Aes-ni Accelerated Cryptography Calculation

aes-ni Instruction Set

Aes-ni is an extension of the x86 instruction set architecture for Intel and AMD microprocessors, presented by Intel in March 2008. [1] The purpose of the instruction set is to improve the speed with which applications use the Advanced Encryption Standard (AES) to perform encryption and decryption. This technology is available from enterprise-class large data, block links to personal Nas, and so on. How to check if the CPU supports this feature

$ cat/proc/cpuinfo | grep AES | Wc-l

If support, should be 4 cores, the result is 4

//My home 15 years of the United States mobile I5-4200U CPU @ 1.60GHz incredibly also support; but 13 notebook does not support

//work notebook I5-5200U not supported

Successful contrast tests

Using the OpenSSL command, finally found that open aes-ni there are obvious differences. Version: OpenSSL 1.0.2g 1 Mar 2016

$ OpenSSL SPEED-ELAPSED-EVP AES-256-CBC

$ openssl_ia32cap= "~0x200000200000000" OpenSSL Speed-elapsed-evp aes-256 -CBC

$ openssl speed-elapsed-evp aes-128-cbc

$ openssl_ia32cap= "~0x200000200000000" OpenSSL speed-elapsed- EVP AES-128-CBC

| Whether to open |type |16 bytes | bytes | 256 bytes | 1024 bytes |8192 bytes|

| ——— –| ————— –| ————-| ————— | ————— | ——————-| ————— |

| It's |AES-256-CBC | 364209.02k| 398876.69k | 401026.39k | 398883.84k | 411863.72k|

| no |AES-256-CBC | 167362.41k | 183630.57k | 188587.43k | 181141.16k | 192430.08k|

| It's |AES-128-CBC | 496741.25k | 549389.38k | 541275.99k | 568249.34k | 557129.73k|

| no |AES-128-CBC | 228221.45k | 253612.69k | 261900.12k | 252299.61k | 267665.41k|

Drama scene: As on the American machine CPU than the work notebook is poor, but opened the aes-ni instead of good performance

| Whether to open |type |16 bytes | bytes | 256 bytes | 1024 bytes |8192 bytes|

| ——— –| ————— –| ————-| ————— | ————— | ——————-| ————— |

| is |AES-256-CBC |164328.05k | 185898.77k | 188741.03k | 189848.23k | 191176.70k|

| no |AES-256-CBC |172242.04k | 185854.25k | 189062.06k | 190826.84k | 190308.35k|

| is |AES-128-CBC |234664.05k | 254232.28k | 262027.18k | 264717.31k | 266376.53k|

| no |AES-128-CBC |230932.81k | 258159.45k | 260335.87k | 265747.80k | 266283.69k|

The performance of Muscle machine 53 under the same test

| Whether to open |type |16 bytes | bytes | 256 bytes | 1024 bytes |8192 bytes|

| ——— –| ————— –| ————-| ————— | ————— | ——————-| ————— |

| is |AES-256-CBC |368562.35k |422608.32k |422655.83k |428560.38k | 432821.59k|

| no |AES-256-CBC |163098.28k |199936.81k |201100.63k |203751.77k |204423.17k|

| is |AES-128-CBC |490116.30k |588865.32k |541665.28k |592911.02k |601513.98k|

| no |AES-128-CBC |225345.57k |273998.44k |280313.77k |284544.00k |285297.32k| Java is supported by default for Aes-ni. (Answer: Yes, provided the hardware of this machine is supported)

Important Article explains how to open Aes-ni on Linux Java

Hardware intrinsics were added to use Advanced encryption (AES). The Useaes and Useaesintrinsics flags are available to enable the hardware-based AES intrinsics for Intel hardware. The hardware must be or newer Westmere hardware.

The most important points: 1. Confirm CPU Support 2. It has nothing to do with class compilation, it's a technique at runtime 3. The default Open

If you are opening support-xx:+useaes-xx:+useaesintrinsics///
If you are canceling support

-xx:-useaes-xx:-useaesintrinsics
// Check to see if the JVM's aes-ni support option has been turned on, and the results show that 23 is turned on and the work Notebook is not open (other servers, including the North soft One, are also open); The home of the American machine is open

$ java-xx:+printflagsfinal-version | grep AES

Aes-ni May is available on the server VM. AESNI Test Results

Ready to compare: The work notebook is not aes-ni, but the CPU is i5-5200u, more frequently than the 53 muscle machine Server Xeon (Intel (R) Xeon (r) CPU e5-2660 v4 @ 2.00GHz), if the same class runs better than the work notebook , which shows that the Aes-ni has played a role; then shut down Aesni on the server and try

Working notebook is 2.2Ghz CPU, the frequency is higher than the server Xeon 2.0Ghz, but the work notebook is not AESNI instruction set, encryption AES 100 million times need 75 seconds, opposite server on the same code as long as 30 seconds

The AESNI instruction set can also be turned off on the server, and the time becomes 75 seconds. strong contrast, open or not one times the gap

[Root@vm-yjy-36 blockchain]# java aesnitester

Begin.

End.. Time consuming: 30517

[root@vm-yjy-36 blockchain]# java aesnitester

Begin.

End.. Time consuming: 29570

[root@vm-yjy-36 blockchain]# java-xx:-useaes-xx:-useaesintrinsics aesnitester

Begin.

End.. Time consuming: 78823

[root@vm-yjy-36 blockchain]# java-xx:-useaes-xx:-useaesintrinsics aesnitester

Begin.

End.. Time Consuming: 75427

Attached: The source code of the test file

Import javax.crypto.*;
Import Javax.crypto.spec.IvParameterSpec;
Import java.security.InvalidAlgorithmParameterException;
Import java.security.InvalidKeyException;
Import java.security.NoSuchAlgorithmException;

Import Java.security.SecureRandom;

    public class Aesnitester {private static final String plaintext = "Zzzlovexuxuandhenryzzzlovexuxuandhenry"; public static void Main (string[] args) throws NoSuchAlgorithmException, Nosuchpaddingexception, Invalidalgorithmparameterexception, InvalidKeyException, Badpaddingexception, illegalblocksizeexception {long beg
        Intime = System.currenttimemillis ();
        System.out.println ("Begin;.");
        1. Generate random number SecureRandom Srandom = new SecureRandom ();
        2. Vector byte[] IV = new BYTE[128/8];
        Srandom.nextbytes (iv);
        Ivparameterspec Ivspec = new Ivparameterspec (iv);
        3. Key Keygenerator KGen = Keygenerator.getinstance ("AES");
      Secretkey skey = Kgen.generatekey ();  4. Initialization of Cipher Cipher = cipher.getinstance ("aes/cbc/pkcs5padding");
        Cipher.init (Cipher.encrypt_mode, Skey, Ivspec);
        5. Start encryption for (int i=0; i<100000000; i++) {byte[] ciphered = cipher.dofinal (Plaintext.getbytes ()); } System.out.println ("End ....

Time consuming: "+ (System.currenttimemillis ()-begintime));
System.out.println ("Before encryption Length:" + plaintext.length () + "encrypted length:" + ciphered.length);
Cipher.init (Cipher.decrypt_mode, Skey, Ivspec);
Byte[] recovered = Cipher.dofinal (ciphered);
    System.out.println ("Decryption succeeded:" + new String (recovered)); }
}

Final confirmation that the Aes-ni command has been used on the muscle machine.

Verify that the server is using the AESNI directive (see 53 on the following computer comparison test, pure encryption time also save half), but from the dofinal to the whole, there are still a lot of work, such as key initialization, vector initialization, random number generation, pure encryption elevation 100%, However, these early initialization work, the promotion of less than 10%, that is, pure encryption calculation in the overall password module is only part of the operation, which is why before estimating deviations

JAVA-CP.:/ethereumj-core-1.5.0-snapshot-all.jar Aesspongytester End

. 3694

java-xx:-useaes-xx:-useaesintrinsics-cp.:/ethereumj-core-1.5.0-snapshot-all.jar AESSpongyTester

End.. 9513

Attention:

1. Compiled into the entire jar package, all the required classes are inside. Javac to add this jar for Classpath

2. Runtime classpath to add a local directory (that is, this lone test class is in the directory)