Two parameters are relevant when evaluating performance: throughput and latency. While throughput is relevant in applications with large amounts of data to be encrypted, latency is an important benchmark whenever some kind of interactivity is required such as in connection with a video conference or a remote desktop application.
Even though hardware has a clear advantage, when it comes to performance, software encryption efficiency is increasing. This is a result of CPU enhancements such as the dedication AES instruction set. But also Graphic Processing Units (GPUs) have proven to be able to provide high encryption throughput.
But even with the progress in software-based encryption, custom-designed, dedicated application-specific hardware outperforms software solutions by orders of magnitude.
Modern computers and CPUs are huge, complex circuits with pipelining, hyper-threading and multiple levels of cache, and all of these technologies improve throughput. But when it comes to the relative simple task of encryption, the added complexity adds to latency.
If software-based encryption is running on a multitasking operating system, consistent latency may be an issue. Other tasks and interrupts can take CPU cycles from the encryption task and result in spikes in latency.
Dedicated application-specific hardware can be optimised for short data paths for encrypted data. The level of parallelisation in the encryption engine can be fine-tuned for optimal throughput performance ratio.
Generally, software encryption can be considered secure. Hardware-based encryption, however, has some properties that enhance security.
Encryption depends on random numbers for key generation and cryptographic nonces.
Most software uses a pseudo random number generator. The word pseudo refers to the fact that software is intrinsically deterministic and therefore unable to generate a truly random value.
Hardware encryption can be aided by a hardware random number generator. A hardware random number generator relies on a measured value of a physical process that is inherently random.
Software complexity is constantly increasing and with increased complexity comes a growing risk of human errors or bugs. Issues that can compromise security are not isolated to the encryption engine. If an underlying operating system can be compromised, so can the integrity of the entire system.
With hardware encryption the encryption engine can be small and efficiently isolated from software.