Description
We used to manually generate a keystream and XOR it with the plaintext.
While this implemenation was correct, easy to review (and actually reviewed in two independent audits), it is not necessary.
It got therefore replaced with an easy-to-use BouncyCastle high-level API in commit 620a9ad:
siv-mode/src/main/java/org/cryptomator/siv/CustomCtrComputer.java
Lines 24 to 35 in 90b8cb6
Furthermore we added a JCE-based implementation in 90b8cb6:
siv-mode/src/main/java/org/cryptomator/siv/JceAesCtrComputer.java
Lines 39 to 51 in 90b8cb6
The immediate effect is a significant 20% speedup on JDK 8:
Benchmark Mode Cnt Score Error Units
SivModeBenchmark.benchmarkJce (old) avgt 4 21,904 ± 10,101 us/op
Benchmark Mode Cnt Score Error Units
SivModeBenchmark.benchmarkJce (new) avgt 4 17,327 ± 1,357 us/op
More importantly, this directly benefits from further optimizations in the JRE. With JDK 14 I get even faster computation times:
Benchmark Mode Cnt Score Error Units
SivModeBenchmark.benchmarkJce avgt 4 11,586 ± 2,245 us/op