[tahoe-dev] [tahoe-lafs] #1164: use XSalsa20+AES-128 encryption
Samuel Neves
sneves at dei.uc.pt
Sat Sep 4 00:10:02 UTC 2010
On 04-09-2010 00:42, Jack Lloyd wrote:
> On Sat, Sep 04, 2010 at 12:06:12AM +0100, Samuel Neves wrote:
>> >From eBACS [1], AES-256 is roughly 60% slower than AES-128. XSalsa20 is
>> around 25% to 50% faster than AES-128. So it does seem to make a dent on
>> performance.
>>
>> [1] http://bench.cr.yp.to/results-stream.html (search for "arm")
> Interesting. This seems quite surprising considering that AES-256 has
> 14 rounds vs AES-128's 10 (so a ratio of 1.4) and has 12 inner rounds
> vs AES-128's 8 (ratio 1.5); so I would have thought that the upper
> bound on the difference would be 50%; I wonder how it managed to get
> 60%?
My wild guess is the extra 16 words of key schedule --- table-based AES
is already memory-access intensive. Perhaps more careful instruction
scheduling could fix this (?).
More information about the tahoe-dev
mailing list