Enormous speed difference between C and ASM implementations ofcrypto algorithm
in [Cryptography]
|
Prev: When did Microsoft buy eBay? I seem to have missed that.
Next: Call for papers: ISP-10, USA, July 2010
From: henno on 7 Mar 2010 14:45 Tom St Denis wrote: > On Mar 7, 6:40 am, Nomen Nescio <nob...(a)dizum.com> wrote: >> http://www.das-labor.org/wiki/AVR-Crypto-Lib/en >> >> I was stunned to see that the ASM (assembler) implementation of AES is >> more than ten times (!) as fast as the C implementation. I'd have >> thought that compiler technology had narrowed the difference to maybe >> 10-20%. The compiler is probably GCC-AVR, which isn't as advanced as >> say, the Microsoft compilers, but the difference is remarkable. > > Say what? GCC on x86 *is* more advanced than MSVC by a long shot. > Most lilkely though GCC for AVR isn't 100%. Just like GCC for ARM is > not as good as ARM's own compiler. > > It's not uncommon to see assembler based AES 2-3 times faster than C. > It shouldn't be 10x though... It could be if you used the new AES instructions in x64 chipset introduced in the i5 and i7 proecessors. Henno --- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
From: Paulo Marques on 8 Mar 2010 07:45
Nomen Nescio wrote: > http://www.das-labor.org/wiki/AVR-Crypto-Lib/en > > I was stunned to see that the ASM (assembler) implementation of AES is > more than ten times (!) as fast as the C implementation. I'd have > thought that compiler technology had narrowed the difference to maybe > 10-20%. The compiler is probably GCC-AVR, which isn't as advanced as > say, the Microsoft compilers, but the difference is remarkable. The AVR is an 8-bit microcontroller that struggles to handle the 32 bit values that most AES implementations use. As an educated guess, the assembler implementation is probably able to use the 32 8-bit registers available to hold the internal state of the AES and even do some of the movement operations by simple register "renaming". In an AVR, a memory load or store operation takes 2 cycles. Avoiding them by using only registers is a major speed up. -- Paulo Marques - www.grupopie.com "To be, or not to be? That is ..... liable to be removed at -O2 and above." |