[botan-devel] Performance 1.8.12 vs 1.10.0

Rickard Bellgrim rickardb at certezza.net
Thu Jun 30 17:29:04 EDT 2011

> PK_Signer, by default, will test the signature to make sure it is valid, in order
> to help prevent fault attacks. However, in 1.8 RSA already did this (because
> RSA is very vulnerable to this problem, as a single error in a CRT-based RSA
> signature lets someone easily factor the modulus), and anyway the public
> RSA operation is very fast, so doesn't seem to explain a 3x slowdown.
> However, you can eliminate this as a possibility by passing
> DISABLE_FAULT_PROTECTION in the 4th argument to the PK_Signer
> constructor, which is:
> If I'm right, I would expect a single-element cache would help out
> significantly in this case (and would also help for 1.8, since there was plenty
> of precomputation going on there as well). Let me know if this helps or not.
> I'll try to find time to take a look at this more during this coming weekend.

Got around 3 sig/s better results with the single-element cache. Both for 1.8 and 1.10.

2 threads, 10000 signatures per thread, 281.76 sig/s (RSA 1024 bits)
2 threads, 10000 signatures per thread, 92.76 sig/s (RSA 1024 bits)

The DISABLE_FAULT_PROTECTION gave another 14 sig/s for 1.10.

2 threads, 10000 signatures per thread, 106.71 sig/s (RSA 1024 bits)

// Rickard

More information about the botan-devel mailing list