Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AES-SIV encryption/decryption has bad performance on small input and when run in many threads in parallel. #36

Closed
juergw opened this issue Apr 29, 2024 · 1 comment
Closed

AES-SIV encryption/decryption has bad performance on small input and when run in many threads in parallel. #36

juergw opened this issue Apr 29, 2024 · 1 comment
Assignees
@juergw

Comments

@juergw
Copy link
Contributor

juergw commented Apr 29, 2024

This is the same issue as already discussed here for AES-GCM:

tink-crypto/tink#208

AES-SIV currently creates a new cipher object on each call to encryptDeterministically and decryptDeterministically. But creating these objects is expensive, and it requires locks, which make it even worse when done in multiple threads.

AES-SIV is often used to encrypt small values, for example EncryptedSharedPreferences uses it to encrypt keys in key-value pairs, which are typically small.

So we should add the same solution as proposed in tink-crypto/tink#208 and use ThreadLocal ciphers objects.
@juergw juergw self-assigned this Apr 29, 2024
copybara-service bot pushed a commit that referenced this issue Apr 29, 2024
@juergw @copybara-github
Use ThreadLocal for Cipher instances in AesSiv and PrfAesCmac.
e3074ae 
We already do the same thing for other key type, such as AES-GCM.

See also: #36, and #24.

I run some benchmarks for this, where I encrypt some data using AES-SIV many times.
- For 1kb data, it get 2.5x faster for a single thread, and 5.6x faster for 10 threads in parallel.
- For 32 bytes data, it gets 15x faster for a single thread, and 41x faster for 10 threads in parallel.

PiperOrigin-RevId: 629075782
Change-Id: I6735eafe4670213af15084343a7f269885d1101b
@juergw juergw closed this as completed May 3, 2024
@juergw juergw reopened this May 3, 2024
@juergw
Copy link
Contributor Author

juergw commented Jul 4, 2024

This is now fixed in the new release 1.14, https://github.com/tink-crypto/tink-java/releases/tag/v1.14.0. This release also contains other performance improvements for AES-SIV, and AES-CMAC, for example 862ecfc and ff90fb9.

@juergw juergw closed this as completed Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@juergw juergw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@juergw