Intel® AES-NI Performance Testing on Linux*/Java* Stack

Return to the  Intel® vPro™ Developer Community

Intel® AES-NI Performance Testing on Linux/Java Stack (PDF 1.44MB)




2.1. GOAL


3.4.1. Enable Intel® AES-NI in Oracle JVM




5.2.1. AES128
5.2.2. AES256
5.2.3. Percentage Improvement




Table of Tables

Table 1 - Terminology
Table 2 - System Components
Table 3 - Enabling Intel® AES-NI in BIOS
Table 4 - AES Crypto Operations per Minute Comparison
Table 5 - AES128 Encryption/Decryption Performance Numbers
Table 6- AES256 Encryption/Decryption Performance Numbers
Table 7 - Examples of Typical File Sizes

Table of Figures

Figure 1- AES 128 Encryption/Decryption Performance Numbers
Figure 2- AES256 Encryption/Decryption Performance Numbers
Figure 3 - Percentage Improvement for Encryption
Figure 4 - Percentage Improvement for Decryption

Executive Summary

The development of sophisticated computer and networking technologies has enabled our society to be more “connected” and always “online” than ever before resulting in the generation of exponentially greater amounts of data. Such data can comprise of important information like financial, medical, personal, and even matters related to national security, so it becomes one of the most critical collaterals going forward. Therefore, it is essential to adopt advanced levels of security and privacy practices to protect our data.

In the healthcare sector, we find acts like the Health Insurance Portability and Accountability Act (HIPAA) mandating the encryption of Personal Health Information (PHI) at rest and in motion [See HIPAA Security Rule - “Implement a mechanism to encrypt and decrypt EPHI.” Rule 164.312(e)(2)(ii), 164.312(a)(2)(iv)]. However, the adoption of security technologies is sometimes bypassed due to reasons like cost, system complexity, and longer application response times (due to the additional processing time needed by the software security layer). While the increase in cost and complexity may be unavoidable, one may be able to mitigate the impact of application performance degradation through the use of innovative technologies. One example of such technology is Intel® Advanced Encryption Standards – New Instructions (AES-NI) which is hardware-based encryption/decryption that may provide enough acceleration to offset the application performance degradation due to additional security layers needed for effective data protection.

We attempted to measure the performance benefit offered by Intel® AES-NI on a Linux/Java software stack in an effort to prove that use of such technology may be beneficial for the healthcare sector and allow more organizations to address the increasing security concerns within the industry and by consumers. By using Intel® AES-NI we were able to observe consistent and significant performance improvement in application file encryption/decryption. Specifically, 38% (average) for encryption and 37.5% (average) for decryption, over a wide range of key sizes and file sizes.

2 .Introduction

2.1. Goal

The goal of this paper is to demonstrate performance gains obtained by using Intel® AES-NI instructions (see details in section 2.2) on a Linux/Java software stack. The first server processor series that enabled AES-NI is the Intel® Xeon® 5600 processor series.

We investigated the following two use cases with Intel® AES-NI enabled and disabled, to assess the improvements:

  1. Overall Java JDK performance improvement
  2. Application file encryption/decryption performance improvement

2.2.Intel® AES-NI features

Intel® AES-NI ( is a set of new microprocessor instructions that implement some of the sub-steps of the AES algorithm directly in hardware, speeding up execution of the AES application and helping prevent side channel attacks. Four instructions accelerate encryption and decryption of first and last round. One instruction does the mix column operation for each round and another instruction generates the next key. CLMUL, which speeds up carry-less multiplication, is the 7th instruction in the Intel® AES-NI instruction set.

Two of the security benefits of Intel® AES-NI are broader use and resistance to side channel attacks. The built-in hardware speeds up the encryption, thereby enabling increased deployment of encryption in the data center. A broader use of encryption has the benefit of having more information protected. Pure software implementations of AES are vulnerable to side-channel attacks. Intel® AES-NI is a hardware implementation that reduces data manipulations/table lookups in caches and memory, thus lowers risk of software side-channel attacks. Hence, Intel® AES-NI enables broader use of AES and better data protection.

2.3. Objectives

This paper allows an end user of Intel® AES-NI technology to setup a benchmark mechanism on their Linux/Java software stack running on an Intel® AES-NI enabled hardware, and evaluates the benefit of leveraging the Intel® AES-NI instructions versus using a software-based Intel® AES-NI implementation. Specifically the following are the key objectives of this paper:

a. SpecJVM2008 showed 20% improvement for data at rest benchmarking.
b. Java application showed a consistent range of improvement for various file sizes (ranging from 50MB – 1GB).

a. Medical Device
b. Secure Patch Management

  1. Define the operating system, software stack and tools.
  2. Define the setup of Intel® AES-NI capable platform along with the software stack (operating system and API).
  3. Performance testing results for data at rest:
  4. 4. Security Usages and Usability
  5. Performance and Security Analysis

2.4. Audience

SW developers and technologists can use this document to understand the performance impact of Intel® AES-NI instructions in a Linux/Java software stack.


AESAdvanced Encryption Standard
AES-NIAES New Instructions
JDKJava Development Kit
IDEIntegrated Development Environment
BKMBest Known Method
CLMULCarry-less Multiplication
HIPAAHealth Insurance Portability and Accountability Act.
PHIPersonal Health Information

Table 1 - Terminology

2.6. Acknowledgements

Thanks to Aleksey Ignatenko for providing BKM to enable Intel® AES-NI for the JVM.

3. System Setup and Configuration

3.1. Components

HardwareWestmere-EP Server, Xeon X5690 2-socket, 3.47 GHz with Supermicro BIOS X8DTU-LN4+ mode, 12 GB RAM, 500 GB HDD.
Operating SystemCent OS 5.6 Linux OS.
Application Software1. Oracle JDK 1.7
2. Mozilla nss libraries 3.12.10 RTM
3. Java IDE (NetBeans 7.0) – for code development (optional)
Application Software1. CPUID
2. SPECjvm2008

Table 2 - System Components

3.2. Enable/Disable Intel® AES-NI on test system

1Enter system BIOS by hitting F2 or Del key.
2Go to >> Advanced >> Processor & Clock Options >> Intel® AES-NI >> select Enable or Disable.
3Press Enter key.
4Hit F10 to save and exit.
5Reboot client and allow the operating system to load.

Table 3 - Enabling Intel® AES-NI in BIOS

3.3. Discover Intel® AES-NI status from local host

The Linux /proc/cpuinfo/ command does not accurately detect if Intel® AES-NI is enabled or disabled on the hardware. CPUID ( tool can be used to make accurate determination. Below is an example of what CPUID output looks like within Linux, when Intel® AES-NI instructions have been enabled in the BIOS:

3.4. Software Setup

3.4.1. Enable Intel® AES-NI in Oracle JVM

The BKM to enable Intel® AES-NI support for the JVM was obtained from (Intel internal site). The NSS crypto library found in the BKM allows the Oracle JVM to be enabled for using Intel® AES-NI instructions if available on the hardware.

The steps to enable AESNI support in the JVM are outlined below:

1. NSS archive can be obtained from (AES NI is switched on if CPU supports the feature).

2. Build NSS libs.

a. On Linux (RHEL in my case) unpack and go to mozilla/security/nss
b. Run “make BUILD_OPT=1 USE_64=1 nss_build_all” , where USE_64=1 for x64 systems.

3. Configure JDK to use NSS crypto provider.

a. Get all *.so files from mozilla/dist/LinuxXXXX_glibc_PTH_64_OPT.OBJ/lib
b. Take Oracle JDK6, put NSS libs into JDK6/jre/lib/amd64
c. Take 2 files from attach, put them in JDK6/jre/lib/security (you can see SunPKCS11 security provider is inserted into the 1-st place there)
d. Then run your application using the JDK you prepared

After Step 3 is complete, the system is ready for testing.

4.Test Cases

The following two types of tests were run to evaluate performance improvements:

JDK performance improvement: To test NSS libraries with Intel® AES-NI enabled, we ran crypto.aes benchmark from SPECjvm2008.

a. Run command “java –server –jar SPECjvm2008.jar crypto.aes” from SPECjvm2008 folder.
b. Perform tests with Intel® AES-NI ON and OFF in BIOS and see the difference.
c. SPECjvm2008 can be downloaded from .

Below is an example of the report provided by the SPECjvm2008 benchmarking test:

Application performance improvement: To test for application performance impact we used a Java application that encrypts and decrypts files of various sizes (50MB, 100MB, 200MB, 512MB and 1GB) using AES128 and AES256 keys to determine application level encryption-decryption performance. Below is an example of logs provided by the Java application:

5. Performance Testing Results

5.1.JDK Performance Improvement - Operations per Minute Evaluation

SPECjvm2008 was used to compare the operations per minute (using included benchmarking tool) for the system with Intel® AES-NI instructions enabled and disabled. The results are given in Table 4.

Linux/Java Results (Cent)S 5.6 + nss libs + JDK 1.7)
 NON AES-NI (ops/min)AES-NI (ops/min)Acceleration (%)
Run 1523.36627.1819.84
Run 2521.42626.5220.16
Run 3523.98626.2419.52

Table 4 - AES Crypto Operations per Minute Comparison

(Higher number is better)

Key Finding: SPECjvm2008 tool showed around 20% performance improvement when Intel® AES-NI was enabled on the JDK running on the serve

5.2.Application Performance Improvement - Intel® AES-NI Performance Impact with File and Key Sizes

Each test run consisted of running the test 100 times (each test consisted of two test runs i.e. each test was carried out 200 times) and results were averaged.


Test RunSizeEncryption Time (msecs)Decryption Time (msecs)Encryption Time (msecs)Decryption Time (msecs)Encryption Acceleration (%)Decryption Acceleration (%)
150 MB1064110956265847.1840.67
250 MB1061115557568545.8140.69
3100 MB201121131189124740.8840.98
4100 MB199622161275142036.1235.92
5200 MB430344222883282033.0036.23
6200 MB418643202881/td>278331.1835.58
7512 MB10458116806328742139.4936.46
8512 MB10196116975855732342.5837.39
91 GB2645124200172351609534.8433.49
101 GB2611324111160511612338.53333.13

Table 5 - AES128 Encryption/Decryption Performance Numbers

(Smaller number is better)

Figure 1- AES 128 Encryption/Decryption Performance Numbers


Test RunSizeEncryption Time (msecs)Decryption Time (msecs)Encryption Time (msecs)Decryption Time (msecs)Encryption Acceleration (%)Decryption Acceleration (%)
150 MB1026106656367745.1336.49
250 MB947108455963840.9741.14
3100 MB203622181297138836.3037.42
4100 MB204522521274140837.7037.48
5200 MB428249622984288130.3141.94
6200 MB430049892826288034.2842.27
7512 MB10754117296401744340.4836.54
8512 MB10081118226402750236.4936.54
91 GB2397625295157211604334.4336.58
101 GB2358125033157741626633.1135.02

Table 6- AES256 Encryption/Decryption Performance Numbers

(Smaller number is better)

Figure 2- AES256 Encryption/Decryption Performance Numbers

5.2.3.Percentage Improvement

The percentage improvement for encryption and decryption operations for the different key lengths and file sizes is illustrated below.

Figure 3 - Percentage Improvement for Encryption

Figure 4 - Percentage Improvement for Decryption

Key Findings

  • Application file encryption improved 39% (average) and file decryption 37% (average) with Intel® AES-NI enabled over AES128 key.
  • Application file encryption improved 37% (average) and file decryption 38% (average) with Intel® AES-NI enabled over AES256 key.

Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design, configuration or workload may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, visit Intel Performance Benchmark Limitations.

Our next steps would be to try to replicate these steps on a Windows/Java stack to see if we can observe similar or better trends.

6. Security Usages and Usability Discussion

The widespread use of the Internet, more connected models, and sophisticated computer and networking technologies have created the most important and critical collateral – “data”. Currently, a big percentage of data or information exchanged over the Internet today is not secure or encrypted effectively. In the healthcare arena, data security becomes crucial as individual PHI can be compromised to criminals who can use that valuable information to wreak havoc to interconnected systems and personal lives of innocent citizens. Examples of some commonly used healthcare workflows are data storage in EMR (Electronic Medical Records), secure messaging, physician-patient communication, lab results transferred to EMR, Patient Portals and ePrescibing.

Although data encryption is becoming mandatory to meet organizational confidentiality requirements, there are various reasons why it is sometimes circumvented. The top reasons are expense, system or software complexity and longer application response times (due to the need for encryption and decryption layer). Many hospitals, clinics and health care facilities are transferring un-encrypted data between systems due to one of the reasons mentioned above. Technologies like Intel® AES-NI allow better performance of systems by providing seamless encryption/decryption in the hardware layer as opposed to the higher software layer like software-based encryption systems, and try to alleviate the usage aspect complains of data encryption.

Below is an example of some typical file sizes and what form of information they may represent to provide some context to this experiment.

Linux/Java Results (Cent)S 5.6 + nss libs + JDK 1.7)
SizeTypeExample of use case
50 MBPatch ManagementVirus patch update
100 MBData Transfer / Medical DevicePHI data download from Central Server to Healthcare worker’s laptop.
200 MBData TransferLab results transferred to EMR
512 MBMedical DeviceMedium-quality X-Ray image
1 GBMedical DeviceHigh-quality 3D X-Ray image

Table 7 - Examples of Typical File Sizes

Based on the use of a given type of file one can retrieve the acceptable response or processing time of the data. One way to highlight the benefit of Intel® AES-NI technology would be to demonstrate that Intel® AES-NI can be used to accelerate the customer’s application response times and improve security without impacting usability.

7. Conclusion and Future Work

The Linux/Java stack in this test environment showed consistent and considerable performance gains for encryption/decryption using Intel® AES-NI enabled hardware.

In the medical field, where privacy and security of data is crucial, Intel® AES-NI can provide the much needed performance improvement to offset the overhead of encryption/decryption like higher data access times. This becomes more significant when utilizing Full Disk Encryption (FDE) where the entire system including the operating system is encrypted, and has to work transparently to the end user. We plan to extend this work to incorporate performance measurement for FDE applications.

8. Further Reading

Para obtener información más completa sobre las optimizaciones del compilador, consulte nuestro Aviso de optimización.