Java AES 加速 [英] AES acceleration for Java
问题描述
我想加密/解密大量小 (2-10kB) 数据.目前性能还可以:在 Core2Duo 上,我得到大约 90 MBytes/s AES256(使用 2 个线程时).但我将来可能需要改进它 - 或者至少减少对 CPU 的影响.
I want to encrypt/decrypt lots of small (2-10kB) pieces of data. The performance is ok for now: On a Core2Duo, I get about 90 MBytes/s AES256 (when using 2 threads). But I may need to improve that in the future - or at least reduce the impact on the CPU.
- 是否可以在 Java 中使用专用的 AES 加密硬件(使用 JCE,或者可能使用不同的 API)?
- 如果我得到更好的 CPU,Java 是否会利用特殊的 CPU 功能(SSE5?!)?
- 或者是否有更快的 JCE 提供商?(我尝试过 SunJCE 和 BouncyCastle - 没有太大区别.)
- 其他可能性?
推荐答案
在执行恰好是 AES 加密的代码时,JVM 本身不会利用特殊的 CPU 功能:将某些代码识别为AES 超出了 JIT 编译器的能力.使用特殊硬件(例如 VIA 处理器上的挂锁",或 AES-NI 说明较新的英特尔处理器),您必须在某个时候通过本机代码".
The JVM will not, by itself, take advantage of special CPU features when executing code which happens to be an AES encryption: recognizing some code as being an implementation of AES is beyond the abilities of the JIT compiler. To use special hardware (e.g. the "Padlock" on VIA processors, or the AES-NI instructions on the newer Intel processors), you must go, at some point, through "native code".
可能,JCE 提供商可以为您做这件事.我不知道有任何现成的 JCE 提供程序,其中包括用于 AES 的优化本机代码(有一个名为 的项目)Apache JuiCE,但它似乎停滞不前,我不知道它的状态).但是可以想象,SunJCE 会在未来的版本中做到这一点(但由于 Oracle 收购了 Sun 以及 OpenJDK 7 的过度特性,下一个 Java 版本何时发布尚不清楚).或者,硬着头皮自己使用本机代码.本机代码通过 JNI 调用,对于本机 AES 代码,一个流行的实现是来自 Brian Gladman 的那个.当您使用 AES-NI 指令获得更大更新的处理器时,请用一些了解这些指令的代码替换该本地代码,如 英特尔描述.
Possibly, a JCE provider could do that for you. I am not aware of any readily available JCE provider which includes optimized native code for AES (there was a project called Apache JuiCE, but it seems to be stalled and I do not know its status). However it is conceivable that SunJCE will do that in a future version (but with Oracle buying Sun and the overfeaturism of OpenJDK 7, it is unclear when the next Java version will be released). Alternatively, bite the bullet and use native code yourself. Native code is invoked through JNI, and for the native AES code, a popular implementation is the one from Brian Gladman. When you get a bigger and newer processor with the AES-NI instruction, replace that native code with some code which knows about these instructions, as Intel describes.
通过使用 AES-128 而不是 AES-256,您应该获得 +40% 的速度提升.打破 AES-128 目前超出了人类的技术范围,并且应该在接下来的几十年里保持下去.您真的需要 256 位的 AES 密钥吗?
By using AES-128 instead of AES-256 you should get a +40% speed boost. Breaking AES-128 is currently beyond the technological reach of Mankind, and should stay so for the next few decades. Do you really need a 256-bit key for AES ?
这篇关于Java AES 加速的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
