AEWIN

Balancing Security with Efficiency: Encryption and Decryption Performance on Entry-Level CPUs

social_icon_fb social_icon_twitter social_icon_line social_icon_line

Introduction
Encryption is crucial for securing data, even in cost-sensitive environments powered by entry-level CPUs with 1 to 4 cores. In this blog, we’ll compare the encryption and decryption performance of QAT and AES-NI and Intel CPUs using OpenSSL across 1C, 2C, and 4C configurations. Also included AMD’s 2-core performance as a reference.

Crypto Acceleration Performance Comparison
The evolution of CPUs brings in better performance of encryption and decryption operation to enable efficient data processing and enhanced security. The performance results of IPsec of Intel Atom processors have been listed below. From generation to generation, Intel enhances crypto acceleration with simplified hardware integration with better TCO.

  • In platform powered by Denverton processor, the performance of IPSec crypto of integrated QAT is better than the one of CPU core with AES-NI accelerator.
  • Crypto acceleration performance has enhanced from Denverton (5Gbps) to Alder Lake (10/13 Gbps) to Amston Lake (15/17 Gbps) as representing the evolution and improvement of generations.
  • The crypto acceleration of Amston Lake platform with AES-NI and other accelerator of CPU core has reached and over the performance of Denverton platform with integrated QAT. That is, the integrated instructions of Amston Lake processor have excellent performance which offers simplified hardware integration with better Total Cost of Ownership (TCO).

In addition to IPSec performance, OpenSSL is a comprehensive, high-quality toolkit designed for general-purpose cryptography and secure communication. The throughput results of both IPSec and OpenSSL with two kinds of cryptographic algorithms at different package size are included in the following table for performance comparison from generation to generation.

  • AES-128-GCM operates in Galois/Counter Mode, which is a modern authenticated encryption mode which includes built-in authentication and integrity checks. On the other hand, AES-128-CBC-HMAC-SHA1 uses Cipher Block Chaining (CBC) mode for encryption and a separate HMAC-SHA1 for integrity. CBC mode alone does not provide integrity, so HMAC-SHA1 is used to add a layer of authentication. GCM is generally faster than CBC because it can be parallelized while CBC cannot be parallelized during encryption and the HMAC-SHA1 adds an additional performance overhead due to the extra integrity check step. And the performance listed in the table in line with this expectation.
  • The performance of higher CPU core count shows higher performance no matter with AES128-GCM or AES-128-CBC-HMAC-SHA1. The increase in performance is equivalent to the corresponding increase in the number of cores. Once the core counts double, the cryptography performance also doubles accordingly.

As for AMD, the efficiency of encryption and decryption operations are enhanced with AESNI (Advanced Encryption Standard New Instructions) and the OpenSSL test results of Ryzen Embedded R1000 are listed below. The cryptography performances of Intel Denverton and Amston Lake are also included in the table as a reference.

  • The cryptography performance of Ryzen R1000 platform increases significantly with the use of AES-NI instruction set to perform encryption and decryption operations more efficiently.
  • Regarding the test results with large package size, the performance result of OpenSSL of AMD Ryzen 1000 is superior to the one of Intel Denverton while the performance with smaller package size shows the opposite.
  • The latest Intel Amston Lake processor perform the best in both small and large package size compared to AMD Ryzen R1000 and Denverton processors.

Conclusion
Crypto acceleration is important to handle data with security and efficiency. Vendors of processors are all dedicated to developing enhanced performance to meet the demands of the market. This Tech Blog offers some performance results of encryption to show the evolution of the development for entry level processors.