Intel® Advanced Encryption Standard Instructions (AES-NI)
TRscaler Encryption / Decryption modules uses the hardware based encryption technology built into the latest Intel® Xeon E3 & E5 series processors from Intel™.
These modules uses hardware-accelerated AES on TRscaler appliences equipped with a CPU that supports Intel AES-NI (AES - New Instructions) to improve performance and user experience.
Measured “in the vacuum” of the main memory bus, AES-NI certainly delivers on its performance promises. The following benchmarks were recorded with TrueCrypt’s integrated benchmarking facility on a system equipped with an Intel Core i5-2520M Sandy Bridge processor sporting the AES extensions. When enabled on this system, hardware acceleration was observed to result in a more than 5x speed boost in AES encryption and decryption performance, bumping throughput up from 277 MB/s to 1.5 GB/s. Even cascaded modes recognized significant speed gains.
AES (Advanced Encryption Standard) is an encryption standard adopted by the U.S. government starting in 2001. It is widely used across the software ecosystem to protect network traffic, personal data, and corporate IT infrastructure. AES is a symmetric block cipher that encrypts/decrypts data through several rounds. The new 2010 Intel® CoreTM processor family (code name Westmere) includes a set of new instructions, Intel® Advanced Encryption Standard (AES) New Instructions (AES-NI). The instructions were designed to implement some of the complex and performance intensive steps of the AES algorithm using hardware and thus accelerating the execution of the AES algorithms. Total Application Delivery Platform® used to accelerate the performance of an SSL offloading with implementation of AES-NI into all appliances and solutions.
The performance improvement expected with the use of AES-NI would depend on the applications and how much of the application time is spent in encryption and decryption. At the algorithm level, using AES-NI can provide significant speedup of AES. For non-parallel modes of AES operation such as CBC-encrypt AES-NI can provide a 2-3 fold gain in performance over a completely software approach. For parallelizable modes such as CBC-decrypt and CTR, AES-NI can provide a 10x improvement over software solutions.
Beyond improving performance, the new instructions help address recently discovered side channel attacks on AES.