[pkg-gnupg-maint] Bug#848951: Bug#848951: gnupg: Utilize multiple cores on CPU for encryption and decryption (and compression)

[Werner Koch]

On Wed, 21 Dec 2016 06:57, witold.baryluk at gmail.com said:

> Using cipher and compression algorithms that can utilize multiple cores

It is not possible to parallelize encryption using the CFB mode as
required by OpenPGP.  In theory it would be possible to run the hashing
(which is also run on the plaintext) on a different thread.  However
that would complicate matters a lot and I doubt that there will be a
real benefit.

What would really improve throughput is a different encryption mode to
replace CFB and its SHA-1 based MDC.  My suggestion to the WG is the use
of OCB which would be a lot faster: On an X220 you get these values

 AES            |  nanosecs/byte   mebibytes/sec   cycles/byte
        CFB enc |      1.77 ns/B     537.9 MiB/s      4.08 c/B
        CFB dec |     0.373 ns/B    2557.6 MiB/s     0.858 c/B
        OCB enc |     0.436 ns/B    2189.4 MiB/s      1.00 c/B
        OCB dec |     0.452 ns/B    2107.9 MiB/s      1.04 c/B

                |  nanosecs/byte   mebibytes/sec   cycles/byte
 SHA1           |      1.88 ns/B     507.7 MiB/s      4.32 c/B

Thus the theoretical speedup would be 

          CFB    SHA1          OCB
     enc  1.77 + 1.88 = 3.65   0.44   8 times
     dec  0.37 + 1.88 = 2.25   0.45   5 times



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161221/61f9012c/attachment.sig>