IETF Logo Mail Archive

Re: ECC in OpenPGP

Hironobu SUZUKI <hironobu@h2np.net> Tue, 31 August 2010 07:56 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o7V7u1ut038391 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 Aug 2010 00:56:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id o7V7u14f038390; Tue, 31 Aug 2010 00:56:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.h2np.net (sea.h2np.net [220.110.1.194]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o7V7txRd038385 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Tue, 31 Aug 2010 00:56:00 -0700 (MST) (envelope-from hironobu@mail.h2np.net)
Received: from lax.h2np.net ([220.110.1.195] helo=mail.h2np.net) by mail.h2np.net with esmtp (Exim 4.69) (envelope-from <hironobu@mail.h2np.net>) id 1OqLhG-0003ZY-3z; Tue, 31 Aug 2010 16:55:58 +0900
From: Hironobu SUZUKI <hironobu@h2np.net>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
cc: ietf-openpgp@imc.org
Subject: Re: ECC in OpenPGP
In-reply-to: <E1OqKPa-0001Pn-MP@wintermute02.cs.auckland.ac.nz>
References: <E1OqKPa-0001Pn-MP@wintermute02.cs.auckland.ac.nz>
Comments: In-reply-to Peter Gutmann <pgut001@cs.auckland.ac.nz> message dated "Tue, 31 Aug 2010 18:33:38 +1200."
X-Mailer: MH-E 8.0.3; nmh 1.3; GNU Emacs 22.2.1
Date: Tue, 31 Aug 2010 16:55:58 +0900
Message-ID: <26713.1283241358@mail.h2np.net>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> 
> Hironobu SUZUKI <hironobu@h2np.net> writes:
> 
> >I wrote some program for Ruby OpenSSL Sample.
> 
> Thanks for posting that.  Would it be possible to break them down a bit 
> further to show sign and verify times separately?  A big downside of DLP-based 
> PKCs is that verification is quite slow, which really bites you in a 
> sign-once, verify-many situation.
> 

You can run test your own computer.  This program for ECC/160,
RSA/DSA1024. h2np.net is my site.

 $ wget -O i.taz  'http://h2np.net/tips/wiki/index.php?plugin=attach&pcmd=open&file=sign_test.tar.gz&refer=RubyOpenSSLDigitalSignatureSample'
 $ tar zxvf i.taz
 $ cd sign_test
 $ for i in *.rb; do ruby  $i speed ; done
 DSA signature test ...OK
 Speed test start...Done
 Signing 0.297371 msec
 Verify  0.293092 msec
 S+V     0.590463 msec
 EC signature test ...OK
 Speed test start...Done
 Signing 0.401606 msec
 Verify  0.427266 msec
 S+V     0.828873 msec
 RSA signature test ...OK
 Speed test start...Done
 Signing 0.501700 msec
 Verify  0.028194 msec
 S+V     0.529893 msec

Speed depends on openssl library of your system. For example, RSA under
opensolaris + openssl-0.9.8h is slow because configuration of
openssl-0.9.8h can't handle sungcc well.  I don't know about last
openssl.

I agree about sign-once, verify-many situation. It's nice for Software
distrubution. But if user want to sign on their e-mail with RSA/4K, it
is too slow and users must be patient.

I think RSA/3K is acceptable for Desktop computer. Please see 'PI
Calculation Time Ranking' on my site.

  http://h2np.net/pi/pi_record_e.html

Desktop CPU has been faster and faster, implementation technique become
more sophisticate. I think RSA/3K is not faster but acceptable.

I'm wondering RSA/4K is 'practically' required within next ten years.

Regards,

---
Hironobu SUZUKI <hironobu at h2np dot net>
Tokyo, Japan.
http://h2np.net

v2.23.0 | Report a Bug | By Email