aegis 0.4.6

AEGIS authenticated cipher (AEGIS128L)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

# AEGIS for Rust

This is a Rust implementation of the
[AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/)
authenticated cipher, ported from the Zig standard library.

AEGIS is extremely fast on CPUs with AES acceleration, has a large nonce size,
and is key committing.

# Cargo flags

- `std`: allow dynamic allocations

`std` is the default.

- `pure-rust`: don't use the `cc` crate to take advantage of the implementations from [`libaegis`](https://github.com/jedisct1/libaegis). Setting this flag will substantially degrade performance.\

A benchmark can be run that way:

```sh
export RUSTFLAGS="-C target-cpu=native"
cargo bench
```

For benchmarking, `RUSTFLAGS` is set so that the AES-GCM implementations can take advantage of hardware acceleration.

# Benchmarks

Benchmarks take a 16384 bytes input block. Results are in bytes per second.

## Rust implementations

Crates:

- `aes-gcm`
- `boring`
- `chacha20poly1305`
- `aegis128l`

## AMD Zen2

| cipher                       |      speed |
| ---------------------------- | ---------: |
| aes256-gcm (`aes-gcm` crate) | 934.41 M/s |
| aes128-gcm (`aes-gcm` crate) | 973.18 M/s |
| chacha20-poly1305            |   1.35 G/s |
| aes256-gcm (`boring` crate)  |   3.31 G/s |
| aes128-gcm (`boring` crate)  |   3.61 G/s |
| aegis128l                    |  13.70 G/s |

## AMD Zen4

| cipher                       |     speed |
| ---------------------------- | --------: |
| aes128-gcm (`aes-gcm` crate) |  1.73 G/s |
| aes256-gcm (`aes-gcm` crate) |  1.86 G/s |
| chacha20-poly1305            |  2.47 G/s |
| aes256-gcm (`boring` crate)  |  5.14 G/s |
| aes128-gcm (`boring` crate)  |  5.92 G/s |
| aegis128l                    | 23.35 G/s |

## Macbook Pro - Apple M1

| cipher                       |      speed |
| ---------------------------- | ---------: |
| aes256-gcm (`aes-gcm` crate) | 139.66 M/s |
| aes128-gcm (`aes-gcm` crate) | 173.09 M/s |
| chacha20-poly1305            | 265.48 M/s |
| aes256-gcm (`boring` crate)  |   5.14 G/s |
| aes128-gcm (`boring` crate)  |   6.08 G/s |
| aegis128l                    |  13.88 G/s |

## WebAssembly (Wasmtime, Zen4)

| cipher            |      speed |
| ----------------- | ---------: |
| aes256-gcm        |  62.97 M/s |
| aes128-gcm        |  73.83 M/s |
| chacha20-poly1305 |  88.92 M/s |
| aegis128l         | 537.49 M/s |

## WebAssembly (Wasmtime, Apple M1)

| cipher            |      speed |
| ----------------- | ---------: |
| aes256-gcm        |  49.43 M/s |
| aes128-gcm        |  59.37 M/s |
| chacha20-poly1305 | 177.85 M/s |
| aegis128l         | 533.85 M/s |

## Other implementations, AMD Zen2

| cipher (implementation)     |     speed |
| --------------------------- | --------: |
| chacha20-poly1305 (OpenSSL) |  2.67 G/s |
| aes256-gcm (OpenSSL)        |  4.97 G/s |
| aes128-gcm (OpenSSL)        |  6.89 G/s |
| aes128-ocb (OpenSSL)        |  7.10 G/s |
| aegis128l (Zig)             | 14.08 G/s |