In this blog I will examine how software AES and Intel AES-NI (hardware accelerator) in TrueCrypt* affect performance and power in a mobile platform. Mobile dominates current trends and market focus, and security has become a fundamental concern.
Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government in 2001. It is used extensively across the software ecosystem to protect network traffic, personal data, and corporate IT infrastructure. AES is a symmetric block cipher that encrypts and decrypts data through several rounds.
Intel AES New Instructions (AES-NI) are a new set of instructions. They became available with the 2010 Intel Core processor family based on the 32nm Intel microarchitecture, codenamed Westmere. These instructions enable fast and secure data encryption and decryption. The instructions were designed to implement some of the complex and performance-intensive steps of the AES algorithm by the using hardware, thus accelerating the execution of the AES algorithms.
What is TrueCrypt*?
TrueCrypt* is a disk encryption software. It is used to create an encrypted file, a partition or an entire hard drive. The encryption is done on the fly, and it is transparent to the users. It can be used to encrypt internal or external hard drive (e.g. a flash drive). TrueCrypt* is free, and can be downloaded here.
How I Tested
I used the following hardware and software to setup the testing system:
System Hardware: Premium Ultrabook Reference Design
Processor: Intel* Core i-7 at 2.00GHz
Hard Drive: Intel* 120GB SSD
Operating System: Windows 8 (RTM)
Encryption Software: TrueCrypt* 7.1a
Note that this system is a pre-market Software Development Platform – results will vary depending on system configuration and OEM platform.
I used TrueCrypt* to create a volume and mount it as drive X. I wrote a test program to create ten files in X drive. Each file was about 180MB. The program calculates the time needed to create those files. While the system is running, I also collect system data information relating to power such as percentage C3 state residency, interrupt rate, context-switch rate and system-call rate using pEval*. pEval* is a high level power monitor software I developed internally to collect the above power-related system information. The tests were performed many times under different days to ensure the consistency of the results.
- Run the test program with AES-NI enabled in TrueCrypt*
- Run the test program with AES-NI disabled in TrueCrypt*
- Evaluate results
I ran TrueCrypt* to build an encrypted space to store the files created in the testing program. For simplicity, I created an encrypted file instead of an encrypted partition (see the series of screen shots below.)
Make sure AES-NI in TrueCrypt* is enabled before running the test program by running TrueCrypt*, select “Settings” and select “Performance” as shown:
If the check mark appears in “Accelerate AES encryption/decryption by using the AES instructions of the processor (if available)” then AES-NI is already enabled. If not, check it. After that, click “OK” to close TrueCrypt*. Reboot the system.
The following is a capture screen showing the result:
It took 69.582 seconds to write ten files, each about 180MB.
The following showed the power consumption in milliwatts and the percentage C3 residency:
Percentage C3 state residency is 71.75% and the average power consumption is 6475 milliwatts per hour.
Run the Test Program with AES-NI Disabled
Before running the test, run TrueCrypt* to disable AES-NI in TrueCrypt*. After disabling AES-NI, close TrueCrypt* and reboot the system. Disabling AES-NI in TrueCrypt* as shown:
The result should look like this:
It took 73.206 seconds to write ten files, each about 180MB.
The following screen showed the power consumption in milliwatts and the percentage C3 residency:
Percentage C3 state residency is 63.65% and the power consumption is 6673 milliwatts per hour.
The table shows the processing time is reduced by 5.2%, and the average power consumption is reduced by 198mW. The system idle (% C3 state residency) increased by 12.7%.
From the test, we can see the advantage of using the Intel AES-NI over the software-based AES in terms of performance and power saving.
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804