Re: [IPsec] DH keys calculation performance

[Yaron Sheffer <yaronf.ietf@gmail.com>]

You might want to review http://tools.ietf.org/html/rfc5996#section-2.12" rel="nofollow">http://tools.ietf.org/html/rfc5996#section-2.12.

Also, session resumption (http://tools.ietf.org/html/rfc5723" rel="nofollow">http://tools.ietf.org/html/rfc5723) reduces the computational costs of renewing an IKE SA when a client needs to reconnect to a gateway a second time after some failure.

Thanks,
    Yaron

On 07/26/2011 01:40 PM, Yoav Nir wrote:

On Jul 25, 2011, at 11:29 PM, Prashant Batra (prbatra) wrote:

Hello,

The DH exchange (Calculation of Public/Private key and the Secret) in
IKEV2 Initial exchange 
seems to be very expensive. This is slowing down the overall IKEv2
tunnel establishment.
Is there a way to optimize it?

Hi Prashant.

I know of three ways to optimize the D-H exchange.

First, note that each peer has to perform two operations: 
 1. Generate: create a random x and calculate X=2^x mod p
 2. Derive: calculate the shared secret S=Y^x mod p
The "Derive" operation has to be done during the exchange, but the "Generate" operation can be done long before the exchange. If your problem is degraded performance at some peak, you can pre-generate some values. This has a high cost in memory, but can be useful for dealing with peaks.

Second, note that 2^73 mod p = ((2^64 mod p) * (2^8 mod p) * (2^1 mod p)) mod p
If you're using a 2048-bit D-H group, you can pre-calculate 2^x mod p for 0<=x<=2048 and store these values. After that, both the generate and derive operations become simple multiplications of the resulting values. This has a fixed cost in memory, but can accelerate things.

Third, you may want to look at the EC groups. The EC operations require less computation.

Hope this helps

Yoav

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec" rel="nofollow">https://www.ietf.org/mailman/listinfo/ipsec