nemozone

Using LUKS encryption on a 512 GB NVMe SSD can result in a significant performance drop. According to tests, the read speed of an unencrypted drive can be around 1700 MB/s, while the same drive with LUKS encryption can have a read speed of around 1300 MB/s, resulting in a 24% decrease in performance. The write speed of an unencrypted drive can be around 3200 MB/s, while the same drive with LUKS encryption can have a write speed of around 1100 MB/s, resulting in a 66% decrease in performance.

The performance drop is due to the CPU and RAM not being able to handle the data rates required to (de/en)crypt it on the fly. This is because every block that is read or written needs to be encrypted or decrypted, which adds a small amount of CPU load.

By default, LUKS uses a highly secure 512-bit AES (Advanced Encryption Standard) key. This provides a strong level of encryption, but also requires more resources to process the data. To reduce the performance hit, users can experiment with different algorithms and settings to find the best balance between security and performance.

Citations :

1. https://unix.stackexchange.com/questions/615159/nvme-performance-hit-when-using-luks-encryption
2. https://forum.manjaro.org/t/luks-makes-ssd-slow/89114
3. https://ask.fedoraproject.org/t/if-i-use-full-disk-encryption-luks-will-it-slowdown-boot-up-or-usage/17307
4. https://aws.amazon.com/ebs/pricing/
5. https://www.couchbase.com/blog/at-rest-data-security-with-luks-encryption/
6. https://www.cdw.com/content/cdw/en/articles/hardware/ssd-types-m2-sata-nvme-u2.html