github.com/mad-day/Yawning-crypto@v0.0.0-20190711051033-5a5f8cca32ec/aez/README.md

github.com/mad-day/Yawning-crypto@v0.0.0-20190711051033-5a5f8cca32ec/aez/README.md (about)

     1  ### aez - AEZ (Duh)
     2  #### Yawning Angel (yawning at schwanenlied dot me)
     3  
     4  This is an implementation of [AEZ](http://web.cs.ucdavis.edu/~rogaway/aez/),
     5  primarily based on the reference code.  It appears to be correct and the
     6  output matches [test vectors](https://github.com/nmathewson/aez_test_vectors).
     7  
     8  Features:
     9  
    10   * Constant time, always.
    11   * Will use AES-NI if available on AMD64.
    12   * Unlike the `aesni` code, supports a vector of AD, nbytes > 16, and tau > 16.
    13  
    14  Benchmarks:
    15  
    16  | Version       | Message Size | ns/op    | MB/s    |
    17  | ------------- | :----------: | -------: | ------: |
    18  | aesni         | 1            | 2430     | 0.41    |
    19  |               | 32           | 2161     | 14.80   |
    20  |               | 512          | 2491     | 205.51  |
    21  |               | 1024         | 2608     | 392.52  |
    22  |               | 2048         | 2922     | 700.74  |
    23  |               | 4096         | 3669     | 1116.12 |
    24  |               | 8192         | 5096     | 1607.43 |
    25  |               | 16384        | 7892     | 2075.93 |
    26  |               | 32768        | 13214    | 2479.65 |
    27  |               | 65536        | 24416    | 2684.11 |
    28  |               | 1024768      | 381778   | 2684.20 |
    29  |               |              |          |         |
    30  | ct64 (no-asm) | 1            | 7185     | 0.14    |
    31  |               | 32           | 9081     | 3.52    |
    32  |               | 512          | 26117    | 19.60   |
    33  |               | 1024         | 40259    | 25.43   |
    34  |               | 2048         | 67867    | 30.18   |
    35  |               | 4096         | 124411   | 32.92   |
    36  |               | 8192         | 241456   | 33.93   |
    37  |               | 16394        | 462033   | 35.46   |
    38  |               | 32768        | 914127   | 35.85   |
    39  |               | 65536        | 1804397  | 36.32   |
    40  |               | 1024768      | 27380841 | 37.43   |
    41  |               |              |          |         |
    42  | ct32 (no-asm) | 1            | 6482     | 0.15    |
    43  |               | 32           | 8673     | 3.69    |
    44  |               | 512          | 26926    | 19.01   |
    45  |               | 1024         | 45842    | 22.34   |
    46  |               | 2048         | 83350    | 24.57   |
    47  |               | 4096         | 159436   | 25.69   |
    48  |               | 8192         | 322488   | 25.40   |
    49  |               | 16394        | 618034   | 26.51   |
    50  |               | 32768        | 1200462  | 27.30   |
    51  |               | 65536        | 2366829  | 27.69   |
    52  |               | 1024768      | 37128937 | 27.60   |
    53  
    54  All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on
    55  linux/amd64.  A 16 byte authenticator (tau) and no AD was used for each test.
    56  Even on systems without AES-NI certain operations are done using SSE2
    57  (eg: XORs), but for the purposes of benchmarking this was disabled for the
    58  `ct64`/`ct32` tests.