[botan-devel] Performance 1.8.12 vs 1.10.0

Jack Lloyd lloyd at randombit.net
Thu Jun 30 17:07:20 EDT 2011


Hi,

PK_Signer, by default, will test the signature to make sure it is
valid, in order to help prevent fault attacks. However, in 1.8 RSA
already did this (because RSA is very vulnerable to this problem, as a
single error in a CRT-based RSA signature lets someone easily factor
the modulus), and anyway the public RSA operation is very fast, so
doesn't seem to explain a 3x slowdown. However, you can eliminate this
as a possibility by passing DISABLE_FAULT_PROTECTION in the 4th
argument to the PK_Signer constructor, which is:

    PK_Signer(const Private_Key& key,
              const std::string& emsa,
              Signature_Format format = IEEE_1363,
              Fault_Protection prot = ENABLE_FAULT_PROTECTION);

Much more likely in my mind is that PK_Signer/RSA initialization is
likely to be slower than before. I don't have any firm data on this
one, but... in general I tend to optimize for many repeated
operations, since that is the common case (well, really, doing a very
small number of operations is probably the truly common case, but not
doing much at all isn't a case worth optimizing for). So my guess
would be that in various places I tweaked the amount of precomputation
that is done in a way that helps out when doing many computations, but
which just cases extra overhead in your situation. Ideally, the code
would dynamically self-adjust (called once, no precomputation, twice,
precomputate a little, 1000 times, precompute a lot... rather than
statically fixing precomputation sizes to values which probably aren't
optimal for anyone), but this isn't a project I've had time for yet.

If I'm right, I would expect a single-element cache would help out
significantly in this case (and would also help for 1.8, since there
was plenty of precomputation going on there as well). Let me know if
this helps or not. I'll try to find time to take a look at this more
during this coming weekend.

-Jack


On Thu, Jun 30, 2011 at 10:49:09PM +0200, Rickard Bellgrim wrote:
> Hi
> 
> I have compared the performance between 1.8.12 and 1.10.0. But the latest version is a little bit slow compared with the old one.
> 
> (Old computer, thus not so great performance overall)
> 
> Botan 1.8.12
> ods-hsmspeed -r SoftHSM1 -i 10000 -s 1024 -t 2
> 2 threads, 10000 signatures per thread, 278.40 sig/s (RSA 1024 bits)
> 
> Botan 1.10.0
> ods-hsmspeed -r SoftHSM1 -i 10000 -s 1024 -t 2
> 2 threads, 10000 signatures per thread, 89.06 sig/s (RSA 1024 bits)
> 
> I am using EMSA3(Raw). Is it the new interface for PK_Signer that slows it down or what could it be?



> 
> Perhaps I should try to cache the PK_Signer object between each signing. The user initialize each signing by giving a reference to a key and an algorithm.  If those match the cache, then re-use old object.
> 
> // Rickard
> 
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel



More information about the botan-devel mailing list