Improvements to the Linux kernel’s AES-GCM Galois/Counter Mode crypto block cipher code will yield up to 74% faster performance for AMD Zen 3 processors with the Linux 6.19 kernel in the new year.
For AES-GCM crypto use within TLS, IPsec, WiFi WPA3, HTTP/3, SSH, and other purposes there is much faster performance coming for AVX2 capable processors thanks to a new optimized code path for CPUs lacking AVX-512, like is found with AMD Zen 4 and newer.
For CPUs with VAES and AVX2 instruction support, such as AMD Zen 3, there is said to be up to 74% better performance with this new code written by Google engineer Eric Biggers. Over the years Eric Biggers has been responsible for many exciting Linux kernel crypto performance optimizations from writing AVX-512/AVX10 code paths to other optimizations.
Biggers explained on the recent patch series:
“This patchset replaces the 256-bit vector implementation of AES-GCM for x86_64 with one that requires AVX2 rather than AVX512. This greatly improves AES-GCM performance on CPUs that have VAES but not AVX512, for example by up to 74% on AMD Zen 3.
This patchset also renames the 512-bit vector implementation of AES-GCM for x86_64 to be named after AVX512 rather than AVX10/512, then adds some additional optimizations to it.”
The patches were queued this week into his libcrypto-next Git branch and expressed his intentions on having this code merged for Linux 6.19.
Benchmarks shown on this patch are showing some nice gains for AMD Zen 3 such as with EPYC Milan and other processors.
