Re: [Ace] on signature verification times for sec192r1

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 25 July 2016 17:16 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 384E312D935 for <ace@ietfa.amsl.com>; Mon, 25 Jul 2016 10:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.888
X-Spam-Level:
X-Spam-Status: No, score=-2.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhDa_3j3sU5v for <ace@ietfa.amsl.com>; Mon, 25 Jul 2016 10:16:57 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4B2F12D933 for <ace@ietf.org>; Mon, 25 Jul 2016 10:16:56 -0700 (PDT)
Received: from [192.168.10.131] ([195.149.223.151]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MOfx8-1bLhtE1AGM-0069JY; Mon, 25 Jul 2016 19:16:50 +0200
To: Pascal Urien <pascal.urien@gmail.com>, Somaraju Abhinav <abhinav.somaraju@tridonic.com>
References: <CAEQGKXRxLKGROW9MdJEzkXsS9f4NVFqqh12c+t4qaK5bDYhuaw@mail.gmail.com> <d107de0f-2134-5b80-c9e2-ddb5e5e79788@comcast.net> <CAEQGKXQgp4AzCJFuBqezhZ0SmHG3QdgmH353LWisx-5WGmifpA@mail.gmail.com> <HE1PR0601MB220388A00B3F75D2A755002AFC0D0@HE1PR0601MB2203.eurprd06.prod.outlook.com> <CAEQGKXSSbyb+58FPpFFkJCD2Vix-icHpO9vXSbpPWJYpL5CyLA@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <57964980.5000203@gmx.net>
Date: Mon, 25 Jul 2016 19:16:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <CAEQGKXSSbyb+58FPpFFkJCD2Vix-icHpO9vXSbpPWJYpL5CyLA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="7RtkrvB1PC8C2UbO2FIO1LLwTa9bnlm1a"
X-Provags-ID: V03:K0:tEdbj3v732yT3yvtcBj/DnkQsmpmiigASJcNNku7zXwNS3fazX2 VrEAvqZS+jKYCvmb7ULlV4UPlEZcvxBJgp4vtwJXyAjVRMa7WX+V7Tg7C6RD7dlVW/fGupf Rewf/3rjsLJFDS8vzPVOkx99xfkoK9n2geuv8g2szFaSQrFUF6JhnfFxcdHhmIXoU8HdkON Pxm6NBHdDIUfO5nq0RV8A==
X-UI-Out-Filterresults: notjunk:1;V01:K0:0YbUsTURYB8=:WraXbdpY174wBfGEZP0W81 FpvoDeceYzCVgSjJTN+09b6/t7Sserjqxem+ZB7Ze+LnXVZvXMXcNnUQJLJ0ZOrrUBbboUASv 3raHg9iJzUV2NqRt+HWLBfxHbO9eK+X/y3m5FYKthaL9480wkfR4HG8ZLP8Sc5p2zp422JN1V ejFW0eAn0imlXZDcCiNKtx8VFYO3qqqaLcaLAdCtD9PM75/2lktCD14UTSgWm3cJI8aX4bzB2 BIyDE44ktH4s6TWjP+M5B/V8j1SjDJ66MTxmmKxMVt2lrkYCLRAdMLwkj7XMKKBawK7eTNioi 5nIwj5xxt+nrPS8mR2IcpBRiO4qGJ4cupaB0rRJiRsLoYDxU5psUqrEHSdC2r9zc9MtFah3yM XwW6gIpGOV5TbsOUkDhPiBMmBsryJ2Rxmb5CxBUsgspQWdzVyXFhS2XNpoKUdA6JO9ErgKpVP XHpQrwjjiMiEBXS854XNeLFkVZPuyiWOissoRCCKuP0qFh8yIC6UkXzXNCg2gendOzJ/hj9Qi LcEt4ziRCwy0JYiWUloVp1QtELfzTG7p0X9WwTZdpCiH+bsxQS1CNdAVtJBMRoV7+ngnBRhrI z3jxw9a60AYc/NWDTY6tcJBfO58hb6fBCGZCbfHRqPXI8P/ELDY7PCL0v+eREz98rC8Bwqb75 QveVz9k6fxzWvfZ/MiErGA0qGCdjDnYTsrkPyQniQwVhpu1j/OnjZ3CDX4O/kGfSjPdnJKqJ5 L6IuJBZl28DJEz9ah0f6gEB3YmwE1nV4sEQlEH63x4ypEifAKDzhh9vPwHk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/axOjhRD_y_jRSjH4HcBQDD1429s>
Cc: Michael StJohns <mstjohns@comcast.net>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] on signature verification times for sec192r1
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 17:16:59 -0000

Hi Pascal,

I guess you are saying that the performance of the verify operation is
60ms + the hash needed over the actual message (which is 3.5 msec for a
64 byte block).

In another paper I have seen that some hardware crypto chips have a
fairly slow interface and that has to be taken into account as well. Is
this an issue with this smart card? What is your experience there?

Ciao
Hannes

On 07/25/2016 12:28 PM, Pascal Urien wrote:
> Hi Abhinav
> 
> The extra time (2ms/bloc)  comes from the hash procedure (sha1 in the
> example) that works with 64 bytes blocs
> 
> Rgs
> 
> Pascal
> 
> 2016-07-25 12:04 GMT+02:00 Somaraju Abhinav
> <abhinav.somaraju@tridonic.com <mailto:abhinav.somaraju@tridonic.com>>:
> 
>     Hi Pascal,____
> 
>     __ __
> 
>     Thanks for the information. Could you please explain what is
>     nb_bloc_512bits?____
> 
>     __ __
> 
>     Regards,____
> 
>     Abhinav____
> 
>     __ __
> 
>     *From:*Ace [mailto:ace-bounces@ietf.org
>     <mailto:ace-bounces@ietf.org>] *On Behalf Of *Pascal Urien
>     *Sent:* Sonntag, 24. Juli 2016 11:51
>     *To:* Michael StJohns <mstjohns@comcast.net
>     <mailto:mstjohns@comcast.net>>
>     *Cc:* ace@ietf.org <mailto:ace@ietf.org>
>     *Subject:* Re: [Ace] on signature verification times for sec192r1____
> 
>     __ __
> 
>     I fully agree...____
> 
>     __ __
> 
>     J3A081M  can be found at 10$ over the WEB____
> 
>     __ __
> 
>     Futhermore this class of cheap device can process TLS or DTLS as
>     illustrated in____
> 
>     __ __
> 
>     https://tools.ietf.org/html/draft-urien-uta-tls-dtls-security-module-00____
> 
>     __ __
> 
>     They could be used for numerous applications in the IoT____
> 
>     __ __
> 
>     Rgs____
> 
>     __ __
> 
>     Pascal____
> 
>     __ __
> 
>     __ __
> 
>     2016-07-23 23:59 GMT+02:00 Michael StJohns <mstjohns@comcast.net
>     <mailto:mstjohns@comcast.net>>:____
> 
>         On 7/23/2016 11:10 AM, Pascal Urien wrote:____
> 
>             Hi All____
> 
>             __ __
> 
>             J3A081M is a javacard device from NXP____
> 
>             __ __
> 
>             The micocontroller should be the P5CD081V1A, which comprises
>             a crypto processor____
> 
> 
>         There's a number of these from a number of vendors.  I'd
>         actually look at the A7xxx series of chips as they're designed
>         to be embeddable.  I've become a big fan of javacard style
>         solutions over the years.
> 
>         In any event, the number of relatively inexpensive public key
>         crypto accelerator chips (e.g. googl for "secure authentication
>         chips") is greater than zero and continues to climb.  And for
>         not a lot of money.  Estimating what from prices on Digikey, I'd
>         think something less than $.50 for Quantity large as of today
>         and half that or less in 1-2 years as its gets bundled into the
>         "Swiss Army Knife" style of process (e.g. support for wireless
>         900mhz plus ... plus ... plus ... plus security...) (google for
>         iot module secure element 900mhz for example).
> 
>         Later, Mike
> 
> 
> 
> 
>         ____
> 
>             __ __
> 
>             The performances with the curve secp192r1 are the following
>             (for ECDSA + SHA1)____
> 
>             __ __
> 
>             Sign    = 40ms +  nb_bloc_512bits x 3.5 ms____
> 
>             Verify  = 60ms  + nb_bloc_512bits x 3,5 ms____
> 
>             __ __
> 
>             __ __
> 
>             By the way this chip has enough crypto ressouces for
>             processing TLS or DTLS____
> 
>             __ __
> 
>             Rgs____
> 
>             __ __
> 
>             Pascal____
> 
>             __ __
> 
>             ___________________________________________________
> 
>             Ace mailing list____
> 
>             Ace@ietf.org <mailto:Ace@ietf.org>____
> 
>             https://www.ietf.org/mailman/listinfo/ace____
> 
>         __ __
> 
> 
>         _______________________________________________
>         Ace mailing list
>         Ace@ietf.org <mailto:Ace@ietf.org>
>         https://www.ietf.org/mailman/listinfo/ace____
> 
>     __ __
> 
>     ________________________________________________________ The
>     contents of this e-mail and any attachments are confidential to the
>     intended recipient. They may not be disclosed to or used by or
>     copied in any way by anyone other than the intended recipient. If
>     this e-mail is received in error, please immediately notify the
>     sender and delete the e-mail and attached documents. Please note
>     that neither the sender nor the sender's company accept any
>     responsibility for viruses and it is your responsibility to scan or
>     otherwise check this e-mail and any attachments.
> 
> 
> 
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>