[jira] [Resolved] (CRYPTO-59) support GCM in Apache Commons Crypto

Sun, 12 Apr 2020 07:12:46 -0700 


     [ 
https://issues.apache.org/jira/browse/CRYPTO-59?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gary D. Gregory resolved CRYPTO-59.
-----------------------------------
    Fix Version/s: 1.1.0
       Resolution: Fixed

> support GCM in Apache Commons Crypto
> ------------------------------------
>
>                 Key: CRYPTO-59
>                 URL: https://issues.apache.org/jira/browse/CRYPTO-59
>             Project: Commons Crypto
>          Issue Type: Improvement
>            Reporter: Xianda Ke
>            Priority: Major
>             Fix For: 1.1.0
>
>
> Galois/Counter Mode (GCM) is a mode of operation for symmetric key 
> cryptographic block ciphers, It is an authenticated encryption algorithm 
> designed to provide both data authenticity (integrity) and confidentiality.
> h5. 1) GCM becomes the most popular AE(AD) mode
> Galois Counter Mode(GCM) has become the most popular Authenticated Encryption 
> with Associated Data (AEAD) mode today.
> The popularity is due in part to the fact that GCM is extremely fast, but 
> mostly it's because the mode is patent-free.
> h5. 2) Java implemenation of GCM has poor performance.
> (environment: Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz)
> GCM performance in Java 7/8 is very poor, only 3.8 MB/s.
> GCM throughput can be up to 200+ MB/s in Java 9, but still fall behind 
> OpenSSL(more than 1 GB/s).
> h5. 3) Good performance of OpenSSL based on hardware acceleration
> GCM can take full advantage of parallel processing and implementing GCM can 
> make efficient use of an instruction pipeline or a hardware pipeline.Intel 
> has also introduced a new processor instruction PCLMULQDQ for computing the 
> Galois Hash, which is the underlying computation of the Galois Counter Mode 
> (GCM).
> Recent versions of OpenSSL has provided good implementations with hardware 
> acceleration([OpenSSL 
> ticket|https://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest]).
> GCM performance on Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz
> {code}
> $ openssl speed -evp aes-128-gcm
> The 'numbers' are in 1000s of bytes per second processed.
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
> aes-128-gcm     340821.25k   833407.19k  1064581.38k  1162904.23k  1181409.69k
> {code}
> It would be better to support GCM in Apache Commons Crypto. Based on OpenSSL, 
> Apache Commons Crypto can have good performance.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to