Re: [IPsec] DH keys calculation performance
Yoav Nir <ynir@checkpoint.com> Tue, 26 July 2011 10:40 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D598521F86DC for <ipsec@ietfa.amsl.com>; Tue, 26 Jul 2011 03:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.47
X-Spam-Level:
X-Spam-Status: No, score=-10.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3voRSKS6wNZp for <ipsec@ietfa.amsl.com>; Tue, 26 Jul 2011 03:40:30 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 93FAC21F86C4 for <ipsec@ietf.org>; Tue, 26 Jul 2011 03:40:28 -0700 (PDT)
X-CheckPoint: {4E2EA730-9-1B221DC2-FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id p6QAeMwb011282; Tue, 26 Jul 2011 13:40:22 +0300
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Tue, 26 Jul 2011 13:40:22 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: "Prashant Batra (prbatra)" <prbatra@cisco.com>
Date: Tue, 26 Jul 2011 13:40:19 +0300
Thread-Topic: [IPsec] DH keys calculation performance
Thread-Index: AcxLgGtt7Mr1sXbTTLCdSZY1cCxZ2A==
Message-ID: <90AEF529-7273-4695-BA31-4F221A4ACF45@checkpoint.com>
References: <20013.29623.491247.654466@fireball.kivinen.iki.fi> <B97B134FACB2024DB45F524AB0A7B7F203ED2B05@XMB-BGL-419.cisco.com>
In-Reply-To: <B97B134FACB2024DB45F524AB0A7B7F203ED2B05@XMB-BGL-419.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; boundary="Apple-Mail-7-509654174"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] DH keys calculation performance
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 10:40:30 -0000
On Jul 25, 2011, at 11:29 PM, Prashant Batra (prbatra) wrote: > Hello, > > The DH exchange (Calculation of Public/Private key and the Secret) in > IKEV2 Initial exchange > seems to be very expensive. This is slowing down the overall IKEv2 > tunnel establishment. > Is there a way to optimize it? Hi Prashant. I know of three ways to optimize the D-H exchange. First, note that each peer has to perform two operations: 1. Generate: create a random x and calculate X=2^x mod p 2. Derive: calculate the shared secret S=Y^x mod p The "Derive" operation has to be done during the exchange, but the "Generate" operation can be done long before the exchange. If your problem is degraded performance at some peak, you can pre-generate some values. This has a high cost in memory, but can be useful for dealing with peaks. Second, note that 2^73 mod p = ((2^64 mod p) * (2^8 mod p) * (2^1 mod p)) mod p If you're using a 2048-bit D-H group, you can pre-calculate 2^x mod p for 0<=x<=2048 and store these values. After that, both the generate and derive operations become simple multiplications of the resulting values. This has a fixed cost in memory, but can accelerate things. Third, you may want to look at the EC groups. The EC operations require less computation. Hope this helps Yoav
- [IPsec] New Version Notification for draft-kivine… Tero Kivinen
- [IPsec] DH keys calculation performance Prashant Batra (prbatra)
- Re: [IPsec] DH keys calculation performance Vishwas Manral
- Re: [IPsec] DH keys calculation performance Yoav Nir
- Re: [IPsec] DH keys calculation performance Yaron Sheffer
- Re: [IPsec] DH keys calculation performance Prashant Batra (prbatra)
- Re: [IPsec] DH keys calculation performance Dan Harkins
- Re: [IPsec] DH keys calculation performance Scott Fluhrer (sfluhrer)
- Re: [IPsec] DH keys calculation performance Yoav Nir
- Re: [IPsec] DH keys calculation performance Hugo Krawczyk
- Re: [IPsec] DH keys calculation performance Scott Fluhrer (sfluhrer)
- [IPsec] IPSec implementation query. Prashant Batra (prbatra)
- Re: [IPsec] DH keys calculation performance Naveen B N (nbn)
- Re: [IPsec] DH keys calculation performance Naveen B N (nbn)
- Re: [IPsec] DH keys calculation performance Scott Fluhrer (sfluhrer)
- Re: [IPsec] DH keys calculation performance Naveen B N (nbn)
- [IPsec] New method to resist replay attack in ike… ramaswamy
- Re: [IPsec] DH keys calculation performance Scott Fluhrer (sfluhrer)
- Re: [IPsec] DH keys calculation performance Naveen B N (nbn)
- Re: [IPsec] Perfect Forward secrecy Naveen B N (nbn)
- Re: [IPsec] Perfect Forward secrecy Yoav Nir
- Re: [IPsec] Perfect Forward secrecy Dan Harkins
- Re: [IPsec] Tokes = Session key + lifetime Naveen B N (nbn)
- Re: [IPsec] Perfect Forward secrecy Stephen Kent
- Re: [IPsec] Avoid multiple authentication's Naveen B N (nbn)
- Re: [IPsec] Avoid multiple authentication's Yaron Sheffer
- Re: [IPsec] Avoid multiple authentication's Naveen B N (nbn)
- [IPsec] New method to resist replay attack in ike… Tero Kivinen
- Re: [IPsec] New method to resist replay attack in… ramaswamy
- Re: [IPsec] New method to resist replay attack in… Tero Kivinen
- Re: [IPsec] New method to resist replay attack in… ramaswamy
- Re: [IPsec] New method to resist replay attack in… ramaswamy
- Re: [IPsec] New method to resist replay attack in… ramaswamy