In this article I'll have a quick look at the speed of the crypto cipher algorithms found in Linux kernel 2.6.21.4. The background for this test is to find a fast algorithm for online encryption of a hard disk partition using the device mapper facility.
The repository of cryptographic algorithms is continuously increasing in the Linux kernel.
With the kernel 2.6.21.4 there are the many cipher algorithms. Unfortunately some have
big restrictions on the key size. This is the number of bits of the secret key - the
more the better is a rule of thumb.
I only take a look at algorithms capable of using 128 bit cipher encryption:
The hardware test setup is:
udma6 modeThe software test setup is:
/bin/dd/proc/loadavg/usr/bin/timeThe test script does the following: For each cipher, write 2 GB, read 2 GB, write 2 GB and again read 2 GB. After each test take the load average and the time needed.
In the following table you can see the times for writing. Read tests are comparable, but always a little faster. What do the columns mean?
The first row tells us how fast everything is without cryphography. 55 MB/s write speed definitely rocks!
But let's have a look at the situation if you want to encrypt your data.
The fastest algorithm is AES586 which is only 0.49 times as fast as unencrypted transfer.
Please note that AES586 is the assembly optimized version of the AES cipher which
is also contained as plain AES which only performs with factor 0.36!!
The slowest is ARC4 which is 0.24 times as fast as unencrypted transfer.
| Algorithm | Test | Load | Time | CPU% | Data [Bytes] | Speed [MB/s] | Factor |
|---|---|---|---|---|---|---|---|
| none | w | 1.54 | 00:37.09 | 27 | 2147483648 | 55.35 | 1 |
| aes | w2 | 4.43 | 01:44.14 | 5 | 2147483648 | 19.69 | 0.36 |
| aes586 | w2 | 4.39 | 01:14.62 | 9 | 2147483648 | 27.31 | 0.49 |
| anubis | w2 | 3.99 | 01:40.15 | 5 | 2147483648 | 20.48 | 0.37 |
| arc4 | w2 | 5.61 | 02:34.11 | 3 | 2147483648 | 13.3 | 0.24 |
| blowfish | w2 | 4.33 | 01:37.00 | 5 | 2147483648 | 21.11 | 0.38 |
| camellia | w2 | 5.07 | 01:48.79 | 5 | 2147483648 | 18.79 | 0.34 |
| cast5 | w2 | 4.66 | 01:34.64 | 5 | 2147483648 | 21.56 | 0.39 |
| cast6 | w2 | 5.14 | 02:27.99 | 3 | 2147483648 | 13.84 | 0.25 |
| khazad | w2 | 4.64 | 01:40.34 | 5 | 2147483648 | 20.48 | 0.37 |
| serpent | w2 | 5.86 | 02:21.78 | 3 | 2147483648 | 14.42 | 0.26 |
| tea | w2 | 5.53 | 02:15.81 | 3 | 2147483648 | 15.06 | 0.27 |
| tnepres | w2 | 5.49 | 02:22.06 | 3 | 2147483648 | 14.42 | 0.26 |
| twofish | w2 | 5.35 | 01:25.65 | 6 | 2147483648 | 23.81 | 0.43 |
| xeta | w2 | 5.07 | 02:20.53 | 3 | 2147483648 | 14.52 | 0.26 |
| xtea | w2 | 5.32 | 02:17.01 | 3 | 2147483648 | 14.95 | 0.27 |
The speed in MB/s as a graph.
I've shown in a simple test that there's a notable difference in speed of the cipher algorithms in the Linux kernel.
The fastest algorithm is in effect 104% faster than the slowest on my setup if comparing the factors.
This is speed experienced by the end user.
AES is only the fastest algorithm if using
the 586 optimized assembly version. Speedup begins with loading the kernel module aes586.
If you're running something different than an x86 consider using twofish.
Since the C version of twofish is faster than AES, it would be interesting whether an assembly
version of twofish also beats AES586.
If you're using an old machine like a Pentium 200 MMX you'll have poor factors like 0.1 for twofish and the others!
Think twice before activating encryption.
Please note that this is no article about the cryptographic strongness of an algorithm! The
weak ARC4 cipher is the slowest.
I've only tested the algorithms at 128 bit key length. The situation may change if you use bigger keys.
Different CPUs will produce different test results. Especially performance in a SMP environment is
interesting. Will the work split up in threads? The naming of the kernel crypto thread (kcryptd/0)
suggests this.