On June 2, Eric Biggers (an engineer at Google) introduced new implementations of AES-XTS for much higher performance on Intel/AMD processors using new code sets AES-NI + AVX, VAES + AVX2, VAES + AVX10/256 and VAES + AVX10/512 .
The AES-NI GCM code replaces the previous one written by Intel and resolves existing identified issues:
“This update set adds AES-GCM (Galois/Counter mode) implementation to VAES and AVX512/AVX10, increasing AES-GCM performance by up to 162%. Additionally, it replaces Intel's old AES-NI GCM code with newer code. code that is slightly faster and fixes a number of issues including the huge binary file size of over 250KB. See patches for details.
The final state of the x86_64 AES-GCM assembly code is that we end up with two assembly files: one generating AES-NI code with or without AVX, and the other generating VAES code with AVX512/AVX10 with 256-bit or 512-bit vectors. It lacks support for single VAES (no AVX512/AVX10). This is a little different than what I did with AES-XTS, where one file generates AVX and AVX512/AVX10 code, including code using only VAES (no AVX512/AVX10), and the other file generates only non-AVX code. However, at the moment this seems to be the right choice for each specific algorithm, given that the limitation to 16 SIMD registers and 128-bit vectors led to some significantly different design decisions in AES-GCM, but not so much for AES-XTC. Processors shipping only with VAES also seem to be a temporary phenomenon, so we may not want to try too hard to support this combination.”
Source: linux.org.ru
