Cryptographic Algorithms – Impact On Application Performance

The importance of security is often realized only after an application’s security is breached. One of the reasons why security is not enforced is it’s impact on application performance. Adding security makes my application slow is a very common excuse for not securing applications. While security features is a generic term, and can mean a number of things right from firewalls to identity management and more, in this article we will concentrate on the cryptographic implications. We will study the impact of using various kinds of cryptographic algorithms on performance.

Measuring performance of cryptography

Let us first categorize our areas of measurement into various types of functionalities. We normally need to perform some of the following cryptographic operations:

  • Confidentiality – Encrypt/Decrypt data to provide for confidentiality. This can be classified further into symmetric key cryptography (same key being used at both ends) and asymmetric key cryptography (public key is used at one end, and a different private key is used at the other end)
  • Integrity – Message digests are computed and are used to detect alterations made to the original message so as to prevent tampering.
  • Non-repudiation – To ensure that the original sender can prove (or cannot deny!) that she was the creator/sender of a message, it can be digitally signed.

Hence, our measurement of speeds of cryptographic operations would be restricted to these three categories. The exercise was done using NetBeans 6.0 on Windows Vista with 2 GB RAM and 110 GB hard disk.

Before we get into more hands-on experiences, let us first review the numbers that famous security expert Bruce Schneier has quoted in his classic “Applied Cryptography”:

Algorithm type

Operation

Thumb rules

Message digest

Compute message digest using SHA-1 algorithm

75,000 bytes can be digested per second

Symmetric key encryption

DES

45,000 64-bit blocks can be encrypted per second

Asymmetric key encryption

RSA

Encryption in 0.03 seconds, decryption in 0.16 seconds, Digital signature in 0.16 seconds, verification in 0.02 seconds

Now, let us try doing the measurements ourselves.

Message digest performance tests

Algorithm used

Original text

Length of original text

Size of message digest

Execution time (in milliseconds)

This is short!

14

128

13.289957

MD5

This is the text to be digested. It is quite interesting!

57

128

13.008148

This is a very long string. Let us see if it can cause significant delays in computing a message digests!

105

128

12.155805

SHA-1

This is short!

14

160

13.813069

This is the text to be digested. It is quite interesting!

57

160

13.347436

This is a very long string. Let us see if it can cause significant delays in computing a message digests!

105

160

12.779836

SHA-512

This is short!

14

512

13.994446

This is the text to be digested. It is quite interesting!

57

512

13.229545

This is a very long string. Let us see if it can cause significant delays in computing a message digests!

105

512

13.967278

Summary of observations

  • Regardless of the message digest size (and therefore the perceived complexity of the algorithm) the amount of time it takes for computing message digests remains more or less the same.
  • The size of the input text does not make any difference.

Symmetric key encryption and decryption performance tests

Note: This test includes run-time symmetric key generation, encryption of plain text into cipher text and decryption of cipher text back into plain text.

Algorithm used

Original text

Length of original text

Key size

Execution time (in milliseconds)

Blowfish

Small plain text for encryption!

32

40.0159098

Bigger plain text for encryption! This should increase the time taken for encryption!

85

41.2025411

Much bigger plain text for encryption! This should significantly increase the time taken for encryption! Or would it? I have my own doubts looking at the past results. Well, let us try ourselves and see!

203

128

40.0815467

DES-3

Small plain text for encryption!

32

160

41.5861513

Bigger plain text for encryption! This should increase the time taken for encryption!

85

160

40.5570750

Much bigger plain text for encryption! This should significantly increase the time taken for encryption! Or would it? I have my own doubts looking at the past results. Well, let us try ourselves and see!

203

160

41.3329487

AES

Small plain text for encryption!

32

256

42.7647718

Bigger plain text for encryption! This should increase the time taken for encryption!

85

160

42.3849121

Much bigger plain text for encryption! This should significantly increase the time taken for encryption! Or would it? I have my own doubts looking at the past results. Well, let us try ourselves and see!

203

160

42.4304486

Summary of observations

  • Regardless of the algorithm (and therefore the perceived complexity of the algorithm) the amount of time it takes for encryption and decryption remains more or less the same.
  • The size of the input text does not make any difference.

Asymmetric key encryption and decryption performance tests

Note: This test includes run-time symmetric key generation, encryption of plain text into cipher text and decryption of cipher text back into plain text.

Algorithm used

Original text

Length of original text

Execution time (in milliseconds)

RSA

Small plain text for encryption!

32

86.1157563

Bigger plain text for encryption! This should increase the time taken for encryption!

85

88.0750277

Much bigger plain text for encryption! This should significantly increase the time taken for encryption! Well …

104

93.0025534

Summary of observations

  • Time taken is certainly more than what symmetric key encryption algorithms require.
  • The size of the input text does make a difference. The more the plain text, the higher is the time taken for encryption and decryption.

As we can see, message digest algorithms are the fastest. No encryption is involved here. Symmetric key encryption algorithms are much faster than asymmetric key algorithms. Asymmetric key algorithms perform worse as the size of the plain text increases.

About the author : Atul Kahate is Head – Technology Practice, Oracle Financial Services Consulting (formerly i-flex solutions limited). He has authored 16 books on Information Technology, 2 on cricket, and over 1500 articles on both of these in various newspapers/journals. His site can be visited at www.atulkahate.com and he can be reached via email at akahate@gmail.com.

The following two tabs change content below.
Atul Kahate
Atul Kahate is Head - Technology Practice, Oracle Financial Services Software Limited (formerly i-flex solutions limited). He has authored 20 books on Information Technology, 2 on cricket, and over 2000 articles on both of these in various newspapers/journals. Web: AtulKahate.com. Email at akahate@gmail.com
Atul Kahate

Atul Kahate

Atul Kahate is Head - Technology Practice, Oracle Financial Services Software Limited (formerly i-flex solutions limited). He has authored 20 books on Information Technology, 2 on cricket, and over 2000 articles on both of these in various newspapers/journals. Web: AtulKahate.com. Email at akahate@gmail.com

  • Shaymaa_77es

    very good thanks i use some of it in my project

  • realaxum@yahoo.com
  • ferd@berfle.com

    This article is claptrap. The string sizes are far too small to provide any insight into how encryption would affect an application in the real world.