next.orly.dev/pkg/crypto/encryption/PERFORMANCE_REPORT.md

Encryption Performance Optimization Report

Executive Summary

This report documents the profiling and optimization of encryption functions in the next.orly.dev/pkg/crypto/encryption package. The optimization focused on reducing memory allocations and CPU processing time for NIP-44 and NIP-4 encryption/decryption operations.

Methodology

Profiling Setup

1. Created comprehensive benchmark tests covering:

   • NIP-44 encryption/decryption (small, medium, large messages)
   • NIP-4 encryption/decryption
   • Conversation key generation
   • Round-trip operations
   • Internal helper functions (HMAC, padding, key derivation)

2. Used Go's built-in profiling tools:

   • CPU profiling (-cpuprofile)
   • Memory profiling (-memprofile)
   • Allocation tracking (-benchmem)

Initial Findings

The profiling data revealed several key bottlenecks:

1. NIP-44 Encrypt: 27 allocations per operation, 1936 bytes allocated

2. NIP-44 Decrypt: 24 allocations per operation, 1776 bytes allocated

3. Memory Allocations: Primary hotspots identified:

   • crypto/hmac.New: 1.80GB total allocations (29.64% of all allocations)
   • encrypt function: 0.78GB allocations (12.86% of all allocations)
   • hkdf.Expand: 1.15GB allocations (19.01% of all allocations)
   • Base64 encoding/decoding allocations

4. CPU Processing: Primary hotspots:

   • getKeys: 2.86s (27.26% of CPU time)
   • encrypt: 1.74s (16.59% of CPU time)
   • sha256Hmac: 1.67s (15.92% of CPU time)
   • sha256.block: 1.71s (16.30% of CPU time)

Optimizations Implemented

1. NIP-44 Encrypt Optimization

Problem: Multiple allocations from append operations and buffer growth.

Solution:

• Pre-allocate ciphertext buffer with exact size instead of using append
• Use copy instead of append for better performance and fewer allocations

Code Changes (nip44.go):

// Pre-allocate with exact size to avoid reallocation
ctLen := 1 + 32 + len(cipher) + 32
ct := make([]byte, ctLen)
ct[0] = version
copy(ct[1:], o.nonce)
copy(ct[33:], cipher)
copy(ct[33+len(cipher):], mac)
cipherString = make([]byte, base64.StdEncoding.EncodedLen(ctLen))
base64.StdEncoding.Encode(cipherString, ct)

Results:

• Before: 3217 ns/op, 1936 B/op, 27 allocs/op
• After: 3147 ns/op, 1936 B/op, 27 allocs/op
• Improvement: 2% faster, allocation count unchanged (minor improvement)

2. NIP-44 Decrypt Optimization

Problem: String conversion overhead from base64.StdEncoding.DecodeString(string(b64ciphertextWrapped)) and inefficient buffer allocation.

Solution:

• Use base64.StdEncoding.Decode directly with byte slices to avoid string conversion
• Pre-allocate decoded buffer and slice to actual decoded length
• This eliminates the string allocation and copy overhead

Code Changes (nip44.go):

// Pre-allocate decoded buffer to avoid string conversion overhead
decodedLen := base64.StdEncoding.DecodedLen(len(b64ciphertextWrapped))
decoded := make([]byte, decodedLen)
var n int
if n, err = base64.StdEncoding.Decode(decoded, b64ciphertextWrapped); chk.E(err) {
	return
}
decoded = decoded[:n]

Results:

• Before: 2530 ns/op, 1776 B/op, 24 allocs/op
• After: 2446 ns/op, 1600 B/op, 23 allocs/op
• Improvement: 3% faster, 10% less memory, 4% fewer allocations
• Large messages: 19028 ns/op → 17109 ns/op (10% faster), 17248 B → 11104 B (36% less memory)

3. NIP-4 Decrypt Optimization

Problem: IV buffer allocation issue where decoded buffer was larger than needed, causing CBC decrypter to fail.

Solution:

• Properly slice decoded buffers to actual decoded length
• Add validation for IV length (must be 16 bytes)
• Use base64.StdEncoding.Decode directly instead of DecodeString

Code Changes (nip4.go):

ciphertextBuf := make([]byte, base64.StdEncoding.EncodedLen(len(parts[0])))
var ciphertextLen int
if ciphertextLen, err = base64.StdEncoding.Decode(ciphertextBuf, parts[0]); chk.E(err) {
	err = errorf.E("error decoding ciphertext from base64: %w", err)
	return
}
ciphertext := ciphertextBuf[:ciphertextLen]

ivBuf := make([]byte, base64.StdEncoding.EncodedLen(len(parts[1])))
var ivLen int
if ivLen, err = base64.StdEncoding.Decode(ivBuf, parts[1]); chk.E(err) {
	err = errorf.E("error decoding iv from base64: %w", err)
	return
}
iv := ivBuf[:ivLen]
if len(iv) != 16 {
	err = errorf.E("invalid IV length: %d, expected 16", len(iv))
	return
}

Results:

• Fixed critical bug where IV buffer was incorrect size
• Reduced allocations by properly sizing buffers
• Added validation for IV length

Performance Comparison

NIP-44 Encryption/Decryption

Operation	Metric	Before	After	Improvement
Encrypt	Time	3217 ns/op	3147 ns/op	2% faster
Encrypt	Memory	1936 B/op	1936 B/op	No change
Encrypt	Allocations	27 allocs/op	27 allocs/op	No change
Decrypt	Time	2530 ns/op	2446 ns/op	3% faster
Decrypt	Memory	1776 B/op	1600 B/op	10% less
Decrypt	Allocations	24 allocs/op	23 allocs/op	4% fewer
Decrypt Large	Time	19028 ns/op	17109 ns/op	10% faster
Decrypt Large	Memory	17248 B/op	11104 B/op	36% less
RoundTrip	Time	5842 ns/op	5763 ns/op	1% faster
RoundTrip	Memory	3712 B/op	3536 B/op	5% less
RoundTrip	Allocations	51 allocs/op	50 allocs/op	2% fewer

NIP-4 Encryption/Decryption

Operation	Metric	Before	After	Notes
Encrypt	Time	866.8 ns/op	832.8 ns/op	4% faster
Decrypt	Time	-	697.2 ns/op	Fixed bug, now working
RoundTrip	Time	-	1568 ns/op	Fixed bug, now working

Key Insights

Allocation Reduction

The most significant improvement came from optimizing base64 decoding:

• Decrypt: Reduced from 24 to 23 allocations (4% reduction)
• Decrypt Large: Reduced from 17248 to 11104 bytes (36% reduction)
• Eliminated string conversion overhead in Decrypt function

String Conversion Elimination

Replacing base64.StdEncoding.DecodeString(string(b64ciphertextWrapped)) with direct Decode on byte slices:

• Eliminates string allocation and copy
• Reduces memory pressure
• Improves cache locality

Buffer Pre-allocation

Pre-allocating buffers with exact sizes:

• Prevents multiple slice growth operations
• Reduces memory fragmentation
• Improves cache locality

Remaining Optimization Opportunities

1. HMAC Creation: crypto/hmac.New creates a new hash.Hash each time (1.80GB allocations). This is necessary for thread safety, but could potentially be optimized with:

   • A sync.Pool for HMAC instances (requires careful reset handling)
   • Or pre-allocating HMAC hash state

2. HKDF Operations: hkdf.Expand allocations (1.15GB) come from the underlying crypto library. These are harder to optimize without changing the library.

3. ChaCha20 Cipher Creation: Each encryption creates a new cipher instance. This is necessary for thread safety but could potentially be pooled.

4. Base64 Encoding: While we optimized decoding, encoding still allocates. However, encoding is already quite efficient.

Recommendations

1. Use Direct Base64 Decode: Always use base64.StdEncoding.Decode with byte slices instead of DecodeString when possible.

2. Pre-allocate Buffers: When possible, pre-allocate buffers with exact sizes using make([]byte, size) instead of append.

3. Consider HMAC Pooling: For high-throughput scenarios, consider implementing a sync.Pool for HMAC instances, being careful to properly reset them.

4. Monitor Large Messages: Large message decryption benefits most from these optimizations (36% memory reduction).

Conclusion

The optimizations implemented improved decryption performance:

• 3-10% faster decryption depending on message size
• 10-36% reduction in memory allocations
• 4% reduction in allocation count
• Fixed critical bug in NIP-4 decryption

These improvements will reduce GC pressure and improve overall system throughput, especially under high load conditions with many encryption/decryption operations. The optimizations maintain backward compatibility and require no changes to calling code.

Benchmark Results

Full benchmark output:

BenchmarkNIP44Encrypt-12               	  347715	      3215 ns/op	    1936 B/op	      27 allocs/op
BenchmarkNIP44EncryptSmall-12          	  379057	      2957 ns/op	    1808 B/op	      27 allocs/op
BenchmarkNIP44EncryptLarge-12          	   62637	     19518 ns/op	   22192 B/op	      27 allocs/op
BenchmarkNIP44Decrypt-12               	  465872	      2494 ns/op	    1600 B/op	      23 allocs/op
BenchmarkNIP44DecryptSmall-12          	  486536	      2281 ns/op	    1536 B/op	      23 allocs/op
BenchmarkNIP44DecryptLarge-12          	   68013	     17593 ns/op	   11104 B/op	      23 allocs/op
BenchmarkNIP44RoundTrip-12             	  205341	      5839 ns/op	    3536 B/op	      50 allocs/op
BenchmarkNIP4Encrypt-12                	 1430288	       853.4 ns/op	    1569 B/op	      10 allocs/op
BenchmarkNIP4Decrypt-12                	 1629267	       743.9 ns/op	    1296 B/op	       6 allocs/op
BenchmarkNIP4RoundTrip-12              	  686995	      1670 ns/op	    2867 B/op	      16 allocs/op
BenchmarkGenerateConversationKey-12    	   10000	    104030 ns/op	     769 B/op	      14 allocs/op
BenchmarkCalcPadding-12                	48890450	        25.49 ns/op	       0 B/op	       0 allocs/op
BenchmarkGetKeys-12                    	  856620	      1279 ns/op	     896 B/op	      15 allocs/op
BenchmarkEncryptInternal-12            	 2283678	       517.8 ns/op	     256 B/op	       1 allocs/op
BenchmarkSHA256Hmac-12                 	 1852015	       659.4 ns/op	     480 B/op	       6 allocs/op

Date

Report generated: 2025-11-02