JDK-8271567 : AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions
  • Type: Enhancement
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 11,17,18
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • CPU: aarch64
  • Submitted: 2021-07-30
  • Updated: 2022-06-09
  • Resolved: 2021-09-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 18
11.0.14Fixed 17.0.2Fixed 18 b17Fixed
Related Reports
Duplicate :  
JDK-8267993 - [aarch64] Implement intrinsic for CounterMode::implCrypt()
Description
Given that some AArch64 implementations can issue 2-4 AESE or AESMC instructions per clock cycle, and that these instructions have a latency of 2-3 clocks, we should be able to at least double the speed of AES on Aarch64 by interleaving 2-4 AES encryptions.
Comments
17u backport: https://github.com/openjdk/jdk17u/pull/216 As 11u, disabled by default.
03-11-2021
11u backport: https://github.com/openjdk/jdk11u-dev/pull/410 This is a very significant performance boost, but disabled by default for safety. We can enable it at a later date.
03-11-2021
Changeset: 4f3b626a Author: Andrew Haley <aph@openjdk.org> Date: 2021-09-23 09:00:46 +0000 URL: https://git.openjdk.java.net/jdk/commit/4f3b626a36319cbbbbdcb1c02a84486a3d4eddb6
23-09-2021
Got it. Thank you for letting me know. --lx
12-08-2021
I've already started and I have a considerable speedup already. I'm working on a version of JDK-8267125, the full AES/GCM intrinsic rather than AES/CTR, which is AFAIK less popular, but I suppose AES/CTR will fall out naturally. I'd prefer to complete this work, if you don't mind, because I'm a long way in. I did look for an existing Bug but didn't find it, I guess because I was looking for AES/GCM.
12-08-2021
BTW, I already have a 3x speed up.
12-08-2021
hi, Andrew, I think this is same as JDK-8267993. I am reviewing a work plan with Volker. Are you working on it? Can I take a shot? Here is Volker's analysis: https://github.com/aws/aws-graviton-getting-started/issues/110#issuecomment-851606569 I did some microbench tests. Same as you said, we speculate that we should see about 2x speedup by interleaving two groups of AESE+AESMC. There is a design issue here. So far HotSpot has two separated intrinsics: one is for AES CTR/GCM mode and the other one is for GHASH.update (authentication). The ongoing PR of JDK-8267125 attempts to merge two into one. if it has better performance, should we just directly go this way? thanks, --lx
12-08-2021