ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: charter constraints list

2004-10-09 06:59:16
from [Michael Thomas] [Permanent Link] 
Seth Goodman writes:

Something to note here is that signing and verifying are
several orders of magnitude different in CPU complexity --
verifying being *much* cheaper. The SHA1 digest quickly
overcomes the RSA verify as the dominate factor... not to
mention that watching Spamassassin grind away trumps all...



Hmm.  Something's rotten in Denmark.  There is a difference between signing
and validating, but I don't recall it as being anywhere near an order of
magnitude and certainly not multiple orders of magnitude.  


This is the chart I use. I somewhat misremembered the
"several" part as it's dependent on key size, but verifying
is significantly faster than signing. The 512 bit length --
possible an interesting one for this use -- is close to an
order of magnitude, though it's hard to say as the verify is
listed as zero which indicates rounding issues.


The Sendmail
benchmark above shows nearly identical results for signing and validating,
which supports my recollection.  That data suggests that the test dual-CPU
machine was capable of either creating or verifying on the order of 500 RSA
signatures/second (I didn't find the key length used), if it was doing
nothing else.  I'd guess that same machine can do around 5 million SHA1
digests per second for short data blocks.  SHA1 HMAC's are a little slower,
but similar to SHA1 digests.


I've not done the tests myself, but at some input length the
SHA1 work will dominate the entire workload. The chart I
attached seems to indicate that you get about 75 RSA Sig/Ghz
(@1024 bits) which seems roughly in line with the sendmail
test assuming they used a dual 3Ghz system. For
verification, the speed is about 3000 RSA verifications/Ghz,
so for the same test bed that's chugging out 500 RSA/sec,
you can get 10000 RSA verifications/sec -- I'd call that a
huge difference, and almost certainly down in the noise,
especially in comparison to the workload of the SHA1
computation.


SpamAssassin is very slow, but you only run it on messages that pass
authentication and have adequate sender reputation.  Presumably we will be
rejecting a lot of mail due to either authentication failures or inadequate
reputation.  If not, that means either the spam problem is solved or we're
accepting all of it.


It would certainly be nice if we reduced much of the inbound
workload to a single RSA verify. That would be
*significantly* cheaper than the processing that's happening
now, especially if you could do it in memory before you
commit it to disk.

          Mike

Crypto++ 3.1 Benchmarks

Here are speed benchmarks for some of the most popular hash algorithms and symmetric and asymmetric ciphers. All were coded in C++ or ported to C++ from C implementations, compiled with Microsoft Visual C++ 6.0 SP2 (optimize for speed, Pentium Pro code generation), and ran on a Celeron 450MHz machine under Windows 2000 beta 3. No assembly language was used.

CipherTotal BytesTimeBytes/Second
MD2838860821.01399267
MD5214748364837.53457214356
SHA-153687091221.1225420024
HAVAL (pass=3)107374182426.59840369268
HAVAL (pass=4)107374182436.34329544668
HAVAL (pass=5)53687091222.53223827042
Tiger53687091234.02915776865
RIPE-MD16053687091222.23224148566
MDC/MD553687091234.7215462871
Luby-Rackoff/MD513421772827.654854167
DES26843545636.4127372170
IDEA13421772821.016388278
RC26710886422.6432963779
RC5 (r=12)53687091220.62926025058
Blowfish26843545629.7839013043
Diamond26710886422.2023022649
Diamond2 Lite13421772837.1443613443
3-WAY20132659220.5199811716
TEA13421772824.1155565736
SAFER (r=8)13421772825.4165280836
GOST13421772825.7275216999
SHARK (r=6)26843545620.98112794216
CAST-12826843545629.7629019403
Square53687091230.49417605788
RC653687091226.53820230270
MARS53687091232.16716690115
Rijndael26843545622.84311751322
Twofish26843545626.39810168780
Serpent26843545638.4456982324
ARC426843545620.49913095051
SEAL214748364835.16161075728
WAKE107374182424.90643111772
Sapphire26843545639.4266808590
MD5-MAC107374182421.49149962396
XMACC/MD5107374182421.61149684968
HMAC/MD5214748364837.88556684276
CBC-MAC/RC653687091229.14218422582
DMAC/RC653687091229.47218216304
BlumBlumShub 51252428820.24925892
BlumBlumShub 102426214424.41510737
BlumBlumShub 204813107234.273824
OperationIterationsTotal TimeMilliseconds/Operation
RSA 512 Encryption109491300
RSA 512 Decryption6886304
Rabin 512 Encryption17164301
Rabin 512 Decryption5128305
BlumGoldwasser 512 Encryption38882300
BlumGoldwasser 512 Decryption5667305
LUC 512 Encryption86813300
LUC 512 Decryption3411308
ElGamal 512 Encryption4257307
ElGamal 512 Encryption with precomputation7563303
ElGamal 512 Decryption8250303
RSA 1024 Encryption41051300
RSA 1024 Decryption10843027
Rabin 1024 Encryption7158304
Rabin 1024 Decryption9593031
BlumGoldwasser 1024 Encryption16913301
BlumGoldwasser 1024 Decryption10143029
LUC 1024 Encryption31013300
LUC 1024 Decryption5833051
ElGamal 1024 Encryption9503031
ElGamal 1024 Encryption with precomputation25823011
ElGamal 1024 Decryption18613016
LUCELG 512 Encryption19523015
LUCELG 512 Decryption3601308
RSA 2048 Encryption13912302
RSA 2048 Decryption16430.2183
Rabin 2048 Encryption26853011
Rabin 2048 Decryption15830.1190
BlumGoldwasser 2048 Encryption5626305
BlumGoldwasser 2048 Decryption16130.2187
LUC 2048 Encryption10278302
LUC 2048 Decryption9330.2324
ElGamal 2048 Encryption21030142
ElGamal 2048 Encryption with precomputation7113042
ElGamal 2048 Decryption4133072
LUCELG 1024 Encryption4313069
LUCELG 1024 Decryption8063037
RSA 512 Signature6919304
RSA 512 Verification113009300
Rabin 512 Signature4855306
Rabin 512 Verification16153301
RW 512 Signature5293305
RW 512 Verification375845300
LUC 512 Signature3392308
LUC 512 Verification89003300
NR 512 Signature8312303
NR 512 Signature with precomputation14585302
NR 512 Verification7190304
NR 512 Verification with precomputation8279303
DSA 512 Signature6318304
DSA 512 Signature with precomputation11306302
DSA 512 Verification5397305
DSA 512 Verification with precomputation6788304
RSA 1024 Signature10863027
RSA 1024 Verification43061300
Rabin 1024 Signature9503031
Rabin 1024 Verification7203304
RW 1024 Signature9703030
RW 1024 Verification187039300
LUC 1024 Signature5833051
LUC 1024 Verification31682300
NR 1024 Signature18923015
NR 1024 Signature with precomputation5131305
NR 1024 Verification16013018
NR 1024 Verification with precomputation3190309
DSA 1024 Signature19503015
DSA 1024 Signature with precomputation5211305
DSA 1024 Verification16523018
DSA 1024 Verification with precomputation3183309
LUCELG 512 Signature3887307
LUCELG 512 Verification19523015
RSA 2048 Signature16530181
RSA 2048 Verification14187302
Rabin 2048 Signature15430194
Rabin 2048 Verification27693010
RW 2048 Signature15630.1192
RW 2048 Verification69270300
LUC 2048 Signature9330.2324
LUC 2048 Verification10337302
NR 2048 Signature4153072
NR 2048 Signature with precomputation14163021
NR 2048 Verification3733080
NR 2048 Verification with precomputation8353035
LUCELG 1024 Signature8613034
LUCELG 1024 Verification42830.170
DH 512 Key-Pair Generation8588303
DH 512 Key-Pair Generation with precomputation15315301
DH 512 Agreement5832305
DH 1024 Key-Pair Generation19243015
DH 1024 Key-Pair Generation with precomputation5254305
DH 1024 Agreement15123019
DH 2048 Key-Pair Generation4213071
DH 2048 Key-Pair Generation with precomputation14383020
DH 2048 Agreement36430.182
MQV 512 Key-Pair Generation8591303
MQV 512 Key-Pair Generation with precomputation14891302
MQV 512 Key Agreement4600306
MQV 1024 Key-Pair Generation19183015
MQV 1024 Key-Pair Generation with precomputation5233305
MQV 1024 Key Agreement104230.128
MQV 2048 Key-Pair Generation42230.171
MQV 2048 Key-Pair Generation with precomputation14343020
MQV 2048 Key Agreement23830.2127
EC over GF(p) 168 Encryption9413031
EC over GF(p) 168 Encryption with precomputation20833014
EC over GF(p) 168 Decryption18763015
EC over GF(p) 168 NR Signature18763015
EC over GF(p) 168 NR Signature with precomputation4120307
EC over GF(p) 168 NR Verification10943027
EC over GF(p) 168 NR Verification with precomputation24613012
EC over GF(p) 168 DHC Key-Pair Generation18813015
EC over GF(p) 168 DHC Key-Pair Generation with precomputation4150307
EC over GF(p) 168 DHC Agreement18803015
EC over GF(p) 168 MQVC Key-Pair Generation18803015
EC over GF(p) 168 MQVC Key-Pair Generation with precomputation4150307
EC over GF(p) 168 MQVC Key Agreement10483028
EC over GF(2^n) 155 Encryption7673039
EC over GF(2^n) 155 Encryption with precomputation22793013
EC over GF(2^n) 155 Decryption15063019
EC over GF(2^n) 155 Signature14913020
EC over GF(2^n) 155 Signature with precomputation4516306
EC over GF(2^n) 155 Verification12243024
EC over GF(2^n) 155 Verification with precomputation26363011
EC over GF(2^n) 155 DHC Key-Pair Generation15363019
EC over GF(2^n) 155 DHC Key-Pair Generation with precomputation4556306
EC over GF(2^n) 155 DHC Agreement15303019
EC over GF(2^n) 155 MQVC Key-Pair Generation15333019
EC over GF(2^n) 155 MQVC Key-Pair Generation with precomputation4570306
EC over GF(2^n) 155 MQVC Key Agreement12023024

Notes

Written by: Wei Dai <weidai(_at_)eskimo(_dot_)com> Last modified: 4/30/1999
--------------FF915ABC7C118129709836DE--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why we really don't require requirements, John R Levine
Next by Date:  Re: semantics of the signature, Jim Fenton
Previous by Thread:  RE: charter constraints list, Seth Goodman
Next by Thread:  RE: charter constraints list, Seth Goodman
Indexes:  [Date] [Thread] [Top] [All Lists]