This white paper aims to provide the best-known practices for using open-source cryptography libraries on Ampere processors, including the Ampere® Altra® family and the AmpereOne® family of processors.

Cryptography is the science of securing communication and data through mathematical techniques, ensuring confidentiality, integrity, and authenticity. It is widely used in web services, load balance proxies, databases etc.

Cryptography can be divided into 3 categories:

• Symmetric key cryptography
  Also known as secret key encryption, this method uses the same key for encryption and decryption. Popular symmetric key algorithms include Advanced Encryption Systems (AES), Data Encryption Systems (DES), ChaCha20, SM1, and SM4.
• Asymmetric key cryptography
  This method uses two keys or a key pair: a public key and a corresponding private key. The public key is publicly distributed, and can be used by anyone to encrypt messages, but only the recipient, who holds the corresponding private key, can decrypt those messages. Popular algorithms used in asymmetric key cryptography are Rivest–Shamir–Adleman (RSA), Digital Signature Algorithm (DSA), Elliptic Curve Cryptography (ECC), Diffie-Hellman(DH), and SM2.
• Hash functions
  Hash functions are used to transform plaintext data of any size into a unique ciphertext or ‘fingerprint’ of fixed size. It is commonly used in message authentication, data integrity check, and digital signatures. Examples include MD5, SHA-1, SHA-2, SHA-3, and SM3.

Cipher suites are sets of instructions that enable secure network connections through the Transport Layer Security (TLS), also known as Secure Sockets Layer (SSL). These suites provide a set of algorithms and protocols required to secure communications between clients and servers. During SSL connection initiation, the web server and the client perform a SSL handshake. This involves the two parties agreeing on a mutual cipher suite, which is used to negotiate a secure HTTPS connection.

Cipher suites contain four components: a key exchange algorithm, authentication, key encryption algorithm, and a message authentication algorithm. For example, the “ECDHE-ECDSA-AES256-GCM-SHA384” cipher suite indicates ECDHE for key exchange, ECDSA for authentication, AES256-GCM for encryption, and SHA364 for message integrity.

In this section, we will list the most widely used crypto libraries used in data center workloads.

• OpenSSL
  Repository: https://github.com/openssl/openssl/
  OpenSSL is a general-purpose cryptographic library. It is the most used crypto library and is pre-installed on most OS distributions. It implements basic crypto algorithms and supports different hardware architectures.
  The OpenSSL version provided with different OS distros may vary, including 1.1.1, 3.0.x, 3.1.x, and 3.2.x. The current LTS version is 3.0.
• BoringSSL
  Repository: https://github.com/google/boringssl
  BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. It is not intended for general use because there are no guarantees of API or ABI stability.
• AWS-LC
  Repository: https://github.com/aws/aws-lc
  AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It is based on code from the Google BoringSSL project and the OpenSSL project. AWS-LC adds several optimizations for both x86 and Arm processors.
• AArch64cryptolib
  Repository: https://github.com/ARM-software/AArch64cryptolib
  AArch64cryptolib is a ‘from scratch’ implementation of cryptographic primitives aiming for optimal performance on Arm A-class cores. This library currently supports AES-GCM and AES-CBC optimized code.
  OpenSSL provides AES-GCM and AES-CBC implementations, but the performance is just as good with AArch64cryptolib on Arm Neoverse N1, Arm Neoverse V1, Ampere Altra, and AmpereOne processors.
• IPSec MB:
  Repository: https://gitlab.arm.com/arm-reference-solutions/ipsec-mb
  This is the Multi-Buffer Crypto library for IPSec on Arm64 processor. It is based on the intel-ipsec-mb library and provides the SNOW3G and ZUC algorithms on Arm64. These algorithms are widely use in Telco and 5G workloads.

In some use cases for packet processing workloads, these crypto libraries are used in conjunction with the DPDK Crypto Poll Mode Driver (PMD). Please refer to this tuning guide for details.

In this section, we will compare the performance of different libraries on Ampere processors.

Ampere® Altra® family
Ampere Altra family products are designed to meet the requirements of modern Cloud Native Computing environments with features like predictable performance and with core counts ranging from 32 to 128. These processors are Armv8.2+ ISA compatible.

All the open-source libraries listed above provide good support for the Ampere Altra family of processors.

Let’s start by comparing OpenSSL 3.3.0 and AWS-LC (master code, commit id 9921cd9) on a single core of Altra Max M128-30 using the bssl tool provided in AWS-LC.

Figure 1 and Figure 2 show AWS-LC can provide better performance for both RSA and ECDSA sign and verify.

Per-core cipher performance is critical to faster TLS handshake performance in latency-sensitive usages like web servers. Similarly, performance and scalability of ciphers is important at the processor-level, especially as you scale out with cores.

In this section, we will use the speed test provided by OpenSSL library to show the performance scaling with core count on AmpereOne A192-32X processor and compare scalability with a similar class of processor.

The following command is used to test the AES-128-GCM throughput for 1024 bytes with different threads. “numactl” is used to affinitize the test to number of cores equaling the number of openssl threads.

Copy
numactl -C 0-N openssl speed -multi $threads --bytes 1024 --seconds 10 -evp aes-128-gcm 

For reference, we compared AmpereOne A192-32X with AMD Genoa 9654; both processors have 192 threads. On AmpereOne, each thread is a physical core, but on AMD Genoa, there are 96 physical cores, each with 2 Simultaneous Multithreads (SMT). SMT can lead to poor scaling beyond 50% because of the underlying technology constraints.

From a performance perspective, it is recommended to prefer ECDSA over RSA for digital signatures. ECDSA generally offers better performance and security efficiency, especially with smaller key sizes, which can lead to faster signature generation compared to RSA;

For symmetric encryption and decryption, AES-GCM should be preferred over ChaCha20-Poly1305;

When using cryptographic libraries, it is advisable to use the version of OpenSSL or AWS-LC that includes optimizations for the AmpereOne architecture. These optimizations leverage the new features on AmpereOne processors to enhance performance;

Furthermore, AWS-LC, which offers additional performance benefits with different implementations, should be preferred over OpenSSL;

Finally, the cryptographic performance on AmpereOne scales linearly with the core count. That means AmpereOne can bring more benefits when more cores are utilized.

https://www.geeksforgeeks.org/what-is-a-symmetric-encryption/
https://www.geeksforgeeks.org/asymmetric-key-cryptography/
https://www.geeksforgeeks.org/cryptography-hash-functions/
https://amperecomputing.com/tuning-guides/dpdk-cryptography-build-and-tuning-guide
https://amperecomputing.com/products/processors
https://github.com/openssl/openssl
https://github.com/aws/aws-lc/
https://github.com/ARM-software/AArch64cryptolib
https://gitlab.arm.com/arm-reference-solutions/ipsec-mb
https://github.com/AmpereComputing/openssl
https://github.com/AmpereComputing/aws-lc/tree/dev-ampereone

All data and information contained herein is for informational purposes only and Ampere reserves the right to change it without notice. This document may contain technical inaccuracies, omissions and typographical errors, and Ampere is under no obligation to update or correct this information. Ampere makes no representations or warranties of any kind, including but not limited to express or implied guarantees of noninfringement, merchantability, or fitness for a particular purpose, and assumes no liability of any kind. All information is provided “AS IS.” This document is not an offer or a binding commitment by Ampere. Use of the products contemplated herein requires the subsequent negotiation and execution of a definitive agreement or is subject to Ampere’s Terms and Conditions for the Sale of Goods.

System configurations, components, software versions, and testing environments that differ from those used in Ampere’s tests may result in different measurements than those obtained by Ampere.

©2025 Ampere Computing. All Rights Reserved. Ampere, Ampere Computing, Altra and the ‘A’ logo are all registered trademarks or trademarks of Ampere Computing. Arm is a registered trademark of Arm Limited (or its subsidiaries). All other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.