Encryption using parallel stream is slower than default provider
See original GitHub issueI’m trying to run some basic tests to get a feel for perf boost for encryption using KMS with ACCP. I tried running encryption with a JSON string as plaintext with and without ACCP enabled. Following are the numbers I’m seeing, I might have got something wrong - could you please let me know if you could spot something? If I use single thread to run whole 100k I see ACCP being faster but not by much (not even 2x faster).
I’m on Java 11, 64-bit intel i7 Arch Linux. The numbers are with cache enabled.
10k - encryption - default crypto provider - 23279ms 10k - encryption - amazon corretto crypto provider - 19882ms Difference 3397ms
100k - encryption - default provider - 222708ms 100k - encryption - amazon corretto crypto provider - 185254ms Difference 37454ms
Parallel - chunked (100 * 1000) 100k - encryption - default provider - 47032ms 100k - encryption - amazon corretto crypto provider - 48181ms
@Slf4j
@Component
public class KmsUtils {
@Autowired ApplicationProperties applicationProperties;
private AwsCrypto awsCrypto;
private CryptoMaterialsManager dataKeyCache;
private KmsMasterKeyProvider kmsMasterKeyProvider;
public String decrypt(String cipherTxt) {
return awsCrypto.decryptString(dataKeyCache, cipherTxt).getResult();
// return awsCrypto.decryptString(kmsMasterKeyProvider, cipherTxt).getResult();
}
public String encrypt(String clearTxt) {
return awsCrypto.encryptString(dataKeyCache, clearTxt).getResult();
// return awsCrypto.encryptString(kmsMasterKeyProvider, clearTxt).getResult();
}
@PostConstruct
void init() {
log.info("Initialising.");
awsCrypto = new AwsCrypto();
awsCrypto.setEncryptionAlgorithm(ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384);
kmsMasterKeyProvider =
KmsMasterKeyProvider.builder()
.withDefaultRegion(EU_WEST_2.getName())
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withKeysForEncryption(applicationProperties.getKmsKeyArn())
.build();
CryptoMaterialsCache cache =
new LocalCryptoMaterialsCache(applicationProperties.getDataKeyCacheCapacity());
dataKeyCache =
CachingCryptoMaterialsManager.newBuilder()
.withMasterKeyProvider(kmsMasterKeyProvider)
.withCache(cache)
.withMaxAge(
applicationProperties.getDataKeyCacheMaxEntryAge(),
TimeUnit.SECONDS)
.withMessageUseLimit(applicationProperties.getDataKeyCacheMaxPerKey())
.build();
}
}
@Test
public void testKmsUtils_MassiveEncryption() {
AmazonCorrettoCryptoProvider.install();
AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
List<Pair<Integer, Integer>> allRanges = new ArrayList<>();
for (int i = 0; i < 100; i++) {
int current = i * 1000;
allRanges.add(Pair.of(current, current + 1000));
}
log.info("All pairs {}", allRanges);
long start = System.currentTimeMillis();
allRanges.stream()
.parallel()
.forEach(
tuple -> {
int countStart = tuple.getLeft();
int countEnd = tuple.getRight();
for (int i = countStart; i < countEnd; i++) {
String encrypted = kmsutils.encrypt(massiveList);
}
});
long finish = System.currentTimeMillis();
log.info("Total time took for encryption is {} ms", finish - start);
}
Issue Analytics
- State:
- Created 3 years ago
- Comments:13 (7 by maintainers)
Top GitHub Comments
We’re looking into this. Thank you.
This is fixed by #132