Add a benchmark utility?

[Mygod]

A benchmark utility could be useful for a user to pick the most appropriate cipher on their machine instruction set.

See also: https://tls.mbed.org/api/benchmark_8c_source.html

[enihcam]

+1

[debiansid]

+1

[flipphos]

+1

…

在 2017年2月2日，下午10:04，debiansid ***@***.***> 写道： +1 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1173 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AK1u0olJjNC9hItFM9nXgIlvGLTA_Nhhks5rYeJQgaJpZM4L1FcR>.

[riobard]

Unnecessary. The choice is fairly simple: if the device supports AES-NI, go for AES-GCM. Otherwise Chacha20-Poly1305.

[LexterS999]

@riobard I'm using this client https://github.com/shadowsocks/shadowsocks-windows/releases on my PC. And there is absent Chacha20-Poly1305 so can i use chacha20 on my client side and use Chacha20-Poly1305 on server side? Is it compatible?

[madeye]

Try this one: https://gist.github.com/madeye/c046fc35e10a82154f4697fb316a7ac6

[Mygod]

@madeye Default number for iperf is 8KB which is too small. Try this one?
https://gist.github.com/Mygod/5dc04215b1b4d67ee18597e49379e72a

[Mygod]

@riobard Well despite having hardware acceleration, AES-GCM performs at least 40% slower (lower throughput) than chacha20-ietf-poly1305 even on machines with AES-NI. P.S. I've tested on a modern PC with AES-NI, a relatively old one without, a cheap VPS with AES-NI. I'm trying to test on my Android phone but I haven't found an iperf binary yet.

@madeye Perhaps add this script to the main repo?

[LexterS999]

I'm always using chacha20 on kvm vps with average cpu/mem power and it's good when only you take that. But if you wanna spread then your vps power must to be higher and then you must to use benchmark.

[riobard]

@asmadeus08 chacha20 as in the old client is a stream cipher. Chacha20-Poly1305 is an AEAD. Completely different beasts.

@Mygod Good to know! I'll try to implement Chacha20-Poly1305 on my Go implementation and see how it flies :)

[Mygod]

@asmadeus08 @riobard Here's the benchmark details on my end which also includes traditional stream cipher. As you can see chacha20-ietf-poly1305 is actually comparable to aes-256-ctr.

[LexterS999]

@Mygod the same to me. Chacha20 and chacha20-iеtf is the best choice.
@riobard so i cant use chacha20-poly1305 on my pc client cause there is absent option to chosse that. But i saw request to add those new ciphers on shadowsocks pc client.

[riobard]

@asmadeus08 AEAD is still work-in-progress. Please wait for official release.

[LexterS999]

@riobard you mean work-in-progress for this one https://github.com/shadowsocks/shadowsocks-windows/releases ?

[riobard]

@asmadeus08 I don't think there's AEAD support from anything other than pre-release shadowsocks-libev now. Please wait until the design is fixed.

[LexterS999]

@riobard Ok, cool. I think they will add it soon too.

[madeye]

Added via 95ef3d5.

[Mygod]

@riobard I took another look at libsodium's source code and it turns out chacha20 is actually using SSSE3 instructions on supported devices under the hood.

EDIT: And SSSE3 is ~2 years older than AES-NI, even my old computer supports this technology.

[riobard]

@Mygod Yes. Go's chacha20-poly1305 also got SSE treatment on amd64 (see https://go-review.googlesource.com/#/c/24717/). However Go's chacha20 is not accelerated.

I added chacha20-poly1305 to my Go port and measured using iperf3 (simultaneous encrypting/decrypting). Here's the result on my device (Ivy Bridge Core i7 2.6GHz)

AES-128-GCM       4.57 Gbps
AES-256-GCM       4.35 Gbps
chacha20-poly1305 3.77 Gbps

[enihcam]

Linux kernel uses AVX2 for implementing Chacha20
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d1e93cdf16cfe6f315167c65dc504e467e4681a