Re: [TLS] Twist security for brainpoolp256r1

Oleg Gryb <oleg_gryb@yahoo.com> Fri, 14 November 2014 22:46 UTC

Return-Path: <oleg_gryb@yahoo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF0061AD0D6 for <tls@ietfa.amsl.com>; Fri, 14 Nov 2014 14:46:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.406
X-Spam-Level:
X-Spam-Status: No, score=0.406 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R99ysoYNe4uq for <tls@ietfa.amsl.com>; Fri, 14 Nov 2014 14:46:33 -0800 (PST)
Received: from nm11-vm1.bullet.mail.bf1.yahoo.com (nm11-vm1.bullet.mail.bf1.yahoo.com [98.139.213.152]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D3771AD0BD for <tls@ietf.org>; Fri, 14 Nov 2014 14:46:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1416005190; bh=nxothzIyV5nOTDWcGNVAx6pSNig4hrvxMJzQkKVoGvo=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=EEjZ8eL8PjCLNZnigB0UqcVrrCdLaLzXHLG91iPL4fE7WxHCg+w/W88GKAS117hrtHkC99ry1z6FPdrIPQTlk3Ex48sBA5qH0Ht8jEFH49BWcUL9HP4LDJZGdFb1y1rxpnZaHhvXYT7779njy9ehPJIk/bTpUYiGHLD/pCpN+9rGQGcVCdwUeEt9odyHkmUUNzHf04zJKpSCZNYfKI5b3BdMpu3VhOa+QVDDMBoGQcF74098P7kPrkpA74bVh9vB3MRKVr0cweKkl7Ed+wFv15QvRvYxs4hj+BqSCj0D0FNJaSihHQCaPLqfqM9vWvT/K4LaVgysI8ygx2r1ZXDrXQ==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=GfZKWW7nt4x1xw+PPt0lqNM7NptIQYd5JkWc9OvzFBkH0DJipfwI9dCnZCQ/Ep3/1sApOvR4xjAtKbrfONomB3gm4+UDJIa6GkMAxglDYfUIX5HjuxETzkjHdzt5fi7JkyKWOECFsjSDrmylFBXG18TwS2TNoL+RhNw17ObP6UNwxA9RqfPGenFII9HOiMp7YseNc7BbK335sd3AZJlZR7OC0Z1ihREphEs8hILBCwSnIPzvnT9Vi+eWnKhFHodV2jGqrNyrNYJLRCPvZEHj5uiqQAeOmOP2RCWi5OKG0REsxocsG3qxoWopQME7btMgeKk6sD6KdA0QhaRP/GQ1+Q==;
Received: from [98.139.215.143] by nm11.bullet.mail.bf1.yahoo.com with NNFMP; 14 Nov 2014 22:46:30 -0000
Received: from [98.139.212.245] by tm14.bullet.mail.bf1.yahoo.com with NNFMP; 14 Nov 2014 22:46:30 -0000
Received: from [127.0.0.1] by omp1054.mail.bf1.yahoo.com with NNFMP; 14 Nov 2014 22:46:30 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 803359.72247.bm@omp1054.mail.bf1.yahoo.com
X-YMail-OSG: NFQ1Si4VM1nTSSjlQWVc0vBgwzFtxiTia7vlKg_U.pt6IlI77KX0tPluUkIAlWg WrW3lCBQE0zb8.FwIM4EQkaAtUJvEg55u7KGbx3J.mVDU2SdGB_ogLSGxKWzUppeqJ.6ONu6CBvI MC9ZZdl4U5GHLCO6LF6S.kQXZBhMUdeo.NXBQsXKex9chOZudKuSGlM3hefYOwq87fnJgQMnasHO aTFLPlWV2Z15gGCwtEC8HFHe3bg5YnN1oEWyKfAl0uqjU.bW7Y0rSgtwBXSMMqIUSlJ6Gzo_Yh3k L7JrUtd_x7khoPb2qfhK8nxNf_KEK5JrjgL1oVEXUjdYu2IZTn4tT_BnI2XAVP.IUs0R5VBxafXe GrMG3WvI2oBtdkP_1rvp41ocTjmAPgi.NgudYFVAhIJfe5ETJu3NQo7QNM8herWL_sE1sZhUafGs YBRT8qFqjSUOWUOVNPxy06qussrcbrrFooeedhsWG5qQ1S.Z3sn1C5e83Mm6_8H40If3L3Eg-
Received: by 66.196.80.150; Fri, 14 Nov 2014 22:46:30 +0000
Date: Fri, 14 Nov 2014 22:46:13 +0000 (UTC)
From: Oleg Gryb <oleg_gryb@yahoo.com>
To: =?UTF-8?Q?Manuel_P=C3=A9gouri=C3=A9-Gonnard?= <mpg@polarssl.org>, Oleg Gryb <oleg@gryb.info>, Johannes Merkle <johannes.merkle@secunet.com>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <2109273109.730596.1416005173738.JavaMail.yahoo@jws10656.mail.bf1.yahoo.com>
In-Reply-To: <54647819.3020802@polarssl.org>
References: <54647819.3020802@polarssl.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OS5VhQhug4a3MjyyBte_MEsXCcE
Subject: Re: [TLS] Twist security for brainpoolp256r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Oleg Gryb <oleg@gryb.info>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 22:46:34 -0000




----- Original Message -----
> From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
> To: Oleg Gryb <oleg@gryb.info>; Johannes Merkle <johannes.merkle@secunet.com>; "tls@ietf.org" <tls@ietf.org>
> Cc: 
> Sent: Thursday, November 13, 2014 1:21 AM
> Subject: Re: [TLS] Twist security for brainpoolp256r1
> 

> Openssl has a "speed" command that should be helpful. I'd expect a 
> difference
> higher than 30%.


I had to change 'speed.c' in openssl to add barinpoolp256r1 (by default it simply not there). The difference for both ecdsa (signature) and ecdh (diffie-hellman-merkle key exchange) is less than 5%, so P-256 'optimization' in openssl is definitely overrated. I think, I'm good to go with Brainpool.

Doing 256 bit sign ecdsa's for 10s: 92012 256 bit ECDSA signs in 10.00s 
Doing 256 bit verify ecdsa(nistp256)'s for 10s: 26294 256 bit ECDSA verify in 10.00s
Doing 256 bit sign ecdsa's for 10s: 88745 256 bit ECDSA signs in 10.00s 
Doing 256 bit verify ecdsa(brainpoolP256r1)'s for 10s: 24939 256 bit ECDSA verify in 10.00s
256 bit ecdsa (nistp256)   0.0001s   0.0004s   9201.2   2629.4
256 bit ecdsa (brainpoolP256r1)   0.0001s   0.0004s   8874.5   2493.9

Doing 256 bit  ecdh(nistp256)'s for 10s: 31820 256-bit ECDH ops in 10.00s
Doing 256 bit  ecdh(brainpoolP256r1)'s for 10s: 29748 256-bit ECDH ops in 10.00s
256 bit ecdh (nistp256)   0.0003s   3182.0
256 bit ecdh (brainpoolP256r1)   0.0003s   2974.8