RFR: 8371450: AES performance improvements for key schedule generation [v3]
Shawn M Emery
duke at openjdk.org
Mon Nov 10 22:55:08 UTC 2025
On Mon, 10 Nov 2025 21:06:16 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>>> Yes, this would definitely speed up key schedule generation, but at the cost of additional memory; +768 bytes per instance, where the total AES cipher would be 1,268 bytes more per instance than the original Cryptix implementation.
>>
>> I don't think that when even a Raspberry Pi comes with gigabytes of memory, a 1k increase in static data size (or even in per instance data size) should be an issue to consider. On the other hand, a 1-2% speed increase in a rarely called function is also insignificant, so if you want to keep things unchanged here, I won't object to it.
>
> Interesting idea.... So, the int[256] vs byte[256] speedup is due to less byte->int conversion? The values in both arrays are essentially the same, right?
Yes, the values are repeated per array element for int[256], but doesn't require an additional left shift operation unlike the byte[256] design. TI4[] is the inverse substitution transform of the int[256] design. Whereas byte[256] is faster than the byte[16][16] design because of the addition shift operation for indexing.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28188#discussion_r2512239069
More information about the security-dev
mailing list