2019.04.24 18:24:58 (1121087646829350915) from Daniel J. Bernstein, replying to "Stefan Kölbl (@kste_)" (1121069999576293376):
I don't think Cannon Lake has VAES. Regarding 256 vs. 128, ChaCha20 has a 256-bit key, and the benchmarks have two aes256ctr implementations using AES-NI (dolbeau and openssl, with similar speeds), so I compared to those. Nobody has bothered adding similar aes128ctr code yet.
2019.04.24 17:00:24 (1121066366625353729) from Daniel J. Bernstein:
0.57 cycles/byte for ChaCha20 to encrypt 4KB on one core of new Intel Cannon Lake CPU. I haven't seen AES-256 results as fast as this on the same CPU, even though AES-256 has special hardware support and much smaller security margin. https://bench.cr.yp.to/results-stream.html#amd64-cannon
2019.04.24 17:14:51 (1121069999576293376) from "Stefan Kölbl (@kste_)":
Does this i3 support the AVX512 AES extension (VAES)? It also looks odd with AES256 having same performance as AES128.