AES-GCM Optimizations Land In Linux 6.19 - Benefiting AMD Zen 3, AVX-512 CPUs Too

Written by Michael Larabel in Linux Kernel on 3 December 2025 at 06:14 AM EST. 2 Comments

Google engineer Eric Biggers who is known for his many Linux crypto subsystem performance optimizations has seen his latest pull requests land in Linux 6.19. Notable among them are some AES-GCM optimizations benefiting AMD Zen 3 processors and separately AVX-512 processors also benefit too from this latest round of optimization work.

This Advanced Encryption Standard (AES) with Galois/Counter Mode (GCM) work has squeezed some nice performance gains out of various Intel and AMD processors for Linux 6.19. For example, the AES-GCM work can deliver up to ~74% faster performance on AMD Zen 3.

Eric Biggers explained in the AES-GCM optimization pull request:

"More optimizations and cleanups for the x86_64 AES-GCM code:

- Add a VAES+AVX2 optimized implementation of AES-GCM. This is very helpful on CPUs that have VAES but not AVX512, such as AMD Zen 3.

- Make the VAES+AVX512 optimized implementation of AES-GCM handle large amounts of associated data efficiently.

- Remove the "avx10_256" implementation of AES-GCM. It's superseded by the VAES+AVX2 optimized implementation.

- Rename the "avx10_512" implementation to "avx512".

Overall, this fills in a gap where AES-GCM wasn't fully optimized on some recent CPUs. It also drops code that won't be as useful as initially expected due to AVX10/256 being dropped from the AVX10 spec."

Additionally, Biggers submitted and was since merged all the crypto library updates. The work there includes adding SHA-3 support, BLAKE2b support is also added to the lib/crypto code, and POLYVAL support is also added to. SHA-3 was motivated as part of the ML-DSA signature algorithm work for kernel modules, BLAKE2b can be used by Btrfs for checksums, and the POLYVAL work yields code simplification compared to the current code.