The Java Cryptography Extensions exist for many years, They allow to use cryptography that is not bundled in the Java platform itself. I’ve met Bouncycastle crypto provider library many times in projects I worked on. But there are other third party crypto providers as well. At least two of them - Consrypt and Corretto (named the same way as Openjdk distribution by Amazon) declare high performance as their features. I decided to measure these claims and wrote some benchmarks. To not compare apples with oranges I needed some algorithms that were implemented in all different crypto providers that I tried to test. So the choice may seem a bit strange.
First goes benchmark for Cipher doing AESGCMNoPadding (and that is the only cipher supported in all 4 provider that I have found) decrypting and encrypting (measured in operations per second - higher is better). All four providers can do it with bundled Java 17 provider being the most performant.
Here almost up-to-date JVM (Java 18 is already released) shines. But lets see the performance of hash-based message authenication codes.
Here Corretto outperforms all other options for sha1 hashing, but in other cases is is almost the same as default Openjdk crypto provider. Consrypt is real outsider here.
Now lets look at signing our messages with crypto signatures.
Conscrypt really shines here with ECDSA implementations from BoringSSL. With RSA its performance is also among leaders. However it is interesting that bundled provider outperforms Corretto with ECDSA, but loses with RSA.
Now lets look at verifying those signatures.
Once again for ECDSA verifying Conscrypt outperforms everyone else. For RSA numbers are so different for all options, lets place them on separate chart.
Here both Corretto and Consrypt do something to prove their self-names of high-performance implementations.
What should you use in the end? I don’t think that performance is actually what you should look at in the first place. You should start with security and features that you need for your application. That is why Bouncycastle provider whose performance is not that great can be met so often.