[Botan-announce] Botan 1.5.3; major RSA/DSA/DH performance increase

Jack Lloyd lloyd at randombit.net
Tue Jan 24 13:21:50 EST 2006

[CC'ing -devel; this is an important release and I would like it to be as
widely tested as possible]

I've released Botan 1.5.3. Major changes:

 - Many optimizations to the RSA/DSA/DH code (on Linux/amd64, RSA in 1.5.3 is 3
   to 10 times faster than the RSA in 1.4.x), and added hooks for assembly
   implementations. Luca Piccarreta provided a lot of help and many great
   suggestions, as well as writing a whole pile of optimised i686 and SSE2
   assembly for BigInt, which will be going into the next release.

 - Matt Johnston found (and fixed) a bug in the decompression filters which
   caused decompression to fail on some inputs.

 - Luca Piccarreta also submitted a mutex module that uses Win32 critical

 - I broke the mp_asm64 module in 1.5.2; now fixed

 - Added support for generating the issuer alternative name extension in
   certificates (off by default). Botan has always been able to read this
   extension from existing certs, but up until now could not create a new cert
   with it.

 - Turns out that if you disabled the generation of any X.509 extension (ie,
   set "x509/exts/<extname>" to "no"), certificate creation would fail
   miserably (or even, potentially, produce an invalid certificate
   extension). The default was (up to now) that all were enabled, so this
   wasn't caught until I decided to make the issuer alt name off by default (I
   guess nobody else ever tried tweaking that stuff, either, since I never got
   a report about it failing).

Plus various minor bug fixes and whatnot. I would encourage users to try out
this release (at least to the extent of compiling it on your major build
targets and making sure a build and test suite cycle runs cleanly). Right now I
have tested on Linux/x86, Linux/amd64, and Linux/ppc64 with recent GCC (3.3+),
and that's it. Reports on how this release compares to 1.4.x performance-wise
with various platforms/compilers would be very interesting as well,
particularly for MSVC 2003/2005.


Benchmarks (this is the same machine as http://www.randombit.net/bmarks.html,
which makes comparison easy):

RSA-512: 13248.50 ops / second (public operation)
RSA-512: 1353.00 ops / second (private operation)
RSA-1024: 7849.50 ops / second (public operation)
RSA-1024: 403.50 ops / second (private operation)
RSA-1536: 4723.60 ops / second (public operation)
RSA-1536: 173.40 ops / second (private operation)
RSA-2048: 3311.90 ops / second (public operation)
RSA-2048: 92.20 ops / second (private operation)
RSA-3072: 1735.10 ops / second (public operation)
RSA-3072: 33.33 ops / second (private operation)
RSA-4096: 1095.60 ops / second (public operation)
RSA-4096: 16.55 ops / second (private operation)

DSA-512: 471.00 ops / second (public operation)
DSA-512: 505.20 ops / second (private operation)
DSA-768: 387.80 ops / second (public operation)
DSA-768: 446.30 ops / second (private operation)
DSA-1024: 302.60 ops / second (public operation)
DSA-1024: 382.10 ops / second (private operation)

DH-768: 1421.10 ops / second (key agreement)
DH-1024: 909.40 ops / second (key agreement)
DH-1536: 431.10 ops / second (key agreement)
DH-2048: 247.00 ops / second (key agreement)
DH-3072: 105.70 ops / second (key agreement)
DH-4096: 60.84 ops / second (key agreement)

More information about the botan-announce mailing list