Re: [Cfrg] Validation performance Re: new curves vs. algorithms

Michael Hamburg <mike@shiftleft.org> Tue, 25 March 2014 18:58 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8E951A0171 for <cfrg@ietfa.amsl.com>; Tue, 25 Mar 2014 11:58:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.557
X-Spam-Level: *
X-Spam-Status: No, score=1.557 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzzOTIzPgpSk for <cfrg@ietfa.amsl.com>; Tue, 25 Mar 2014 11:58:05 -0700 (PDT)
Received: from aspartame.shiftleft.org (199-116-74-157-v301.PUBLIC.monkeybrains.net [199.116.74.157]) by ietfa.amsl.com (Postfix) with ESMTP id A4F921A016F for <Cfrg@irtf.org>; Tue, 25 Mar 2014 11:58:05 -0700 (PDT)
Received: from [10.184.148.249] (w035.z205158021.lax-ca.dsl.cnc.net [205.158.21.35]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id EC8153AA28; Tue, 25 Mar 2014 11:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1395773773; bh=teCB9nVMfJpESoPUDg/RL6Uog0ePCq9TWtWgx1sKrH0=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=QIWIZ0kysCsIzBsR69MVuZ4f2yH1CWUk9TIBgeHujMI2SrPF9c7+MlsudzqCHm9Lx Bf9PkUL/12x4KVmVV6AGWO9kgM8m2zTwV90L1rdv7Ey9LgrFs6DU97NrOrPjls2ghA 6ER7wcZMJC995rptCkqzG08LSkHGT6sV8qN7q3m4=
Content-Type: multipart/alternative; boundary="Apple-Mail=_F2CD8CE1-7374-4F86-8CB8-A8EE51C9A714"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <25028B84-1627-4DB1-999A-22C994FC823A@ogud.com>
Date: Tue, 25 Mar 2014 11:58:02 -0700
Message-Id: <51CD5EAD-2948-4AD7-8D05-94310EA0DE37@shiftleft.org>
References: <52D928A1.6070201@cs.tcd.ie> <3851D33B-3201-498C-84E1-AAD2FAA0418A@ogud.com> <29B8E8B0-AB73-4705-B623-20EDD6B63FA6@shiftleft.org> <6B774F8B-A3FF-4DAF-BA9E-FB313E8E6D62@ogud.com> <76BCE1CF-3E3F-445B-8C73-4BD7240D2DA9@shiftleft.org> <25028B84-1627-4DB1-999A-22C994FC823A@ogud.com>
To: Olafur Gudmundsson <ogud@ogud.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/MLKWVA_KM3GEC6QoRsJWrTjPKLE
Cc: Cfrg@irtf.org
Subject: Re: [Cfrg] Validation performance Re: new curves vs. algorithms
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Mar 2014 18:58:06 -0000

On Mar 25, 2014, at 8:06 AM, Olafur Gudmundsson <ogud@ogud.com> wrote:
> When I read this I translated it to "By having fewer curves opportunities for faster verification increase" 
> which is another argument for my tirade on dnsop mailing list against adding 3 brain pool curves to DNSSEC
> algorithm list. 

It might be hard to hold that line while asking for Curve25519 support, but good luck.

> What I meant if the compression/ease-of-use format adds few bytes (like <= 8) then it might be worth it
> once the keys become RSA size i.e. over 1024 bits then it is not worth it . 

Public keys are 32 bytes and signatures are 64 bytes.  Adding 32 bytes to the public key either saves ~5-10% for decompression, or adds ~5-10% for a second decompression but saves some amount afterwards.  Adding <= 8 bytes does nothing.  Adding 32 bytes to the signature saves a decompression if you’re batching, but if you aren’t batching it may save less than that.  Altogether, probably not worth it.

> Thanks for the link that is lots of info, it is going to take a while for me to digest that. 
> 
> 	Olafur

You’re welcome,
— Mike