SM4: 单block的性能问题 #172

emmansun · 2023-10-11T08:57:11Z

emmansun
Oct 11, 2023
Maintainer

当前用AES-NI实现的encryptBlockAsm的性能，比不上使用查表方法（预计算了L变换：Lookup(j) = L(sbox[j])）的纯golang实现，当然目前实现的查表方法是非constant-time实现，如果实现constant-time查表，性能会显著下降。

Constant-Time实现：

// T
func t(in uint32) uint32 {
	var b uint32

	b = getSboxValue(byte(in))
	b |= getSboxValue(byte(in>>8)) << 8
	b |= getSboxValue(byte(in>>16)) << 16
	b |= getSboxValue(byte(in>>24)) << 24

	// L
	return b ^ (b<<2 | b>>30) ^ (b<<10 | b>>22) ^ (b<<18 | b>>14) ^ (b<<24 | b>>8)
}

func precompute_t(in uint32) uint32 {
	return getSboxTValue(&sbox_t0, byte(in>>24)) ^
		getSboxTValue(&sbox_t1, byte(in>>16)) ^
		getSboxTValue(&sbox_t2, byte(in>>8)) ^
		getSboxTValue(&sbox_t3, byte(in))
}

func getSboxTValue(box *[256]uint32, x byte) uint32 {
	ret := 0
	for i, v := range box {
		cond := subtle.ConstantTimeByteEq(byte(i), x)
		ret |= subtle.ConstantTimeSelect(cond, int(v), 0)
	}
	return uint32(ret)
}

func getSboxValue(x byte) uint32 {
	ret := 0
	for i, v := range sbox {
		cond := subtle.ConstantTimeByteEq(byte(i), x)
		ret |= subtle.ConstantTimeSelect(cond, int(v), 0)
	}
	return uint32(ret)
}

性能：

goos: windows
goarch: amd64
pkg: github.com/emmansun/gmsm/sm4
cpu: Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz
BenchmarkEncrypt
BenchmarkEncrypt-6
   40726	     27236 ns/op	   0.59 MB/s	       0 B/op	       0 allocs/op

非Constant-Time实现（当前实现）性能：

goos: windows
goarch: amd64
pkg: github.com/emmansun/gmsm/sm4
cpu: Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz
BenchmarkEncrypt
BenchmarkEncrypt-6
 8678527	       134.2 ns/op	 119.22 MB/s	       0 B/op	       0 allocs/op

所以用AES-NI实现，从安全性和性能平衡来讲，目前还是一个好的选择。

参考

emmansun · 2024-01-25T01:20:29Z

emmansun
Jan 25, 2024
Maintainer Author

看起来arm64下，使用aes-ni的单block性能还是下降很多的，所以先切回使用查表实现。

AES-NI
goos: darwin
goarch: arm64
BenchmarkSM4BCEncrypt1K
BenchmarkSM4BCEncrypt1K-8        	   45248	     23536 ns/op	  43.51 MB/s
BenchmarkSM4BCDecrypt1K
BenchmarkSM4BCDecrypt1K-8        	   52416	     22513 ns/op	  45.48 MB/s

查表
goos: darwin
goarch: arm64
BenchmarkSM4BCEncrypt1K
BenchmarkSM4BCEncrypt1K-8        	  109899	      9677 ns/op	 105.81 MB/s
BenchmarkSM4BCDecrypt1K
BenchmarkSM4BCDecrypt1K-8        	  140384	      8289 ns/op	 123.54 MB/s

1 reply

emmansun Jan 25, 2024
Maintainer Author

v0.25.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SM4: 单block的性能问题 #172

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

SM4: 单block的性能问题 #172

emmansun Oct 11, 2023 Maintainer

参考

Replies: 1 comment · 1 reply

emmansun Jan 25, 2024 Maintainer Author

emmansun Jan 25, 2024 Maintainer Author

emmansun
Oct 11, 2023
Maintainer

Replies: 1 comment 1 reply

emmansun
Jan 25, 2024
Maintainer Author

emmansun Jan 25, 2024
Maintainer Author