Age Encryption Benchmarks
1776646800Test Environment
| Component | Specification |
|---|---|
| CPU | Intel Core Ultra X7 358H (Panther Lake) |
| Architecture | x86_64 |
| Kernel | 7.0.0-rc7-3-cachyos-rc |
| Memory | 62 GB |
| Encryption | age v1.1.1 with ChaCha20-Poly1305 |
| Key Storage | TPM 2.0 via age-plugin-tpm |
Hardware Acceleration: AES-NI, VAES (AVX-512), AVX2, SHA-NI, AVX-VNNI
Methodology
Tests performed on /tmp (tmpfs) to eliminate disk I/O bottlenecks.
Test Data
- Small files: 100 files each of 1K, 10K, 100K, 500K, 1M
- Large files: Single files of 10M, 50M, 100M, 500M
Results
Encryption Performance (No TPM)
Small files (100 files batch):
| file_size | total_ms | per_file_ms |
|---|---|---|
| 1K | 519 ms | 5.2 ms |
| 10K | 536 ms | 5.4 ms |
| 100K | 558 ms | 5.6 ms |
| 500K | 650 ms | 6.5 ms |
| 1M | 787 ms | 7.9 ms |
| 10M | 26 ms | 26 ms |
| 50M | 101 ms | 101 ms |
| 100M | 183 ms | 183 ms |
| 500M | 665 ms | 665 ms |
Large files:
| file_size | total_ms | throughput_mbps |
|---|---|---|
| 1K | 519 ms | - |
| 10K | 536 ms | - |
| 100K | 558 ms | - |
| 500K | 650 ms | - |
| 1M | 787 ms | - |
| 10M | 26 ms | 384 MB/s |
| 50M | 101 ms | 495 MB/s |
| 100M | 183 ms | 546 MB/s |
| 500M | 665 ms | 751 MB/s |
Decryption with TPM
Small files (10 files sample):
| file_size | total_ms | per_file_ms |
|---|---|---|
| 1K | 4161 ms | 416 ms |
| 10K | 4158 ms | 415 ms |
| 100K | 4137 ms | 413 ms |
| 10M | 442 ms | 442 ms |
| 50M | 519 ms | 519 ms |
| 100M | 614 ms | 614 ms |
Large files:
| file_size | total_ms | throughput_mbps |
|---|---|---|
| 1K | 4161 ms | - |
| 10K | 4158 ms | - |
| 100K | 4137 ms | - |
| 10M | 442 ms | 22 MB/s |
| 50M | 519 ms | 96 MB/s |
| 100M | 614 ms | 163 MB/s |
TPM Overhead
Isolated TPM key unwrapping: 415 ms per operation
This represents the fixed cost of TPM communication regardless of file size.
Analysis
Throughput Scaling
Encryption throughput increases with file size:
- Small files: I/O overhead dominates
- Large files: Approaches ~750 MB/s sustained
TPM Impact
The TPM adds a fixed ~415 ms overhead to every decryption operation:
| File Size | TPM % of Total Time |
|---|---|
| 1 KB | 99% |
| 100 KB | 99% |
| 10 MB | 94% |
| 100 MB | 67% |
Comparison
| Hardware | TPM Latency |
|---|---|
| This system (fTPM) | ~415 ms |
| YubiKey 5 | 500-2000 ms |
| Smart card | 1000-5000 ms |
Raw Data
operation,file_size,file_count,total_ms,per_file_ms,throughput_mbps
encrypt,1K,100,519,5.2,
encrypt,10K,100,536,5.4,
encrypt,100K,100,558,5.6,
encrypt,500K,100,650,6.5,
encrypt,1M,100,787,7.9,
encrypt,10M,1,26,26,384
encrypt,50M,1,101,101,495
encrypt,100M,1,183,183,546
encrypt,500M,1,665,665,751
decrypt_tpm,1K,10,4161,416,
decrypt_tpm,10K,10,4158,415,
decrypt_tpm,100K,10,4137,413,
decrypt_tpm,10M,1,442,442,22
decrypt_tpm,50M,1,519,519,96
decrypt_tpm,100M,1,614,614,163Conclusions
- Symmetric encryption: Sustains 400-750 MB/s depending on file size
- TPM overhead: Fixed ~415 ms cost per decryption
- Batch efficiency: Amortize TPM cost by processing multiple files per session
For interactive use (SSH keys, .env files), ~415 ms latency is acceptable. For high-throughput applications, keep decrypted keys in memory during sessions.