Re: [openpgp] SHA-x performance
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 12 August 2015 14:13 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CEE41A88ED for <openpgp@ietfa.amsl.com>; Wed, 12 Aug 2015 07:13:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xm800ra6YXa for <openpgp@ietfa.amsl.com>; Wed, 12 Aug 2015 07:13:04 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40BF51A88A0 for <openpgp@ietf.org>; Wed, 12 Aug 2015 07:13:04 -0700 (PDT)
Received: by lbbtg9 with SMTP id tg9so10312376lbb.1 for <openpgp@ietf.org>; Wed, 12 Aug 2015 07:13:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=h2plnMzmEP9tVf/XTW+0Qu4YIBxEgnFs+TlXmrmtQrA=; b=TEDVbAoTYPsUSZ0DaD9M16FZgNzxNNK5diumpPSM1pDJkdhBsRdZrLTs5I3rgf4kDt 3mcLukOOMsoPnEgcji5QjDaO/O/tl7SGA1wf2PwNnPPWAlO3eT/1l/NZsksicb1PcAJb Doz7Z9VuuZoc+94FkUPSVRlypOj7T1lHmTgZdaaL5QluDmXK4obeqXcbd+k+bCW1GzNp 8+EQTdyabaNc4Fl9105omDNIifGrjKhU9rnPjaOYYPB3o9zNOo8+VJ1FZi+bI1DFnb+d 0alJoFfnyaWX5UxjR7V7N0Yk/5RKiixHaf4hloG2SNAfbNocES1SeOsHfzOvSuweggsc uNWA==
MIME-Version: 1.0
X-Received: by 10.112.65.35 with SMTP id u3mr32060800lbs.103.1439388782748; Wed, 12 Aug 2015 07:13:02 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Wed, 12 Aug 2015 07:13:02 -0700 (PDT)
In-Reply-To: <55CB48EB.5090403@iang.org>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org> <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz> <87io8lpzu4.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4AD7F8E@uxcn10-5.UoA.auckland.ac.nz> <87mvxxenss.fsf_-_@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4AD8086@uxcn10-5.UoA.auckland.ac.nz> <878u9hefcs.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4AD85CC@uxcn10-5.UoA.auckland.ac.nz> <55CB48EB.5090403@iang.org>
Date: Wed, 12 Aug 2015 10:13:02 -0400
X-Google-Sender-Auth: jj4khvVlnW5ID7Uhye0K0Qlt59E
Message-ID: <CAMm+LwicXPwCdysXLyHHCmjvpCzS-jvjFFjVr+MVdijHd50NYQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: ianG <iang@iang.org>
Content-Type: multipart/alternative; boundary="001a1134a09616ea11051d1dd1ac"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Yr11Jg__KD3wfPioa36e5AFeTGI>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] SHA-x performance
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 14:13:06 -0000
On Wed, Aug 12, 2015 at 9:23 AM, ianG <iang@iang.org> wrote: > On 12/08/2015 03:08 am, Peter Gutmann wrote: > >> Werner Koch <wk@gnupg.org> writes: >> >> Do you have a suggestion on what CPUs from low to high end to do >>> benchmarks >>> so to check which SHA variant is suitable? >>> >> >> It'd be a longish list :-). I'm also not sure how easy it'll be to get at >> them, this is all embedded-systems stuff so you can't just SSH into a box >> and >> run the tests. In any case the most common is ARM Cortex M (and a few >> R), so >> any Cortex M3 (the example I gave was an STM32 at 180MHz which admittedly >> is >> the top end of the range, 100 or 80 Mhz would be another benchmark level, >> but >> then they're all ARMv7-M so you can extrapolate from one clock speed to >> another), then for PowerPC something like an MPC560x at 80 MHz (very >> common in >> industrial and automotive), a PIC32MX (MIPS32) at 60 MHz, and then for >> exotica >> maybe a NIOS II or MicroBlaze at 100 Mhz. You don't really need to do >> dozens >> of variants since things mostly scale directly with clock speed, and in >> any >> case those are reasonably representative clocks, at least for the faster >> devices >> where power-saving isn't an issue. >> > > > To what extent are we accepting the embedded market as "our market" ? > > Is this something that already exists in the sense that a lot of them are > already doing OpenPGP signing for some purpose? Is the process things like > signed updates, or are people using OpenPGP to encrypt and/or sign requests > to the devices? > > Or, are we making a stab at the future: "IoT will need security systems, > and OpenPGP will be used to supply that, so we'd better make sure it fits > on the rough template of devices." > > To give a ludicrous counter-example, we could also optimise the future > hash for smartcards. That's another big market, why not? I'd say this > doesn't work mostly because the smartcard or tokens market is mostly > closed, and systems are typically constructed to be tightly bound to the > end-user application; generic systems such as OpenPGP would find it hard. > > Where do we draw the line? Are embedded / IoT inside? If we are picking algorithm suites then we should look at the cases where the choice might matter rather than when it does not. IOT looks set to create a demand for an absolutely minimal cryptographic suite. One signature algorithm, one exchange algorithm, both on the same curve, one authenticated encryption mode, one digest/pseudorandom function. That suite is going to be the one that finds its way into hardware accelerators and those are in turn the sort of things that are going to be found as standard cell and on smartcards and such. So looking at a five year horizon, that is the set that is interesting.
- [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Stephen Farrell
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- [openpgp] Why or why not SHA{2,3}-512 (was: SHA3 … Werner Koch
- [openpgp] WWhy or why not SHA{2,3}-512 (was: SHA3… Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- [openpgp] SHA-x performance (was: SHA3 algorithm … Werner Koch
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Daniel Kahn Gillmor
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Peter Gutmann
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Dang, Quynh
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] Why or why not SHA{2, 3}-512 (was: … Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] Why or why not SHA{2, 3}-512 Werner Koch
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA-x performance Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Bill Frantz
- Re: [openpgp] SHA-x performance Hilarie Orman
- Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was:… Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance NIIBE Yutaka
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Andrey Jivsov
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Robert J. Hansen
- Re: [openpgp] SHA3 algorithm ids. Werner Koch