Re: [TLS] Safe ECC usage

Johannes Merkle <johannes.merkle@secunet.com> Tue, 01 October 2013 16:23 UTC

Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8279621E81B9 for <tls@ietfa.amsl.com>; Tue, 1 Oct 2013 09:23:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqRB-u3FVRtD for <tls@ietfa.amsl.com>; Tue, 1 Oct 2013 09:22:59 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) by ietfa.amsl.com (Postfix) with ESMTP id 21E9311E8143 for <tls@ietf.org>; Tue, 1 Oct 2013 09:22:17 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id D23431A0078; Tue, 1 Oct 2013 18:22:10 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id SIRy58vzvzQt; Tue, 1 Oct 2013 18:22:09 +0200 (CEST)
Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by a.mx.secunet.com (Postfix) with ESMTP id 713871A006F; Tue, 1 Oct 2013 18:22:09 +0200 (CEST)
Received: from [10.208.1.57] ([10.208.1.57]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.4675); Tue, 1 Oct 2013 18:22:08 +0200
Message-ID: <524AF6AF.1070503@secunet.com>
Date: Tue, 01 Oct 2013 18:22:07 +0200
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: mrex@sap.com
References: <20131001133819.CAE281A9CB@ld9781.wdf.sap.corp>
In-Reply-To: <20131001133819.CAE281A9CB@ld9781.wdf.sap.corp>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 01 Oct 2013 16:22:09.0042 (UTC) FILETIME=[6063F720:01CEBEC2]
Cc: "tls@ietf.org" <tls@ietf.org>, Kyle Hamilton <aerowolf@gmail.com>
Subject: Re: [TLS] Safe ECC usage
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2013 16:23:11 -0000

>> Other than certificate size and the speed of making those calculations?
>> Really, try "openssl speed rsa2048 ecdsap256" on any Linux or Mac machine.
> 
> openssl 1.0.1c x86_64 tells me ecdsap256 is 10x faster than rsa2048 for
> signing and 10x slower than rsa2048 for verifying.

RSA is much faster for signing than for verifying, while for ECDSA the time for these operations are quite similar.

So lets assume, ECDSA singing or verifying takes 1/10 s, then RSA signing takes 1 s and verifying 1/100 sec. Makes 0.2 s
for ECDSA based handshake (one signing and one verifying operation) and 1.01 s for RSA. That is a huge difference.

Johannes