Open Bug 1355993 Opened 7 years ago Updated 2 years ago

ECDSA signature verification is too slow (P256)

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: keeler, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(3 files)

signatures.cpp
5.14 KB, text/plain
Details
Makefile
235 bytes, text/plain
Details
openssl_speed.txt
4.73 KB, text/plain
Details
Attached file signatures.cpp 
See bug 1353216, wherein we discovered that the EC signature verifications Firefox was doing as part of gathering certificate transparency telemetry noticeably slowed down the TLS handshake.

Long story short is that EC signature verifications are slower than it seems like they should be.

I'm attaching a short program that generates a key (ec or rsa), signs a hash, and then repeatedly verifies the signature to demonstrate the difference:

keeler@p710 ~/scratch/signatures $ time ./signatures --ec
generated key pair...
signed hash...
verified signature(s)

real	0m5.122s
user	0m5.113s
sys	0m0.002s
keeler@p710 ~/scratch/signatures $ time ./signatures --rsa
generated key pair...
signed hash...
verified signature(s)

real	0m1.743s
user	0m1.740s
sys	0m0.000s
Well, I'm not surprised that ECDSA is slower than RSA verification. That's probably something we can't change. But it should be faster nonetheless. Given that P256 is already the fastest curve (for DSA) we have we have to do something here. I'll try to make a plan.
Priority: -- → P2
Summary: ec signature verification is slow compared to rsa → ECDSA signature verification is too slow (P256)
QA Contact: jjones

Hello,
Is there any progress on this? I noticed that on amd64 OpenSSL ecdsap256 is roughly the same speed as rsa4096 and on a Raspberry pi 4 it's twice as fast.

Attached file openssl_speed.txt

Since the provided benchmark of NSS only counted total time, I changed it to measure time of the steps:

michel@debian:/dev/shm$ ./signatures --rsa
1016 microsec: started generating key pair...
963330 microsec: generated key pair...
14814 microsec: signed hash...
2186489 microsec: verified signature(s)
michel@debian:/dev/shm$ ./signatures --ec
1018 microsec: started generating key pair...
3089 microsec: generated key pair...
367 microsec: signed hash...
8204261 microsec: verified signature(s)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: