sha2: 0.9.3: Very small effect of `asm` with SHA-256 / SHA-512?

[35VLG84]

There seem to be very small effect in speed with SHA-256, regardless if asm is activated or not (with sha2:0.9.3 version)

The asm version is only about 10% faster than default / force-soft, and asm version is about 60% of speed Python/OpenSSL implementation.

There is small test case to demonstrate this at the end of issue. However, this also happens while calculating hashes of files, the Python version is about 2x as fast as Rust implementation.

• cpu: i5-8250U
• rustc --version: rustc 1.49.0 (e1884a8e3 2020-12-29)
• rustup toolchain list: stable-x86_64-unknown-linux-gnu (default)

All runs below are done with: cargo clean && cargo build --release && target/release/sha-rs

Default settings: (sha2 = "^0.9.3")

Rust: computing SHA-256 of 1073741824 bytes ('a')
hash: 6ac54ab637d27a69b34ce1ea5c8b98cda7c4b95ec9c0e16143fc5d4343b05113
time: 5.116825 s

Force-soft: (sha2 = { version = "^0.9.3", features = ["force-soft"]})

Rust: computing SHA-256 of 1073741824 bytes ('a')
hash: 6ac54ab637d27a69b34ce1ea5c8b98cda7c4b95ec9c0e16143fc5d4343b05113
time: 5.113324 s

ASM: (sha2 = { version = "^0.9.3", features = ["asm"]})

Rust: computing SHA-256 of 1073741824 bytes ('a')
hash: 6ac54ab637d27a69b34ce1ea5c8b98cda7c4b95ec9c0e16143fc5d4343b05113
time: 4.544902 s

Python (OpenSSL)

Py3: computing SHA-256 of 1073741824 bytes ('a')
hash: 6ac54ab637d27a69b34ce1ea5c8b98cda7c4b95ec9c0e16143fc5d4343b05113
time: 2.569319596 s

Rust example

use sha2::Digest;
use sha2::Sha256;
use std::time::Instant;

fn main() {
    let data_size = 1024;
    let iters = 1024*1024;
    let mut hasher = Sha256::new();
    let data = vec![61;data_size];

    println!("Rust: computing SHA-256 of {} bytes ('a')", data_size*iters);

    let start = Instant::now();
    for _ in 0..iters {
        hasher.update(&data);
    }
    let hash = hasher.finalize();
    let elapsed = Instant::now() - start;

    println!("hash: {:x}", hash);
    println!("time: {} s", elapsed.as_secs_f32());
}

Python example

#!/usr/bin/env python3
import hashlib
import array
import time

if __name__ == '__main__':
    data_size = 1024
    iters = 1024*1024

    hasher = hashlib.sha256()
    data = array.array('B',  [61 for _ in range(0, data_size)])

    print("Py3:  computing SHA-256 of", data_size * iters, "bytes ('a')")

    start = time.process_time()
    for i in range(0, iters):
        hasher.update(data)

    elapsed = time.process_time() - start

    print("hash:", hasher.hexdigest())
    print("time:", elapsed, "s")

[tarcieri]

For comparison, here are my numbers on a 2.3 GHz 8-Core Intel Core i9 running macOS:

SHA-256

• sha2 with soft backend (10000 bytes): 235 MB/s
• sha2 with asm feature (10000 bytes): 301 MB/s
• openssl speed sha256 (8192 bytes): 370 MB/s

asm is ~28% faster than soft, ~23% slower than OpenSSL

SHA-512

• sha2 with soft backend (10000 bytes): 439 MB/s
• sha2 with asm feature (10000 bytes): 493 MB/s
• openssl speed sha512 (8192 bytes): 569 MB/s

asm is ~12% faster than soft, ~15% slower than OpenSSL

I can also test on a Linux host with a Xeon CPU, but this was the easiest for me to do quickly

[newpavlov]

Yes, it's a known property. Assembly from the project Nayuki is less efficient than implementations from OpenSSL, this is why I've created RustCrypto/asm-hashes#5. I think we can close this issue in its favor?