Up To 162% Faster AES-GCM Encryption/Decryption For Intel & AMD CPUs On Linux
Eric Biggers on Sunday posted the latest iteration of his patches providing for greater AES-GCM improvements. Similar to the massive gains seen with his AES-XTS work, the AES Galois/Counter Mode improvements are also extremely beneficial. At the top-end, the new AES-GCM code can yield up to a 162% improvement!
This new AES-NI GCM code replaces prior code written by Intel and also addresses problems with the former code. Biggers explained in the patch series:
"This patchset adds a VAES and AVX512 / AVX10 implementation of AES-GCM (Galois/Counter Mode), which improves AES-GCM performance by up to 162%. In addition, it replaces the old AES-NI GCM code from Intel with new code that is slightly faster and fixes a number of issues including the massive binary size of over 250 KB. See the patches for details.
The end state of the x86_64 AES-GCM assembly code is that we end up with two assembly files, one that generates AES-NI code with or without AVX, and one that generates VAES code with AVX512 / AVX10 with 256-bit or 512-bit vectors. There's no support for VAES alone (without AVX512 / AVX10). This differs slightly from what I did with AES-XTS where one file generates both AVX and AVX512 / AVX10 code including code using VAES alone (without AVX512 / AVX10), and another file generates non-AVX code only. For now this seems like the right choice for each particular algorithm, though, based on how much being limited to 16 SIMD registers and 128-bit vectors resulted in some significantly different design choices for AES-GCM, but not quite as much for AES-XTS. CPUs shipping with VAES alone also seems to be a temporary thing, so we perhaps shouldn't go too much out of our way to support that combination."
The performance improvements for AES-GCM from this new code are very apparent:
Recent Intel and AMD processors are showing very nice gains across the board in the AES-GCM encryption/decryption speed. Hopefully this new code will be tidied up in time for the Linux v6.11 cycle later this year.