What javascript encryption library performs well on phonegap?

published Jul 18, 2013 09:35   by admin ( last modified Aug 03, 2013 04:53 )

Summary:

  • crypto-js seems 20% faster on an Android 2.3.7 phone on the ARM platform than sjcl.js.
  • It is 15% faster on Android 4.04 tested on a Lenovo K1
  • On an Android 2.3.3 Virtual Device running Atom ontop of a Core2 Duo, it is twice as fast, and about the same for running ARM ontop.
  • Tested with the browser in Phonegap/Cordova 2.8.
  • (From a newer blog post of mine) In preliminary browser (not phonegap) tests on Android, on this test page Speed Test Simulate-threading, Stanford handily betas CryptoJS, with forge beating them both

 

There is a jsperf comparing encryption/decryption speed in javascript:

http://jsperf.com/encryption-decryption-comparisons/6

The two libraries that come out neck and neck on my Linux workstation x86 Chrome browser are the Stanford Javascript Library (http://crypto.stanford.edu/sjcl/) and Crypto-js (https://code.google.com/p/crypto-js/). But how do they perform on the older browser component in Phonegap/Cordova 2.8, on different versions of Android?

I have tested with Phonegap 2.8 on two Android Virtual Devices with Intel Atom, actually running on my Intel Ubuntu 12.04 x86 workstation, with Intel's KVM trick installed (Speeding Up the Android* Emulator on Intel® Architecture | Intel® Developer Zone) to up the performance of the emulators. The Android Phonegap app was configured to open the jsperf url directly in the config.xml.

When running under Android 4.2.2, the two libraries are again neck and neck, but on Android 2.3.3 on an Atom AVD, Crypto-js is twice as fast. See this screen shot (Yeah, I should have run it on a tablet AVD so the screenshot would fit, but I didn't, sorry):

Crypto-js did 50.28, and sjcl.js did 24.56, the latter almost exactly half of the former.

 

However on a real ARM phone, ZTE Blade running Android 2.3.7, the difference is only about 20%, and on Android 4.0.4 on an Lenovo K1 the difference is about 16%.

Footnotes: The "Block tea" library also performs well on Android 2.3.3 on Atom (less on ARM), but it says on the jsperf page that it is less secure so it might be like comparing apples to oranges. Furthermore crypto is hard and I don't know if there might be differences in quality between the different libraries. I also wonder if the AVDs are correct in that Intel Atom influences javascript performance differently than ARMs.