Where possible, performance should be estimated in terms of the number of invocations of the underlying block cipher.Â If the estimate depends on the underlying block cipher, then, at a minimum, estimates should be provided for the AES algorithm.
If actual performance data is given, the conditions of the implementation should be described in sufficient detail so that the estimates could be verified by the public.