After introducing the difference between the AES modes, in this document, I will put the results about the AES modes performance.
The following tests just use one core CPU.
AESNI:The Advanced Encryption Standard Instruction Set (or Intel Advanced Encryption Standard New Instructions, AESNI for short) is an extension of the x86 instruction set architecture for Intel and AMD microprocessors, presented by Intel in March 2008. [1] The purpose of this instruction set is to improve the speed at which applications use the Advanced Encryption Standard (AES) to perform encryption and decryption.
OpenSSL: OpenSSL is a robust, commercialgrade, and fullfeatured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a generalpurpose cryptography library. There is much Standard encryption algorithm in OpenSSL. We will use OpenSSL to test the AES modes performance.
How to get the performance resultsYou can refer to the official document:https://www.openssl.org/docs/manmaster/man1/speed.html.
Here we will use the following command to do the performance test.
With AESNI enabled:
openssl speed elapsed evp aes128cbc
With disabled AESNI
OPENSSL_ia32cap=”~0x200000200000000″ openssl speed elapsed evp aes128cbc

CPU : i5 8400 (has the AESNI)

Memory : 16G DDR4

Disk : Inter SSD 1T

OS : CentOS Linux release 7.6.1810 (Core)

OpenSSL : OpenSSL 1.0.2k
The tests for each input data size was performed for 3 seconds, for the ciphers that we were interested in.
Five modes with 128bits key, AESNI enabled and disabled, encryption(the first row means OpenSSL will use aseecb with 128bits key to encrypted 1371968.28k data in 3 seconds):
mode  AESNI enabled  16 bytes  64 bytes  256 bytes  1024 bytes  8192 bytes 
aes128ecb  Yes  1371968.28k  5423199.85k  6373315.16k  6185025.88k  6337997.48k 
aes128ecb  No  393519.33k  426293.50k  433427.54k  436615.85k  437493.76k 
aes128cbc  Yes  1333548.38k  1458045.21k  1504091.39k  1512224.43k  1514831.87k 
aes128cbc  No  361409.25k  402460.22k  413829.03k  417298.43k  418106.03k 
aes128cfb  Yes  973355.89k  972457.98k  972651.01k  973300.05k  973474.47k 
aes128cfb  No  347312.88k  354232.43k  353715.29k  355110.91k  355467.26k 
aes128ofb  Yes  1154166.02k  1327641.05k  1319713.45k  1317734.74k  1317076.99k 
aes128ofb  No  354372.10k  388733.06k  396086.53k  400353.62k  401219.58k 
aes128ctr  Yes  1042913.12k  2683962.99k  5098530.65k  6004447.23k  6303976.11k 
aes128ctr  No  152004.41k  166371.33k  575773.78k  636239.53k  656258.39k 
In the result, we can get the ECB is the fastest mode, but it is not be recommended, we suggest to use the CTR mode in the PostgreSQL to encrypt. After 1024 bytes, the speed is nearly the same, so we suggest to use the 8192 bytes as a unit to encrypt in the PostgreSQL.At the same time, we can know that AESNI will have up to 10 times the performance gap between opening and closing.
After comparing the different modes in the horizontal direction, we will perform performance tests with different key lengths in the same mode. As the above test knows, we will use ctr mode encryption, so here we only test the performance comparison of different key lengths of ctr mode.CTR mode:
mode  16 bytes  64 bytes  256 bytes  1024 bytes  8192 bytes 
aes128ctr  1042913.12k  2683962.99k  5098530.65k  6004447.23k  6303976.11k 
aes192ctr  901375.74k  2573741.65k  4438022.31k  5061482.15k  5259031.89k 
aes256ctr  827355.85k  2355164.99k  3671733.59k  4291537.92k  4505072.98k 
In the results, we can know that as the key length increases, the encryption speed will also decrease. However, it is well known that as keys grow, security increases. How to balance the relationship between the two will be investigated later. But we can know that if you think speed is more important than security, you can use a 128bit key, otherwise, you can use a 256bit key.
Five modes with 128bits key, AESNI enabled, encryption and decryption
mode  encryption  16 bytes  64 bytes  256 bytes  1024 bytes  8192 bytes 
aes128ecb  encryption  1371968.28k  5423199.85k  6373315.16k  6185025.88k  6337997.48k 
aes128ecb  decryption  1369603.95k  5093928.19k  6346512.98k  6358113.96k  6345064.45k 
aes128cbc  encryption  1333548.38k  1458045.21k  1504091.39k  1512224.43k  1514831.87k 
aes128cbc  decryption  1310567.29k  4620511.15k  5941994.67k  6256102.40k  6325758.63k 
aes128cfb  encryption  973355.89k  972457.98k  972651.01k  973300.05k  973474.47k 
aes128cfb  decryption  891813.84k  955344.41k  954807.47k  956417.71k  957098.67k 
aes128ofb  encryption  1154166.02k  1327641.05k  1319713.45k  1317734.74k  1317076.99k 
aes128ofb  decryption  1040775.34k  1316325.53k  1316540.33k  1316523.35k  1316489.90k 
aes128ctr  encryption  1042913.12k  2683962.99k  5098530.65k  6004447.23k  6288979.29k 
aes128ctr  decryption  999478.82k  2498636.14k  4890340.35k  5921968.13k  6288979.29k 
Except for cbc mode, the encryption and decryption speed of all modes is almost the same.
In the end, comparing the encryption and decryption speeds of different modes, the encryption speed of different block sizes, the encryption speed of different key lengths, and the encryption speed of turning AESNI on and off, I recommend using CTR mode for data encryption in PostgreSQL.
Shawn Wang is a developer of PostgreSQL Database Core. He has been working in HighGo Software for about eight years.
He did some work for Full Database encryption, Oracle Compatible function, Monitor tool for PostgreSQL, Just in time for PostgreSQL and so on.
Now he has joined the HighGo community team and hopes to make more contributions to the community in the future.