Why does smaller blocksize lead to slower throughput for AES encryption?
I'm currently exploring the speed of AES for various configurations of block size and key size using:
openssl speed ALGORITHM
However I'm a little confused by the results (in the picture below and was hoping for an explanation. My 2 questions are:
- Why a smaller block size (especially for block size of 16 bytes) has such slower performance?
- How does block size affect security, does a block size of 16 bytes increase or decrease security?
First, you may be aware, but for other readers: "block size" here is not the block size of the algorithm. It refers to the size of the message being encrypted. The block size of AES is always 16 bytes.
The overall throughput of the speed tool is the number of iterations it was able to complete times the block size.
For each message, the speed tool creates a new AES session, which requires setting up a new key schedule. This is a somewhat expensive operation.
This means that for very small messages, there are many very-short iterations, and so a lot of the time is spent in setting up the sessions (i.e. overhead). As the messages get longer, each iteration takes longer, but less of it is spent in overhead, so total bytes of throughput goes up.
This doesn't really have much to do with the security of the system. AES is equally secure when encrypting short and long messages, all things being equal. (There are incorrect ways that AES can be used that might make short or long messages less secure, for example using a CTR session for so long that the counter repeats. But used correctly, the message size should have no impact on security.)
- Why rust is failing to build command for openssl-sys v0.9.60 even after local installation?
- Building Python with SSL support in non-standard location
- How to fix fatal error C1083 and LNK1104 on windows while building openssl 3 using conan?
- ITMS-91065: Missing Signature in Privacy Impacting SDK
- Openssl can't compile when compiling for ARM, otherwise works fine
- Make OpenSSL accept expired certificates
- Generate sha256 with OpenSSL and C++
- libssl.so.1.1: cannot open shared object file: No such file or directory
- Node.js ERR_OSSL_EVP_UNSUPPORTED error when running npm run start
- What causes keytool error "Failed to decrypt safe contents entry"?
- Why Am I Getting Different Cipher Outputs Between Node.js and PHP When Reading Large Files by Chunks?
- Ruby 2.7.4 & 3.0.0 fails on macOS Big Sur (11.2.3): undeclared identifier RSA_SSLV23_PADDING
- How can I connect a C# SSLStream client to an OpenSSL server?
- Gracefully Shutdown TLS connection in C OpenSSL
- PHP openssl_pkcs12_read "error:0308010C:digital envelope routines::unsupported"
- Why does smaller blocksize lead to slower throughput for AES encryption?
- openssl_pkey_get_details($res) returns no public exponent
- dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
- Creating PKCS#12 keystore with multiple certificates using OpenSSL 1.0.0a
- How to establish TLS session in python using PKCS11
- how to create CSR in PHP?
- Convert pem key to ssh-rsa format
- Error installing Ruby with rvm: "__rvm_make -j8"
- troubles with RVM and OpenSSL
- How to get cipher text as result of encryption using aes cbc 128 bit with open ssl in c language
- OpenSSL: try to decode DER data
- openssl/ssl.h not found but installed with homebrew
- I have a certificate and a private key on the client and on the server but gRPC secure connetion fails
- How to solve OpenSSL error during install of ruby 3.1.3 for Mac
- Renewing Minikube SSL certificates for 10 years