what could cause ecb mode decrypt to be slower than ecb mode encrypt?

[davidalide]

on x86 linux, ecb decrypt seems 2x slower than encrypt
on stm32 M4f, i am seeing a factor of 6x difference

I am using the ecb encrypt/decrypt to implement aes-xts mode

I would think cbc mode would also show the same difference since both use underlying cipher, invcipher functions

openssl aes speed test doesn't show this difference so i don't think its fundamental to algorithm

[kokke]

Hi @davidalide and thanks for your interest :)

The encryption process is usually much faster than decryption. The reason has to do with the implementation.

The MixColumns-operation is faster to calculate than the InvMixColumns. This is usually alleviated a bit with HW-instructions like AES-NI (which is what the OpenSSL uses). That is probably the reason you see a larger difference on the software-implementation than on OpenSSL (2x vs 6x difference).

You can see some of the same effect in BearSSL: https://www.bearssl.org/speed.html

See these questions/answers for more context
https://crypto.stackexchange.com/questions/27872/aes-decryption-vs-encryption-speed
https://crypto.stackexchange.com/questions/5603/on-the-fly-computation-of-aes-round-keys-for-decryption

This is quite a slow implementation because of the way it is written (with compactness as main focus).

You can gain a lot of speed simply by choosing an implementation that uses lookup-tables.

I hope that helped answer your questions. Otherwise please feel free to get back :)

[davidalide]

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:11.0pt; font-family:"Calibri",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} -->Thanks for the explanation.   Makes sense. Regards,dave Sent from Mail for Windows From: kokkeSent: Monday, August 30, 2021 9:08 AMTo: kokke/tiny-AES-cCc: davidalide; MentionSubject: Re: [kokke/tiny-AES-c] what could cause ecb mode decrypt to be slower than ecb mode encrypt? (#196) Hi @davidalide and thanks for your interest :)The encryption process is usually much faster than decryption. The reason has to do with the implementation.The MixColumns-operation is faster to calculate than the InvMixColumns. This is usually alleviated a bit with HW-instructions like AES-NI (which is what the OpenSSL uses). That is probably the reason you see a larger difference on the software-implementation than on OpenSSL (2x vs 6x difference).You can see some of the same effect in BearSSL: https://www.bearssl.org/speed.htmlSee these questions/answers for more contexthttps://crypto.stackexchange.com/questions/27872/aes-decryption-vs-encryption-speedhttps://crypto.stackexchange.com/questions/5603/on-the-fly-computation-of-aes-round-keys-for-decryptionThis is quite a slow implementation because of the way it is written (with compactness as main focus).You can gain a lot of speed simply by choosing an implementation that uses lookup-tables.I hope that helped answer your questions. Otherwise please feel free to get back :)—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.