Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: internal/cpu, crypto/aes: support VAES and VPCLMULQDQ instructions in AES-GCM cipher functions #42726

Open
tpaint opened this issue Nov 19, 2020 · 7 comments
Open

proposal: internal/cpu, crypto/aes: support VAES and VPCLMULQDQ instructions in AES-GCM cipher functions #42726

tpaint opened this issue Nov 19, 2020 · 7 comments
Labels
FeatureRequest NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals (old)
Milestone
Backlog

Comments

@tpaint
Copy link
Contributor

tpaint commented Nov 19, 2020

What version of Go are you using (go version)?

$ go version 1.15.5 linux/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)? amd64 linux

go env Output
$ go env
amd64 linux

What did you do?

This is a request/proposal for two new features:

  1. In internal/cpu: detect CPU support for AVX-512 VAES and VPCLMULQDQ SIMD instructions
  2. In crypto/aes: performance-optimize the AES-GCM cipher functions using VAES and VPCLMULQDQ instructions

What did you expect to see?

in src/crypto/aes/gcm_amd64.s, the request is to support new AVX-512 SIMD crypto instructions VAES and VPCLMULQDQ.

What did you see instead?

in src/crypto/aes/gcm_amd64.s currently there is existing support only for the scalar AES and PCLMULQDQ instructions

We have developed proposed patches for go v1.15.5 as follows:

  1. internal/cpu: check the cpu registers for presence of VAES and VPCLMULQDQ, set flags accordingly
  2. crypto/aes: performance-optimize AES-GCM using these instructions

The patches will be contributed and submitted to the Go Gerrit for review.

References:

  1. https://www.tomshardware.com/news/intel-10nm-xeon-ice-lake-sp-sunny-cove-core-architecture
  2. https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf
@gopherbot
Copy link

Change https://golang.org/cl/271521 mentions this issue: internal/cpu: Add detection for VAES and VPCLMULQDQ instructions

@dmitshur dmitshur changed the title Support VAES and VPCLMULQDQ instructions in cryto/cipher/AES-GCM and internal/cpu internal/cpu, crypto/aes: support VAES and VPCLMULQDQ instructions in AES-GCM cipher functions Nov 30, 2020
@dmitshur dmitshur added FeatureRequest NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance labels Nov 30, 2020
@dmitshur dmitshur added this to the Backlog milestone Nov 30, 2020
@dmitshur
Copy link
Contributor

CC @FiloSottile, @agl, @katiehockman, @rolandshoemaker per owners.

@FiloSottile
Copy link
Contributor

FiloSottile commented Nov 30, 2020
edited by katiehockman

Please keep in mind the new assembly policy. Happy to work with you to make sure the contribution follows that policy.

@katiehockman katiehockman changed the title internal/cpu, crypto/aes: support VAES and VPCLMULQDQ instructions in AES-GCM cipher functions proposal: internal/cpu, crypto/aes: support VAES and VPCLMULQDQ instructions in AES-GCM cipher functions Nov 30, 2020
@ianlancetaylor ianlancetaylor added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jan 6, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals (old) Jan 6, 2021
@gopherbot
Copy link

Change https://golang.org/cl/286852 mentions this issue: crypto/aes: Implement AES-GCM ciphers optimized with AVX-512 VAES and VPCLMULQDQ

@bcmills bcmills mentioned this issue Jan 27, 2021
Open
@gopherbot
Copy link

Change https://golang.org/cl/334610 mentions this issue: crypto/aes: Implement new and improved AES-GCM ciphers optimized with AVX-512 VAES and VPCLMULQDQ

@tpaint
Copy link
Contributor Author

tpaint commented Jul 19, 2021

We have implemented a new version of the vaes/vpclmulqdq optimized GCM cipher and posted it to CL 334610. Performance on cpus that support these instructions is significantly improved in comparison to the original version posted in CL 286852. Details are in the CL and associated source comments.

@Jorropo
Copy link
Member

Jorropo commented Dec 10, 2023
edited

Using AVX512 here is not needed btw, we can use VAES with AVX and still get the 2X performance improvement.
Both intel alder-lake (P and E cores) and Zen4 cores only have 256 bits wide AES units (Zen4 never do 512 AVX512, they always do two 256 bits ops).

So on today's cpus doing VAES on 512 bits ZMM registers takes twice longer than 256 bits YMM, yielding no performance improvement. (using avx512 can help if we are uops starved, but here we shouldn't)

VPCLMULQDQ can help in other ways still.

@Jorropo Jorropo mentioned this issue Dec 10, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FeatureRequest NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals
Status: Incoming
Proposals (old)
Incoming
Milestone
Backlog
Development

No branches or pull requests
6 participants
@FiloSottile @dmitshur @ianlancetaylor @tpaint @gopherbot @Jorropo