iRepository

International Conference on Information and

Communication Technologies

Aug 27th, 5:30 PM - 5:55 PM

A Performance Comparison of Data Encryption Algorithms

Aamer Nadeem
National University of Science and Technology, Rawalpindi, Pakistan

Dr. M. Younus Javed

National University of Science and Technology, Rawalpindi, Pakistan

Follow this and additional works at: https://ir.iba.edu.pk/icict

Part of the Databases and Information Systems Commons, and the Theory and Algorithms Commons

Recommended Citation
Nadeem, A., & Javed, D. Y. (2005). A Performance Comparison of Data Encryption Algorithms.
International Conference on Information and Communication Technologies. Retrieved from
https://ir.iba.edu.pk/icict/2005/2005/33

This document is brought to you by iRepository. For more information, please contact [email protected].
https://ir.iba.edu.pk/icict/2005/2005/33
A Performance Comparison of Data
Encryption Algorithms
Aamer Nadeem, Dr M. Younus Javed
Department of Computer Engineering, College of Electrical and Mechanical Engineering,
National University of Sciences and Technology,
Rawalpindi, Pakistan.
aamernadeemgyahoo.com, myjavedgceme.edu.pk
Abstract-The principal goal guiding the design of
any encryption algorithm must be security against
unauthorized attacks. However, for all practical
applications, performance and the cost of
implementation are also important concerns. A
data encryption algorithm would not be of much
use if it is secure enough but slow in performance
because it is a common practice to embed
encryption algorithms in other applications such as
e-commerce, banking, and online transaction
processing applications. Embedding of encryption
algorithms in other applications also precludes a
hardware implementation, and is thus a major
cause of degraded overall performance of the
system. In this paper, the four of the popular secret
key encryption algorithms, i.e., DES, 3DES, AES
(Rijndael), and the Blowfish have been
implemented, and their performance is compared
by encrypting input files of varying contents and
sizes, on different Hardware platforms. The
algorithms have been implemented in a uniform
language, using their standard specifications, to
allow a fair comparison of execution speeds. The
performance results have been summarized and a
conclusion has been presented. Based on the
experiments, it has been concluded that the
Blowfish is the best performing algorithm among
the algorithms chosen for implementation.
Key Words: Data encryption, Cryptography
algorithms, Performance analysis.
I. INTRODUCTION
The main consideration in designing an
encryption algorithm has to be the security of the
algorithm against undesirable attacks. However,
in the real world, performance and
implementation cost is also important concerns.
In this paper, security of the algorithms against
attacks has not been compared. The primary
focus is on comparing the encryption algorithms
on the basis of their performance and ease of
implementation.
84
0-7803-9421-6/05/$20.00 ©2005 IEEE.
Published by iRepository, 2022
Authorized licensed use limited to: Trial User - Institute of Business Administration Karachi. Downloaded on May 10,2023 at 06:10:30 UTC from IEEE Xplore. Restrictions apply.
In this paper, the security issues have been
completely ignored, and only the performance of
the leading secret key algorithms has been
compared on different platforms, using input
data files of varying sizes and formats.
While comparing the performance of algorithms,
the time required to set up the key(s) has been
ignored.
The rest of this paper is organized as follows:
section 2 gives a brief introduction of the
algorithms that have been chosen for
implementation; section 3 provides
implementation details; section 4 presents
performance results; section 5 discusses the
trade-offs between performance and security;
and finally section 6 concludes the work.
II. IMPLEMENTED ALGORITHMS
The following secret key encryption algorithms
were chosen for implementation, i.e.
* DES
* Triple DES
* AES (Rijndael)
* Blowfish
A. Data Encryption Standard (DES)
DES (Data Encryption Standard) is currently the
most widely used block cipher in the world. In
May 1973, NIST (then NBS) called for possible
encryption algorithms for use in unclassified
adopted encryption algorithm and is in many
standards around the world (e.g. Australian
Standard AS2805.5-1985). One of the largest
users of the DES is the banking industry. It is for
this use that the DES was primarily standardized,
with ANSI reconfirming its use for 5 year
periods - in future it will be replaced with AES.
https://ir.iba.edu.pk/icict/2005/2005/33
Although the DES standard is public, the design
criteria used are classified. There has been
considerable controversy over the design,
particularly in the choice of a 56-bit key [1].
B. Triple DES (3DES)
The triple DES (3DES) algorithm was needed as
a replacement for DES due to advances in key
searching. 3DES is a proposal based on the
existing DES, and was standardized in ANSI
X9.17 & ISO 8732 and in PEM for key
management. It was also proposed for general
EFT standard by ANSI X9 [1]. It is backwards
compatible with existing single DES (when
K1=K2=K3). The 3DES algorithm uses either
two or three 56-bit keys. Thus the effective key
length is up to 168 bits. 3DES is defined by the
following function:
C = DESK3 {DES-i
K2{DESKl(P)}
where P = Plaintext
C = Ciphertext
DESK= DES encryption using key K
DES-i
K= DES decryption using key K
C. Advanced Encryption Standard (AES)
In September 1997, US NIST announced a call
for candidate ciphers for its new Advanced
Encryption Standard (AES), because clearly a
replacement for DES was needed at that time [2].
The candidate ciphers were to be submitted by
June 1998, and a finalist was selected in October
2000. In total 15 candidates were accepted in
June 98 (6 were rejected as incomplete), and 5
were short-listed in August 99. Finally, Rijndael
was selected as the AES finalist in October 2000.
NIST has released all submissions and
unclassified analyses. The AES candidates are
the latest generation of block ciphers, and have a
significant increase in the block size - from the
old standard of 64-bits up to 128-bits; and keys
from 128 to 256-bits. In part this has been driven
by the public demonstrations of exhaustive key
searches of DES & RC-5 (at 64-bits).
After exhaustive analysis and evaluation rounds,
Rijndael, designed by Rijmen & Daemen in
Belgium [4], was selected as AES finalist [3]. It
has the following attributes:
85
Published by iRepository, 2022
Authorized licensed use limited to: Trial User - Institute of Business Administration Karachi. Downloaded on May 10,2023 at 06:10:30 UTC from IEEE Xplore. Restrictions apply.
1. 128-bit block size
2. 128, 192, or 256 bit key size
3. an iterative rather than a Feistel cipher
(like IDEA)
4. treats data as 4 groups of 4 bytes
5. has 9, 11, or 13 rounds, where each
round consists of:
* a byte substitution step (1 S-
box used
* on every byte)
* a shift rows step (shuffle the
bytes
* between groups)
* a mix columns step (matrix
* multiplication of groups with
each
* other)
* an add round key step
6. all operations can be combined into xor
and table lookups - hence
implementation can be very fast and
efficient.
D. Blowfish
Most of the encryption algorithms today are
unavailable to the public - many of them are
protected by patents (e.g. Khufu, REDOC II, and
IDEA), or being kept secret by the governments
(e.g. Skipjack and Capstone are protected by the
U.S. government). Many of the other algorithms
are available only in part (e.g. RC2, RC4, and
GOST). Bruce Schneier - one of the world's
leading cryptologists, and the president of
Counterpane Systems, a consulting firm
specializing in cryptography and computer
security - designed the Blowfish algorithm [5]
and made it available in the public domain.
Blowfish is a variable length key, 64-bit block
cipher. It was his intent from the outset of
creating this new encryption algorithm to
provide the world with a new encryption
standard. The Blowfish algorithm was first
introduce in 1993, and has not been cracked yet.
It is also noteworthy to point out that this
algorithm can be optimized in hardware
applications, although it, like most other ciphers,
is often used in software applications.
III. IMPLEMENTATION DETAILS
The Java platform (JDK 1.4) was used to
implement the above algorithms. The following
https://ir.iba.edu.pk/icict/2005/2005/33
are some of the main reasons explaining why
Java was chosen:
* Java is considered platform
independent because Java compiler
produces byte code rather than
machine code for a specific type of
hardware - this feature of Java
makes sure that the programs will
run on any platform (with Java
interpreter). Thus, the implemented
algorithms can be tested on a
variety of platforms for comparison
purposes.
* Java (in particular JDK 1.4)
provides a large library of built-in
classes and methods (in the form of
API) that assist the programmer in
writing code for cryptographic
algorithms. For example, the
BigInteger class in Java lets the
programmer apply arithmetic and
bit manipulation operations on
integer values of arbitrarily large
sizes.
* Conversion from integer to string
and vice versa, and likewise
conversion of integer values from
one radix to another is relatively
easier in Java due to the built-in
routines provided for this purpose.
For instance, one frequently needs
to convert a decimal value to binary
or hexadecimal, and vice versa.
* The concepts of object
serialization and stream
input/output make it easy to read
and write objects to external disk
files
However, using Java to implement
cryptography algorithms has some drawbacks as
well. The main drawback of using Java is its
slow speed - this is because Java compiler does
not generate native machine code, rather it
produces an intermediate form code (called byte
code) which needs an interpreter to run. This
could have been a concern because the
performance of various algorithms had to be
tested, but the effect of inefficiency was
balanced out because all the algorithms were
implemented in the same language (Java) and
were tested on the same platform.
As mentioned earlier, the primary goal of
this research was not to have the most efficient
86
Published by iRepository, 2022
Authorized licensed use limited to: Trial User - Institute of Business Administration Karachi. Downloaded on May 10,2023 at 06:10:30 UTC from IEEE Xplore. Restrictions apply.
implementation of cryptography algorithms - but
just to compare the relative performance of
various popular algorithms. So the algorithms
were implemented as is, using a uniform
language, and were tested on a uniform platform.
Each of the above algorithms was implemented
as a Java class. In the subsequent sections, for
each algorithm, a description of the instance
variables and the implemented methods is
provided.
IV. PERFORMANCE RESULTS
All the implementations provided and discussed
here have been coded from scratch using the
specification documents of respective
algorithms.
A. Performance Measurement Approach
A fairly consistent style across the source code
was adopted to ensure a fair comparison. All the
routines have been implemented as per
specifications without any bias towards
encryption and decryption speed, or to key set-up
or to memory use in tables. The main reason for
not optimizing the code for performance was to
measure only relative performance of
algorithms. Moreover, techniques for enhancing
performance of algorithms generally also make
the source code more obscure and unreadable.
All the algorithms and results reported are based
on implementation using Java language (JDK
1.4). In general, custom routines were written for
helper methods such as left-shift operation,
binary to hex conversion and vice versa, xor
operation on two bit strings etc. instead of using
library functions. However, whenever
convenient, Java's built-in class library was also
used, for instance the BigInteger class was used
to manipulate integer values of arbitrarily large
size such as keys and data blocks.
B. Measuring Execution Times
Obtaining accurate and repeatable execution time
measurements proved to be more difficult than
was originally anticipated. After many
experiments, it was decided to settle on the use
of a Pentium-I1 266 MHz machine (running
Microsoft Windows operating system) and a
Pentium-4, 2.4 GHz machine (running Microsoft
Windows XP operating system) as the basis for
time measurements. Because the primary goal
https://ir.iba.edu.pk/icict/2005/2005/33

was to measure the encryption times of key algorithms are in the following order, as
algorithms, the initialization and key set-up regards their performance:
times were excluded from the comparison. Also, 1. Blowfish (fastest)
because decryption time is generally the same as 2. DES
encryption time for almost all the algorithms, 3. AES
therefore only the encryption times were 4. Triple DES (slowest)
measured.
In general, the performance of a block cipher
C. Performance Results for Block Ciphers varies with the block size and the key size. The
larger the block size, the faster will be the
The execution results of secret key algorithms in algorithm, because with a larger block size, a
ECB (Electronic Codebook) mode are presented large chunk of the data will be encrypted in a
first. These results are shown Table 1 and Table single execution cycle of the algorithm. With a
2, for execution of code on a Pentium-I1 266 smaller block size, the same size of input data
MHz machine, and Pentium-4, 2.4 GHz would require more execution cycles of the
machine respectively. algorithm, thus increasing the overall encryption
time other things being equal. Likewise, a larger
Table 1: Comparative execution times (in key results in a slower algorithm, because in
seconds) of secret key algorithms in ECB general, all bits of the key are involved in an
mode on a Pentium-l 266 MHz machine execution cycle of the algorithm. With a smaller
.i! DO 90ESi AS BF key, a lower number of key bits are involved,
thus reducing the time to complete one execution
20,W 24 72 39 19 cycle.
0w 48 123 74 35
. 1 5 ,
158 94
5982 74 202 126 53
69' 646
i371325 16
83 243
461
.143
235
6
136
D. Performance Results for Stream Ciphers
15.8959 19 543 324 158
i5 198 569 355.62 In this section, the results of execution of the
; 1 83- 227 655 378 176 secret key algorithms in CFB mode are
.232 276 4M6
79 219
Av.rape presented. Tables 3 and 4 give execution times of
time 134 383 228 108 these algorithms on Pentium-Il 266 MHz, and
Pentium-4, 2.4 GHz platforms respectively.
8yaiw1.35 20 491 ..

Table 3: Comparative execution times of

Table 2: Comparative execution times (in secret key algorithms im CFB mode on a
seconds) of secret key algonrthms in ECB Pentium-Il 266 MHz machine
mode on a Pentium-4, 2.4 GHz machine .witske Ws 3ES AES BF
jjumjsie Es 3DES AES BF 20,527 t88 496 598 141
36, 2 362 934 1123 " IF
l20,52 2 7 4 2 .45.911 431 1174 14.84 3
36X100 4 13 6 3
59,821 570 1532 1932 433
45.911 5 17 8 4
e4 623 1894 2251 7518
N;862,
9 7 23 11 6 5 1T20 3622 4419 9l 2
69r646 9 26 13 7
1!rg591405 4240 504 1175
13,5| 17 51 26 14 5501
158,959 20 60 30 16 165,64 71511 4424 1216
1 62 31 17 191,38 1714 5123 5623 1369
166,364 232,39 2139 6231 7231 1649
191,383 24 72 36 19 Avwag
23,9 30 87 44 24 tim 101 2,900 M 812-1
Avwrag
timn 14 42 21 11
IBIt 7,98B 2, 5.2 .1.67I
10
Bytnh4¢ t10 X8

As with block ciphers, the performance of a

31 138

An obvious way to compare the performance of
these algorithms is to take average of execution
times for each algorithm, and rank them
accordingly. Using this criterion, it is apparent
from Tables 1 and 2 that the four symmetric
stream cipher also varies with the block size and
the key size, but the effect of a larger block size
is reversed. The larger the block size, the slower
will be the algorithm, because with a larger block
size, the algorithm will have to do more work for

87
Published by iRepository, 2022
Authorized licensed use limited to: Trial User - Institute of Business Administration Karachi. Downloaded on May 10,2023 at 06:10:30 UTC from IEEE Xplore. Restrictions apply.
https://ir.iba.edu.pk/icict/2005/2005/33

the same amount of input data (a bit or a byte) in rounds needed to make a brute force key search
a single execution cycle of the algorithm. With a the most efficient form of attack. This is a
smaller block size, the same size of input data controversial suggestion that some cryptologists
would be encrypted more efficiently, thus do not accept even in principle. Therefore, it is
decreasing the overall encryption time other proposed to look at this as follows:
things being equal.
* the principle of measuring performance
Table 4: Comparative execution times of of an algorithm by timing the minimum
secret key algorithms in CFB mode on a number of secure rounds for each
Pentium-4, 2.4 GHz machine algorithm is useful, but
. tuL DES DES AS BF * there is no easy way of obtaining
impartial and widely accepted values
.
36.002
17
30 9.
58 62.
94
1
23
for the minimum number of secure
911 41 130 1C25 33 rounds for each algorithm.
59,862 52 181 174 46
9,64 9 2 200 53 However as an AES algorithm contributor, Eli
Jt5 129 401 409 1
158,959 15 472 473 122 Biham is not seen as an impartial observer and it
166.354 159 488 489 t30 would hence be preferable to have a wider
191383 185 568 567 148 community basis for setting the values to be used
232t98 229, 681 587 184
in such a process.
Averag
time 105 328 328 Be
A. Implementation and Security Issues
BytaIec 1i 55 341 341 1300
There are a significant number of algorithms that
The effect of a larger key in a stream cipher is are considered to be secure at an algorithm level.
the same as in a block cipher, i.e. it slows down In practice, however, most failures in
the encryption, because in general, all bits of the cryptographic systems derive not from
key are involved in an execution cycle of the weaknesses in the algorithms used but rather
algorithm. With a smaller key, a lower number from the exploitation of subtle flaws in the way
of key bits are involved, thus reducing the time the algorithms are implemented or through the
to complete one execution cycle. exploitation of interactions between algorithm
implementations and the environments in which
they operate. This means that it is vital to judge
V. PERFORMANCE VS. SECURITY TRADE- implementations not simply from the perspective
OFFS of the performance that they provide but also
from the perspective of implementation
The work presented here is primarily about assurance i.e. can one be confident that the
performance but it does not seem sensible to implementation does what the algorithm
consider this in complete isolation from security requires, no more and no less, and can one also
since there are inevitably trade-offs between be confident that it does not interact with the
these attributes in the real world scenario. One wider environment in ways that can be exploited
obvious example is the number of rounds to undermine the security that the algorithm
employed by each algorithm - a large number of itself is otherwise capable of providing. To
rounds make the algorithm slower but are answer these questions much more hard evidence
supposed to provide greater security [6]. needs to be derived from the implementation of
the algorithms in environments that are
Likewise, the quality of each round in achieving representative of practical use. In particular,
the mixing that the cipher is intended to provide there is very little evidence at the moment of
is also a factor that affects performance of an how the algorithms behave in low-end
algorithm. Thus, there is always a trade-off environments of the kind that may apply in much
between security and performance in similar of electronic commerce and consumer
algorithms - such as symmetric key algorithms. applications.
Eli Biham [7] has suggested that performance of
algorithms should be measured by timing the There is also a need to understand whether the
minimum number of secure rounds for each different algorithms are architecturally different
algorithm - that is the estimated number of in their ability to support implementation

88
Published by iRepository, 2022
Authorized licensed use limited to: Trial User - Institute of Business Administration Karachi. Downloaded on May 10,2023 at 06:10:30 UTC from IEEE Xplore. Restrictions apply.
https://ir.iba.edu.pk/icict/2005/2005/33

assurance techniques. None of the existing REFERENCES

specifications are precise enough to support
formal design and analysis methods and it even [1] National Bureau of Standards - Data Encryption
seems possible that at least some of the Standard, FIPS Publication 46, 1977.
[2] NIST, "Advanced Encryption Standard Call", NIST,
algorithms on offer are sufficiently complex to 1997. http://www.nist.gov/aes/
make these techniques difficult or even [3] NIST Advanced Encryption Standard (AES)
impossible to apply. This may also be true of Development Effort web site
other approaches for implementation assurance. http://csrs.nist.gov/encryption/aes/aes-home.htm
[4] Daemen, J., Rijmen, V.: "AES Proposal: Rijndael",
This is an area where much more work is needed Banksys/Katholieke Universiteit Leuven, Belgium, AES
before any final algorithm choices are made. submission, Jun 1998.
[5] Schneier, B.: "Description of a New Variable-Length
Key, 64-Bit Block Cipher (Blowfish)", Fast Software
Encryption, Cambridge Security Workshop Proceedings
VI. CONCLUSION AND FUTURE WORK (Dec. 1993), Lecture Notes in Computer Science (LNCS),
Springer-Verlag, Vol. 809, pp. 191-204, 1993, ISBN 3-540-
In this paper, the popular secret key algorithms 58108-1.
including DES, 3DES, AES (Rijndael), [6] Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall,
C., and Ferguson, N.: "Performance Comparison of the AES
Blowfish, were implemented, and their Submissions", Counterpane Systems, Dec 1998.
performance was compared by encrypting input http://www.counterpane.com/AESperformance.html
files of varying contents and sizes. The [7] Biham, E.: "Design Tradeoffs of the AES Candidates", in
algorithms were implemented in a uniform Asiacrypt'98, Lecture Notes in Computer Science, Springer-
Verlag, 1998.
language, using their standard specifications, and
were tested on two different hardware platforms,
to compare their performance. In the end, the
results were presented which conclude that the
Blowfish is the fastest algorithm. Though
security was not catered for, in practice,
however, one would consider the security first. A
proposed direction for the future work could be
to analyze the performance/security trade-off in
greater depth. For instance, an algorithm with
more complex rounds and a larger number of
rounds is generally considered more secure. The
impact of these and other such factors on the
overall performance of an algorithm needs to be
measured.

89
Published by iRepository, 2022
Authorized licensed use limited to: Trial User - Institute of Business Administration Karachi. Downloaded on May 10,2023 at 06:10:30 UTC from IEEE Xplore. Restrictions apply.