Performance comparisons of DES and AES

Don't use DES anymore, it's kinda "deprecated" (check it in the NIST site, http://www.itl.nist.gov/ ) - use AES or Triple-DES (in the news above referred as TDEA).

July 26, 2004 -- NIST has determined that the strength of the (single) Data Encryption Standard (DES) algorithm is no longer sufficient to adequately protect Federal government information. As a result, NIST proposes to withdraw FIPS 46-3, which specifies the DES, and two related standards. Future use of DES by Federal agencies is to be permitted only as a component function of the Triple Data Encryption Algorithm (TDEA; see NIST Special Publication 800-67). TDEA may be used for the protection of Federal information; however, NIST encourages agencies to implement the faster and stronger algorithm specified by FIPS 197, Advanced Encryption Standard (AES) instead. Comments must be must be received on or before September 9, 2004.

You certainly knows that Triple-DES is slower than AES. But you want to know if it is much slower.

Make a simple test using small buffers (where the key setup time dominates the encryption time), large buffers (where the raw encryption speed dominates the encryption time) and typical loads (using your app)

edsonw at 2007-7-6 20:38:04 >

The following results were taken using "openssl speed" in a PIV-2.8GHz, 512k cache, 533Mhz bus, DDR-333. I don't take any measurements with the Sun's JCE, but I believe that the ratios between the times will be preserved.

type 16 bytes64 bytes256 bytes1024 bytes8192 bytes

des cbc 42027.09k42608.80k42946.92k43296.04k46487.16k

des ede3 17630.53k17717.10k17852.82k17938.64k18401.67k

aes-128 cbc52249.19k53558.55k54498.02k54782.75k54648.91k

aes-192 cbc47193.29k48920.30k49592.72k49828.38k49710.27k

aes-256 cbc40519.78k42946.92k43469.92k43650.88k43645.20k

edsonw at 2007-7-6 20:38:04 >

Oh, sorry by the truncated table. I've pasted an abridged version of the "openssl speed" output.

I will paste the unabridged version of "openssl speed des" output (openssl is a C crypto toolkit, not a Java toolkit).

To get the most accurate results, try to run this

program when this computer is idle.

First we calculate the approximate speed ...

Doing des cbc 20971520 times on 16 size blocks: 20971520 des cbc's in 8.11s

Doing des cbc 5242880 times on 64 size blocks: 5242880 des cbc's in 7.97s

Doing des cbc 1310720 times on 256 size blocks: 1310720 des cbc's in 7.86s

Doing des cbc 327680 times on 1024 size blocks: 327680 des cbc's in 7.78s

Doing des cbc 40960 times on 8192 size blocks: 40960 des cbc's in 7.24s

Doing des ede3 6990506 times on 16 size blocks: 6990506 des ede3's in 6.33s

Doing des ede3 1747626 times on 64 size blocks: 1747626 des ede3's in 6.31s

Doing des ede3 436906 times on 256 size blocks: 436906 des ede3's in 6.27s

Doing des ede3 109226 times on 1024 size blocks: 109226 des ede3's in 6.26s

Doing des ede3 13653 times on 8192 size blocks: 13653 des ede3's in 6.08s

OpenSSL 0.9.7d 17 Mar 2004

built on: Thu Apr 22 13:21:37 2004

options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) aes(partial) idea(int) blowfish(idx)

compiler: cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll -DOPENSSL_NO_KRB5

available timing options: TIMEB HZ=1000

timing function used: ftime

The 'numbers' are in 1000s of bytes per second processed.

type 16 bytes64 bytes256 bytes1024 bytes8192 bytes

des cbc 41374.15k42106.20k42695.55k43123.55k46377.93k

des ede3 17675.11k17719.91k17849.97k17852.74k18398.65k

edsonw at 2007-7-6 20:38:04 >