Sign in with
Sign up | Sign in


AES-NI Performance Analyzed; Limited To 32nm Core i5 CPUs

Our analysis demonstrated some impressive results from a handful of applications already optimized to take advantage of Intel's AES-NI capability, but it also showed that you aren't going to see an immediate improvement in all situations where AES is used (at least, not yet). We looked at how the symmetric encryption standard works and where it makes sense. Our benchmarks indicate strong results in favor of the Clarkdale-based Core i5-661 dual-core part, which we pitted against Intel's quad-core Core i7-870. PCMark Vantage and SiSoftware’s Sandra, specifically, are both heavily affected by the new instructions. The results in Everest Ultimate are similar.

Ah, but there's a caveat (of course). These three benchmarks are synthetic tests, which typically return more pronounced differences than what you’re likely to see in everyday life. That's why we also tried 7-Zip 9.1, BitLocker (in Windows 7 Ultimate), and WinZip 14, all of which are listed by Intel as AES-NI-enabled and completely valid measures of the technology's applicability in software we all use on a fairly regular basis already. We weren’t disappointed. WinZip 14 and BitLocker returned results that were almost as significant as what we witnessed in the synthetic test suites, though it must be noted that applying heavy compression to an archive is enough to overshadow any performance gain that'd otherwise be made available via AES-NI.

7-Zip 9.1 beta, however, which specifically takes advantage of AES-NI, did not demonstrate the same noticeable benefits. Again, this is a side-effect of applying compression to the archive. Intel confirmed with us that the compression/decompression algorithm covers up the advantage of AES-NI. Realizing it would mean altering settings that most of us use today to generate smaller files for emailing or storage.

In the end, we have plenty of proof that Intel’s approach is a forward-thinking one, although you can't say definitively that all software optimized for AES-NI will see a speed up (as shown in our 7-Zip tests). The security benefit remains, though, as the hardware acceleration of AES encryption and decryption eliminates the possibility of a side-channel break in which the AES key is extracted by observing memory access patterns (cache).

Our conclusion is simple: we’re excited to see AES-NI included in the 32nm Core i5 lineup; there are some significant performance gains to be had from the new instructions. However, Intel's product stack is confusing enough as-is. It'd undoubtedly ease adoption if the company standardized encryption acceleration across all of its new CPU (yes, even the entry-level ones) rather than using it as an arbitrary differentiator (as it did with VT-x in last-generation's offerings), keeping customers guessing.

Ask a Category Expert

Create a new thread in the Reviews comments forum about this subject

Example: Notebook, Android, SSD hard drive

Display all 39 comments.
This thread is closed for comments
  • 3 Hide
    p1n3apqlexpr3ss , February 2, 2010 5:33 AM
    Great article, but still dont really have a idea about this AES stuff, encryption as far as i care, which i dont much really.
    Would really love to see a article comparing hyperthreading to the real shiz, i3 530 vs i5 750, at 3ghz each, id love to see how they perform
  • 5 Hide
    mjello , February 2, 2010 6:11 AM
    I dont get this for a personal computer... They allready have plenty power to do this.

    For a VPN server that would be great.... Hey wait most dont use x86 but hardware specialized for this purpose...

    Nice little insignificant feature though
  • -1 Hide
    anamaniac , February 2, 2010 6:44 AM
    P1n3apqlExpr3ssGreat article, but still dont really have a idea about this AES stuff, encryption as far as i care, which i dont much really.Would really love to see a article comparing hyperthreading to the real shiz, i3 530 vs i5 750, at 3ghz each, id love to see how they perform

    Yeah, more interested in how useful hyperthreading is on these dual cors too.
    All locked at, 3.0GHz, comparing i5-660 vs i5 750 vs any C2Q with a decent amount of cache. More than anything though, just comparing a dual core with HT LGA 1156 vs a C2Q.
  • 8 Hide
    cangelini , February 2, 2010 8:10 AM
    Well, I promised that we'd revisit AES-NI in the launch story, so we're keeping our word on that one =) I'll talk to the guys about some deeper insight on HT Ani!
  • 2 Hide
    Anonymous , February 2, 2010 10:42 AM
    For a user to say they will never have a need for encryption commands on the desktop processor is ridiculous. Life cycles on these processors will be several years, and AES finds its way into more and more software/hardware each day. If you use accounting software, I hope you use encryption. If you have sensitive data on your computer, putting it in an encrypted container is very easy and worthwhile.

    Do you have plenty of horsepower with your old core 2 duo? sure. Do you read this site because you buy off the shelf and are satisfied with mediocre performance? I doubt it. What intel is doing is enabling you to have outstanding performance even in an AES encrypted environment.

    I'd be interested in seeing benchmarks from cascaded encryption including AES - if you cascade AES and TwoFish, for example, I bet the performance hit is minimal with the on-chip AES support! I know without it, cascaded encryption gives a performance hit that makes you not want to use it...
  • 2 Hide
    ajai , February 2, 2010 11:25 AM
    You could have used the Via Nano also just for the fun of things...
  • 2 Hide
    Reynod , February 2, 2010 11:25 AM
  • 1 Hide
    Yuka , February 2, 2010 11:31 AM
    It's a very useful NI for corporate mails/attachments... Once they teach people how to USE compression at all, rofl. I can see the use in it at least; could make it a default for some mail clients (cough cough Outlook/Windows Mail/Thunderbird, cough cough).

    Hope this develops faster and AMD follows Intel on this one. I'd love to get (at least) close to "real time" encryption on my system for security matters. SSH communications also could get better/faster for servers (yeah sure, why not? XD!)

    Great article, BTW!

  • 0 Hide
    jeffunit , February 2, 2010 11:32 AM
    You might mention that the application has to be compiled to use the AES-NI instructions or there will be absolutely no benefit from the instructions, as they won't get used.

    Of course, if you have the source code, and a compiler that supports the AES-NI instructions it is easy to do it yourself. But few windows programs are open source, so you have to generally rely on the vendor.
  • 2 Hide
    ajai , February 2, 2010 11:36 AM

    Intel I5 661 3.3Ghz - 2000 MB/s
    Via Nano 1.3ghz - 0765 MB/s
    Intel I7 870 2.9Ghz - 0710 MB/s
    Intel QX9770 3.2Ghz - 0396 MB/s

    lol a Via nano @ 1.3Ghz can beat a i7 870 in AES...
  • 1 Hide
    martel80 , February 2, 2010 12:57 PM
    The SHA-256 encryption test proves that the feature only accelerates AES.
    SHA is just a hash function, it does not encrypt anything.
  • 0 Hide
    Mr_Man , February 2, 2010 1:55 PM
    Just a quick question: what do you guys use to make a RAM drive that big? The biggest my RAM drive is allowed to be is 30 MB.
  • 0 Hide
    JohnnyLucky , February 2, 2010 1:57 PM
    So what will this do for a little old lady whose idea of gaming is Windows Solitaire?
  • -1 Hide
    razor512 , February 2, 2010 4:23 PM
    seems good but no one will buy it unless they add that to the core i7 series the casual user doesn't really benefit from this and even many servers wont benefit either, from my experience, one of the main problems faced with servers is CPU and hard drive performance. Most companies do not want SSD for really important tasks as they often show no signs of when they are ready to fail and the read/write cycles that the drives get put through 24/7 will kill a SSD

    other than storage, there's a problem with CPU performance. Faster encryption is good but it wont be enough to make someone pick that CPU over a overall faster CPU as encryption isn't a large part of work that people need done, it is just a small and vital part of it.

    people who want this kind of acceleration wont care about it much, what people want is a CPU that is as fast as possible and other additional accelerations such as the encryption, is just icing on the cake
  • 3 Hide
    TheRev , February 2, 2010 5:40 PM
    I have nearly 400,000 clients running a full disk encryption product. Benchmarks have shown that performance is easily CPU bound and not I/O as many might think. For an enterprise, this will have a huge impact and will be a 'must have' requirement for our next model transiton.
  • 1 Hide
    snemarch , February 2, 2010 6:28 PM
    Remember that "time to encrypt " is only one possible benchmark. In a real-life situation, it's equally interesting to look at CPU load while en/decrypting. As an example, my X25-E delivers ~220MB/s read performance, while TrueCrypt benchmark shows it can do ~350MB/s AES-256 on my Q6600@2.4GHz.

    In other words, I'm I/O limited and AES-NI wouldn't reduce the wall-clock time spent on en/decryption. However, that 350MB/s encryption bandwidth is at 100% CPU utilization (all 4 cores) - in other words, reading full-speed from my X-25E would be at approximately 63% CPU load.

    Clearly, while AES-NI wouldn't get the job done faster, it would free up CPU cycles for other use.
  • 0 Hide
    omoronovo , February 2, 2010 6:47 PM
    First thing I thought when reading this is that Toms would use Truecrypt and it's built-in benchmarking tool to help use this as well, I was surprised they didn't.

    Since Truecrypt also combines encryption techniques, this would be a good way to see how cascaded algorithms that contain AES are improved with the new instructions.
  • -1 Hide
    dertechie , February 2, 2010 9:25 PM
    P1n3apqlExpr3ssGreat article, but still dont really have a idea about this AES stuff, encryption as far as i care, which i dont much really.Would really love to see a article comparing hyperthreading to the real shiz, i3 530 vs i5 750, at 3ghz each, id love to see how they perform

    Anand did pit the processors against each other HERE. They were simulated i3s (underclocked i5-661 with Turbo turned off). No one's done it with the clock speeds locked to X though. However, a Lynnfield at stock turbos to 3.2 GHz for 1/2 threads, which is close enough to a i3 at 3.06.

    The basic conclusion is this: the i3s are pretty good. However, when you hit 4 heavy threads, the real quads kick them to the curb.

    Fortunately for i3, most games don't have 4 heavy threads, so they work fine there. Unfortunately for them, transcoding does, and they get demolished there.

    YukaHope this develops faster and AMD follows Intel on this one.

    It's in Bulldozer (2011), but not Thuban/Zosma. Don't know about Bobcat.

    To be honest though, i5-6xx is for the enterprise market. Unless you have a particular need for AES-NI, they're not compelling from a price perspective.
  • -1 Hide
    yuhong , February 3, 2010 1:12 AM
    What about PCLMULQDQ, the other new instruction?
  • -4 Hide
    aford10 , February 3, 2010 2:06 AM
Display more comments