Skip to content

Algorithm Performance Benchmarks

This page provides performance data for all 78 cryptographic algorithms supported by AnkaSecure, helping you select the optimal algorithm for your use case based on throughput, latency, and security requirements.

Benchmark Methodology

Test Environment: - Payload Size: 5 MB (representative of typical document/file size) - Format: JWE Compact (encryption), JWS Compact (signatures) - Iterations: 10 measurements (median reported) - Warm-up: 5 iterations before measurement - Platform: Java runtime, Bouncy Castle 1.81

Metrics Explained: - Encrypt/Sign Time: Milliseconds to encrypt/sign 5 MB payload - Decrypt/Verify Time: Milliseconds to decrypt/verify 5 MB payload - Throughput: Megabytes per second (MB/s) processing rate

Note: Performance varies by hardware, payload size, and concurrent operations. Use these benchmarks for relative comparisons.

Encryption/Decryption Performance

Symmetric AEAD (Authenticated Encryption)

Recommended: AES-GCM or ChaCha20-Poly1305 for optimal performance

Algorithm Security Level Encrypt (ms) Decrypt (ms) Throughput (Enc) Throughput (Dec)
ChaCha20-Poly1305 256-bit 60 77 87 MB/s 68 MB/s
AES-GCM-128 128-bit 66 79 79 MB/s 66 MB/s
AES-GCM-192 192-bit 68 79 77 MB/s 66 MB/s
AES-GCM-256 256-bit 71 83 74 MB/s 63 MB/s
Camellia-GCM-128 128-bit 70 84 75 MB/s 62 MB/s
Camellia-GCM-192 192-bit 82 97 64 MB/s 54 MB/s
Camellia-GCM-256 256-bit 78 94 67 MB/s 56 MB/s
ARIA-GCM-128 128-bit 85 102 62 MB/s 51 MB/s
ARIA-GCM-192 192-bit 91 108 58 MB/s 49 MB/s
ARIA-GCM-256 256-bit 98 115 54 MB/s 46 MB/s
SEED-GCM-128 128-bit 98 109 53 MB/s 48 MB/s
SM4-GCM-128 128-bit 91 108 58 MB/s 49 MB/s
AES-CCM-128 128-bit 73 87 72 MB/s 60 MB/s
AES-CCM-192 192-bit 76 94 69 MB/s 56 MB/s
AES-CCM-256 256-bit 81 99 65 MB/s 53 MB/s
SM4-CCM-128 128-bit 135 151 39 MB/s 35 MB/s

Key Insights: - ⚡ ChaCha20-Poly1305 fastest: 87 MB/s encryption, excellent for high-throughput APIs - ✅ AES-GCM-256 recommended: Best balance of security (256-bit) and performance (74 MB/s) - 🇯🇵 Camellia: Required for Japan CRYPTREC compliance - 🇰🇷 ARIA: Required for South Korea KCMVP compliance - 🇨🇳 SM4: Required for China GM/T compliance

Post-Quantum KEM (Quantum-Resistant Encryption)

Recommended: ML-KEM-768 for optimal quantum resistance and performance

Algorithm NIST Level Encrypt (ms) Decrypt (ms) Throughput (Enc) Throughput (Dec)
ML-KEM-512 I (128-bit) 58 89 90 MB/s 59 MB/s
ML-KEM-768 III (192-bit) 64 88 82 MB/s 60 MB/s
ML-KEM-1024 V (256-bit) 61 82 86 MB/s 64 MB/s
HQC-128 I (128-bit) 66 90 79 MB/s 58 MB/s
HQC-192 III (192-bit) 27 95 194 MB/s 55 MB/s
HQC-256 V (256-bit) 26 88 202 MB/s 60 MB/s
FRODO-640 III (192-bit) 24 97 218 MB/s 54 MB/s
FRODO-976 III (192-bit) 30 102 175 MB/s 51 MB/s
FRODO-1344 V (256-bit) 45 119 117 MB/s 44 MB/s
SABER (LIGHTSABER-128) I (128-bit) 11 83 477 MB/s 63 MB/s
SABER (SABER-192) III (192-bit) 14 88 374 MB/s 60 MB/s
SABER (FIRESABER-256) V (256-bit) 11 84 477 MB/s 62 MB/s
NTRU-701 III (192-bit) 13 83 403 MB/s 63 MB/s
NTRU-1373 V (256-bit) 13 88 403 MB/s 60 MB/s
NTRUPRIME-761 III (192-bit) 13 82 403 MB/s 64 MB/s
NTRUPRIME-857 V (256-bit) 11 87 477 MB/s 60 MB/s
BIKE-128 I (128-bit) 12 94 437 MB/s 56 MB/s
BIKE-192 III (192-bit) 14 120 374 MB/s 44 MB/s
BIKE-256 V (256-bit) 15 155 349 MB/s 34 MB/s
CMCE-460896 III (192-bit) 102 290 51 MB/s 18 MB/s
CMCE-6688128 V (256-bit) 187 504 28 MB/s 10 MB/s

Key Insights: - 🚀 SABER fastest PQC: FIRESABER-256 at 477 MB/s (5.8x faster than ML-KEM-768) - ⭐ ML-KEM-768 recommended: NIST-standardized (FIPS 203), NSA CNSA 2.0 approved - 🛡️ Classic McEliece: Slowest but most conservative (40+ years of research) - 🇩🇪 FrodoKEM: Required for BSI TR-02102 compliance (algorithm diversity)

Classical Asymmetric Encryption

Recommended: RSA-2048 for compatibility, but migrate to ML-KEM for quantum resistance

Algorithm Security Level Encrypt (ms) Decrypt (ms) Throughput (Enc) Throughput (Dec)
RSA-2048 ~112-bit 12 57 437 MB/s 92 MB/s
RSA-3072 ~128-bit 13 55 403 MB/s 95 MB/s
RSA-4096 ~152-bit 11 57 477 MB/s 92 MB/s
RSA-6144 ~176-bit 11 67 477 MB/s 78 MB/s
RSA-8192 ~192-bit 11 84 477 MB/s 62 MB/s

Key Insights: - ⚠️ Not quantum-resistant: RSA vulnerable to Shor's algorithm (quantum computers) - 🔄 Migration recommended: Transition to ML-KEM for long-term protection - ⚡ Fast encryption: RSA encryption faster than decryption (public key operation)

Signature/Verification Performance

Symmetric MACs (Message Authentication Codes)

Recommended: HMAC-SHA256 for optimal throughput

Algorithm Security Level Sign (ms) Verify (ms) Throughput (Sign) Throughput (Verify)
HMAC-SHA256 256-bit 24 54 218 MB/s 97 MB/s
HMAC-SHA384 384-bit 30 55 175 MB/s 95 MB/s
HMAC-SHA512 512-bit 28 54 187 MB/s 97 MB/s
HMAC-SHA3-256 256-bit 34 61 154 MB/s 86 MB/s
HMAC-SHA3-384 384-bit 42 77 125 MB/s 68 MB/s
HMAC-SHA3-512 512-bit 47 74 112 MB/s 71 MB/s
HMAC-SM3 256-bit 47 79 112 MB/s 66 MB/s
KMAC128 128-bit 33 61 159 MB/s 86 MB/s
KMAC256 256-bit 36 64 146 MB/s 82 MB/s
CMAC-AES-128 128-bit 47 78 112 MB/s 67 MB/s
CMAC-AES-192 192-bit 50 78 105 MB/s 67 MB/s
CMAC-AES-256 256-bit 61 82 86 MB/s 64 MB/s

Key Insights: - 🚀 HMAC-SHA256 dominant: 218 MB/s signing, 9x faster than CMAC-AES - ✅ KMAC modern: SHA-3 based, recommended for new systems - 🇨🇳 HMAC-SM3: Required for China GM/T compliance

Post-Quantum Digital Signatures (Quantum-Resistant)

Recommended: ML-DSA-65 for optimal quantum resistance and performance

Algorithm NIST Level Sign (ms) Verify (ms) Throughput (Sign) Throughput (Verify)
ML-DSA-44 I (128-bit) 83 93 63 MB/s 56 MB/s
ML-DSA-65 III (192-bit) 89 98 59 MB/s 54 MB/s
ML-DSA-87 V (256-bit) 94 99 56 MB/s 53 MB/s
FALCON-512 I (128-bit) 94 111 56 MB/s 47 MB/s
FALCON-1024 V (256-bit) 93 106 56 MB/s 49 MB/s
SLH-DSA-SHA2-128F I (128-bit) 190 128 28 MB/s 41 MB/s
SLH-DSA-SHA2-128S I (128-bit) 902 117 6 MB/s 45 MB/s
SLH-DSA-SHA2-192F III (192-bit) 182 114 29 MB/s 46 MB/s
SLH-DSA-SHA2-192S III (192-bit) 1526 111 3 MB/s 47 MB/s
SLH-DSA-SHA2-256F V (256-bit) 253 117 21 MB/s 45 MB/s
SLH-DSA-SHA2-256S V (256-bit) 1328 112 4 MB/s 47 MB/s
XMSS 128-bit 107 113 49 MB/s 46 MB/s
LMS 128-bit 289 127 18 MB/s 41 MB/s

Key Insights: - ⭐ ML-DSA-65 recommended: NIST-standardized (FIPS 204), NSA CNSA 2.0 approved - 📦 FALCON compact: 40% smaller signature size than ML-DSA (preferred for smartcards) - 🐌 SLH-DSA slow (S variants): "Small" parameter sets prioritize signature size over speed - ⚡ SLH-DSA fast (F variants): "Fast" parameter sets optimize for speed

Use Case Guidance: - General use: ML-DSA-65 (balanced performance) - Compact signatures: FALCON-512 (eID cards, smartcards) - Stateless signatures: SLH-DSA-SHA2-128F (no key state, firmware signing)

Classical Digital Signatures

Recommended: ECDSA P-384 for compatibility, but migrate to ML-DSA for quantum resistance

Algorithm Security Level Sign (ms) Verify (ms) Throughput (Sign) Throughput (Verify)
RSA-2048 ~112-bit 72 83 73 MB/s 63 MB/s
RSA-3072 ~128-bit 75 85 70 MB/s 62 MB/s
RSA-4096 ~152-bit 81 83 65 MB/s 63 MB/s
RSA-6144 ~176-bit 85 85 62 MB/s 62 MB/s
RSA-8192 ~192-bit 105 85 50 MB/s 62 MB/s
ECDSA P-256 ~128-bit 72 83 73 MB/s 63 MB/s
ECDSA P-384 ~192-bit 80 93 66 MB/s 56 MB/s
ECDSA P-521 ~256-bit 80 92 66 MB/s 57 MB/s
SM2 256-bit 101 118 52 MB/s 44 MB/s

Key Insights: - ⚠️ Not quantum-resistant: RSA and ECDSA vulnerable to Shor's algorithm - 🔄 Migration recommended: Transition to ML-DSA for future-proof signatures - ⭐ ECDSA P-384: NSA CNSA 2.0 transitional (use until 2030)

Performance Comparison by Category

Fastest Algorithms

Encryption: 1. SABER (FIRESABER-256): 477 MB/s (PQC) 2. HQC-256: 202 MB/s (PQC) 3. FRODO-640: 218 MB/s (PQC)

Signing: 1. HMAC-SHA256: 218 MB/s (Symmetric) 2. HMAC-SHA512: 187 MB/s (Symmetric) 3. HMAC-SHA384: 175 MB/s (Symmetric)

Quantum-Resistant Encryption: - ML-KEM-768: 82 MB/s, NIST-standardized, NSA CNSA 2.0

Quantum-Resistant Signatures: - ML-DSA-65: 59 MB/s, NIST-standardized, NSA CNSA 2.0

Classical Encryption (transition to PQC): - AES-256-GCM: 74 MB/s, widely supported - ChaCha20-Poly1305: 87 MB/s, modern alternative

Classical Signatures (transition to PQC): - ECDSA P-384: 66 MB/s, NSA CNSA 2.0 transitional

Algorithm Selection Guide

By Use Case

Use Case Recommended Algorithm Rationale
Long-term data protection (>10 years) ML-KEM-1024 Highest quantum resistance (Level V)
General enterprise encryption ML-KEM-768 Balanced security (Level III) and performance
High-throughput API AES-256-GCM Fast symmetric encryption (74 MB/s)
Document signing ML-DSA-65 NIST-standardized, quantum-resistant
Smartcard/eID signatures FALCON-512 Compact signature size (40% smaller)
Firmware signing SLH-DSA-SHA2-128F Stateless (no key state to manage)
China compliance SM4-GCM-128 + SM2 GM/T mandatory algorithms
Japan compliance Camellia-GCM-256 CRYPTREC recommended
South Korea compliance ARIA-GCM-256 KCMVP recommended

By Security vs Performance

High Security (Long-term protection): - ML-KEM-1024: 86 MB/s (quantum-resistant, Level V) - ML-DSA-87: 56 MB/s (quantum-resistant, Level V)

Balanced (Recommended): - ML-KEM-768: 82 MB/s (quantum-resistant, Level III) - ML-DSA-65: 59 MB/s (quantum-resistant, Level III)

High Performance: - AES-256-GCM: 74 MB/s (symmetric, 256-bit) - ChaCha20-Poly1305: 87 MB/s (symmetric, 256-bit)

Ultra-High Performance (non-quantum-resistant): - SABER-256: 477 MB/s (not standardized, experimental) - HMAC-SHA256: 218 MB/s (symmetric MAC)

Performance Tuning Tips

1. Choose the Right Algorithm

For <5 MB payloads (Compact JWS/JWE): - Use ML-KEM-768 or AES-256-GCM (optimal for small-medium payloads)

For >5 MB files (Streaming): - Use ChaCha20-Poly1305 or AES-GCM (streaming optimized) - Consider symmetric encryption (faster) with separate key encapsulation

2. Batch Operations

SDK Tip: Reuse client connections for multiple operations

// ✅ GOOD: Reuse client
AnkaSecureClient client = new AnkaSecureClient(config);
for (Document doc : documents) {
    client.encrypt(doc); // Reuses HTTP connection
}

// ❌ BAD: Create new client each time
for (Document doc : documents) {
    AnkaSecureClient client = new AnkaSecureClient(config);
    client.encrypt(doc); // New connection overhead
}

3. Parallel Processing

CLI Tip: Parallelize independent operations

# Process files in parallel (GNU Parallel)
ls *.txt | parallel ankasecure-cli encrypt --key-id my-key --input {}

4. Caching

API Tip: Cache keys to avoid repeated key generation

// Cache key metadata (avoid repeated key lookups)
KeyResponse key = client.getKey("my-key");
// Reuse key for multiple operations

Latency Considerations

Network Latency: - SaaS: +20-100ms (round-trip to cloud) - On-Premise: <5ms (local network)

Operation Latency (5 MB payload): - Fastest: SABER, HQC (~10-30ms) - Recommended: ML-KEM, ML-DSA (~60-100ms) - Slowest: Classic McEliece, SLH-DSA-S (~100-1500ms)

Recommendation: For latency-sensitive applications (<100ms total), use ML-KEM-768 or AES-256-GCM.

Hardware Acceleration

CPU Acceleration: - ✅ AES-NI: Hardware acceleration for AES-GCM (Intel, AMD, ARM) - ✅ AVX2/AVX-512: Vectorized operations for ML-KEM, ML-DSA - ✅ ARM NEON: Mobile/embedded optimization

HSM Acceleration (on-premise): - ✅ Thales Luna: Hardware acceleration for RSA, AES - ✅ AWS CloudHSM: FIPS 140-2 Level 3 validation - ✅ SoftHSM: Software-based (no hardware acceleration)

Performance Impact: HSM adds 5-20ms latency but provides FIPS 140-2 compliance and key protection.

Scalability

Concurrent Operations (single instance): - Throughput: 1000+ operations/second (ML-KEM-768) - Latency: <100ms per operation (5 MB payload)

Horizontal Scaling: - Deploy multiple instances for higher throughput - Load balancing across instances

See deployment scalability →

Documentation Version: 3.0.0 Last Updated: 2025-12-26