Elliptic curves in tinc
Guus Sliepen
guus at tinc-vpn.org
Sun Sep 15 23:19:12 CEST 2013
On Sat, Sep 14, 2013 at 10:25:31AM +0200, Guus Sliepen wrote:
> There are also other groups which have found and defined elliptic curves, such
> as ECC Brainpool, which has defined a 512 bit curve. I have not tried out this
> curve myself, and I don't know how well their curves have been scrutinized by
> the cryptographic community.
I have created a utility called "sptps_speed" which tests the speed of various
ECC operations, the number of SPTPS connections you can create per second, and
the throughput of data on SPTPS connections. It is now part of the 1.1 branch
in git. At the moment it only works on Linux though (due to the use of some
less portable time functions).
I also created a branch called 1.1-brainpool, which uses the 512 bit Brainpool
curve instead of the 521 bit NIST curve. I ran the benchmark using both curves,
and operations using the Brainpool curve are a factor 5 slower. I found out
that the main reason they are slower is that OpenSSL, when compiled with the
right options, contains optimized routines for the NIST curves, for those
CPUs which support efficient 128 bit arithmetic operations. These routines
were not enabled in Debian wheezy (nor in earlier releases, I presume), and
running sptps_speed with the unoptimized routines will show that the NIST curve
operations are slightly slower than the Brianpool curve (which is likely just
because the NIST curve is slightly bigger).
The results from 4 different machines, using OpenSSL 1.0e with the
ec_nistp_64_gcc_128 option enabled:
Intel Atom 330, 1.6 GHz secp521r1 brainpoolp512r1
-------------------------------------------------------------------
Generating keys for 10 seconds: 358.05 op/s 79.35 op/s
ECDSA sign for 10 seconds: 283.61 op/s 75.50 op/s
ECDSA verify for 10 seconds: 117.49 op/s 64.75 op/s
ECDH for 10 seconds: 90.83 op/s 37.32 op/s
SPTPS authenticate for 10 seconds: 43.05 op/s 17.99 op/s
SPTPS transmit for 10 seconds: 79.72 Mbit/s 80.49 Mbit/s
AMD Phenom II X4 965, 3.4 GHz
-----------------------------
Generating keys for 10 seconds: 3372.31 op/s 620.81 op/s
ECDSA sign for 10 seconds: 2528.65 op/s 572.68 op/s
ECDSA verify for 10 seconds: 1156.60 op/s 496.38 op/s
ECDH for 10 seconds: 917.37 op/s 287.61 op/s
SPTPS authenticate for 10 seconds: 419.87 op/s 137.65 op/s
SPTPS transmit for 10 seconds: 336.96 Mbit/s 336.74 Mbit/s
Intel Core i3-3220T, 2.8 GHz
----------------------------
Generating keys for 10 seconds: 3475.43 op/s 603.47 op/s
ECDSA sign for 10 seconds: 2496.11 op/s 545.96 op/s
ECDSA verify for 10 seconds: 1178.88 op/s 481.76 op/s
ECDH for 10 seconds: 959.02 op/s 277.01 op/s
SPTPS authenticate for 10 seconds: 427.49 op/s 132.20 op/s
SPTPS transmit for 10 seconds: 543.64 Mbit/s 540.05 Mbit/s
Intel Core i7-3960X, 3.3 GHz
----------------------------
Generating keys for 10 seconds: 4151.82 op/s 738.11 op/s
ECDSA sign for 10 seconds: 3034.75 op/s 677.21 op/s
ECDSA verify for 10 seconds: 1418.88 op/s 584.20 op/s
ECDH for 10 seconds: 1157.84 op/s 328.61 op/s
SPTPS authenticate for 10 seconds: 517.64 op/s 160.81 op/s
SPTPS transmit for 10 seconds: 787.99 Mbit/s 783.57 Mbit/s
So, I extrapolate from the results of "openssl speed" that people sent in, that
using the Brainpool curve:
GuruPlug: ARM9E, 1.2 GHz: 5 authentications/s
Asus RT-N16: MIPS 74K, 480 MHz: 3 authentications/s
AMD Athlon, 667 MHz: 9 authentications/s
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20130915/22a9cd50/attachment.sig>
More information about the tinc-devel
mailing list