What’s The Fastest Symmetric Cipher and Mode?
What’s The Fastest Symmetric Cipher and Mode?
And the winner? AES-ECB (don’t use!) and AES-CTR (don’t use!)
And, so, the Rijndael method won the NIST competition for the AES standard, and the rest is history. But, is it the fastest symmetric key method around, and how does the mode of the cipher vary the performance?
So let’s run the command of:
% openssl speed -evp AES-256-GCM
Doing AES-256-GCM for 3s on 16 size blocks: 96160410 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 64 size blocks: 71174553 AES-256-GCM's in 3.00s
Doing AES-256-GCM for 3s on 256 size blocks: 28719919 AES-256-GCM's in 3.00s
Doing AES-256-GCM for 3s on 1024 size blocks: 7961024 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 8192 size blocks: 1025427 AES-256-GCM's in 3.00s
Doing AES-256-GCM for 3s on 16384 size blocks: 513050 AES-256-GCM's in 3.00s
version: 3.0.8
built on: Tue Feb 7 13:43:33 2023 UTC
options: bn(64,64)
compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN -DOPENSSL_PIC -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
CPUINFO: OPENSSL_ia32cap=0x298220f4f8b8f15:0x0
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
AES-256-GCM 514570.76k 1518390.46k 2450766.42k 2726451.03k 2800099.33k 2801937.07kIn this case for 16 bytes of data for AES-256 in GCM mode, we have 514,570,000 bytes processed. Now we can run a test. We can see that 128-bit AES with ECB is the fastest — this is because ECB mode does not contain any salt value. The next fast is CTR mode, and which is close to the performance as ECB. GCM mode is a stream cipher mode, and is around 36.8% of the speed of ECB. Behind that we see that ChaCha20 has around half the performance throughput for GCM mode. CBC and CCM modes havve a similar performance to ChaCha20. We can see that CAMELLIA, ARIA and SM4 has poor performance compared with AES — with a performance of around 50 times slower. Finally, 3DES has the worst performance overall and is around 300 times slower than the fastest mode.
Generally, ECB is the fastest, followed by CTR and XTS, and where CFB1 is the slowest. While CBC is fast, it has a core weakness, and allows a block to be corrupted without verifying it. Generally, CTR and GCM are nearly the same, and both produce a stream cipher. GCM is slower as it adds additional data to the ciphering process. One thing about GCM, is that the nonce should never be reused, and that you need to decrypt everything before a single byte is used.
Key findings:
- AES-128-ECB and AES-128-CTR are fast, but not secure.
- AES-128-CBC doesn’t scale well for larger amounts of data.
- AES-128-XTS needs to be fast, as it is used for disk encryption.
- AES GCM and ChaCha20 offer good performance and support AEAD (Authenticated Encryption with Additional Data).
- Chinese standard (SM4) is very slow in comparison with AES.
- ARIA and Camillia fail to get into the Top 10.
- 3DES is plodding along at the back (as it has three encryption operations).
Conclusions
And, so, AES is the fastest of the symmetric keys and beats ChaCha20. These two are much faster than ARIA, CAMELLIA and SM4. Overall, 3DES is the slow coach of the methods, and which will be deprecated by the end of this year. For modes, ECB is the fastest, but should never be used. If performance is important that CTR is the fastest mode, with GCM giving reasonable performance.
Here are the methods: