:53 -0600, Patrick O'Keefe <[EMAIL PROTECTED]> wrote: >Is there any doc comparing performance of crypto functions using >the encryption hardware vs the same functions using software? > >I've seen a paper showing the performance of both CPACF and CEX2 >based on block sizes (very big differences) but not compared to >with software-only. I've also seen a z/Linux-oriented paper >supposedly showing software vs hardware performance, but not >showing any effect of message size reported in the other paper >so I'm a bit suspicious of its validity. > >Pat O'Keefe > > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html There is no official paper, but if you look at empirical data, software encryption for short texts (say in the area of 100 or so bytes) is "faster", but over that length or so, hardware just flies. Has to do with the time taken to "prime" the hardware, set up the key values, then do the work, Doing the work is relatively short with respect to priming the hardware. This is true for the CEX2 which processes keys that are already encrypted (hardware need to decrypt these before work begins). Fo CPACF, is is a single OP code so beats software routines thousands to one (TDES ASM routine has thousands of instructions). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Crypto hardware performance
Is there any doc comparing performance of crypto functions using the encryption hardware vs the same functions using software? I've seen a paper showing the performance of both CPACF and CEX2 based on block sizes (very big differences) but not compared to with software-only. I've also seen a z/Linux-oriented paper supposedly showing software vs hardware performance, but not showing any effect of message size reported in the other paper so I'm a bit suspicious of its validity. Pat O'Keefe -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html