RE: Twofish/AES News (bogus performance claims?)

Doug Whiting (DWhiting@Stac.com)
Thu, 10 Dec 1998 09:09:00 -0800

• Next message: Dutra de Lacerda: "RE: Twofish/AES News (bogus performance claims?)"
• Previous message: Alex Alten: "RE: Twofish/AES News (bogus performance claims?)"

I agree that Brian's code gets very impressive results for C. I ran my
assembler and (slower) C benchmarks on many machines, using the Pentium
timer to get high resolution timing, so I'm quite confident that the
assembler numbers are real. I know almost nothing about AMD or Cyrix CPU
optimizations, so unfortunately I have no idea why it runs so much slower.

Thanks for the time and interest in Twofish.

-----Original Message-----
From: Alex Alten
To: Doug Whiting
Cc: 'CodherPlunks@toad.com'; 'schneier@counterpane.com'
Sent: 12/10/98 9:06 AM
Subject: RE: Twofish/AES News (bogus performance claims?)

Doug,

Well I tried out Brian's code. I timed it at about 7.5 MBytes/sec
which is close enough to the 8 MB/sec I interpolated from your paper.
I'm impressed with Brian's C code. To get within 70-80% of the assembly
speeds is a fine piece of work. Usually C at best is 50% the speed of
assembly. Given this result I'll believe that your assembly timings
are accurate. Interestingly my K6 200 here at home runs at only 4 MB/s
for both versions.

- Alex

At 02:55 PM 12/4/98 -0800, Doug Whiting wrote:
>Sorry for the confusion, Alex. The C performance numbers we used were
the
>'best' taken from the AES submissions themselves and any other place we
>could find them. In particular, the 400 clocks/block number came from
Brian
>Gladman's C version, which he wrote to optimize for the Pentium Pro.
The C
>code we submitted to NIST did not run that fast; we spent our time
>optimizing the assembly version. You can see Brian's tables and get
his
>code from:
>
>http://www.seven77.demon.co.uk/aes.htm
>
>I hope this clarifies things.
>
>-----Original Message-----
>From: Alex Alten
>To: Doug Whiting
>Sent: 12/4/98 9:48 AM
>Subject: Re: Twofish/AES News (bogus performance claims?)
>
>At 03:24 PM 12/3/98 -0600, Bruce Schneier wrote:
>>There are some new papers on the Twofish webpage.
>>
>>We have improved our performance numbers. On Pentium-class machines,
>key
>
>I noticed you are claiming an encrypt of 400 cycles/block on a Pentium
>Pro
>200. This translates to 8 MB/sec enciphering speed. I tried your
>optimized
>C version and could only get 3 MB/sec (with a 128 bit key ECB mode). I
>was
>careful to ensure that the cipher worked with test data in a main
memory
>to
>main memory encipherment. You are overstating TwoFish's real world
>performance by a factor of about 2.5 . This makes me suspicious of
your
>
>assembler version speed claims, maybe it really runs at 760 c/block?
>
>I used Microsoft MSVC 4.2. I set the optimizations for maximum speed
and
>to
>emit Pentium Pro specific assembler code. I've included my test code
>and a
>slightly modified AES.h file, so that you can see for yourself how I
>tested
>it. I used your TWOFISH2.C AES submission code version 1.00, dated
>April
>1998.
>
>- Alex
>
>
>--
>
>Alex Alten
>
>Alten@Home.Com
>Alten@TriStrata.Com
>
>P.O. Box 11406
>Pleasanton, CA 94588 USA
>(925) 417-0159
>
> <<Aes.h>>
>

--
Alex Alten
Alten@Home.Com
Alten@TriStrata.Com
P.O. Box 11406
Pleasanton, CA  94588  USA
(925) 417-0159

• Next message: Dutra de Lacerda: "RE: Twofish/AES News (bogus performance claims?)"
• Previous message: Alex Alten: "RE: Twofish/AES News (bogus performance claims?)"