Thank you Marcin for your response. It is really helpful.
On Thu, 8 Oct 2020, 21:52 Marcin Romaszewicz, <marc...@gmail.com> wrote: > Yes, in my experience, the C SSL libraries are much faster than Go's > implementation on curves P384 and P521, however, Go's tuned implementation > of P256 curves is comparable to OpenSSL performance ( > https://golang.org/src/crypto/elliptic/). If you look in the directory I > linked, you'll see that it has assembly language implementations of the > P256 curve. > > Practically, there isn't much reason today to use the P384 and P521 > curves. The security provided by P256 is very good, not known to be > crackable today, and it's a widely supported curve. P384 is reasonably well > supported, but not as widely, and P521 isn't well supported at all, since > it's not in the NSA Suite B crypto recommendations, which drive many crypto > standards. > > -- Marcin > > > On Thu, Oct 8, 2020 at 8:40 AM Shobhit Srivastava <simplysh...@gmail.com> > wrote: > >> Thanks for the detailed explanation for your issue. >> Thanks for the pointers for the library. Just a quick question, do you >> think calling C library from Go can give great results for 521 curve. >> >> >> >> On Thu, 8 Oct 2020, 21:03 Marcin Romaszewicz, <marc...@gmail.com> wrote: >> >>> My issue was slightly different than yours, in that I was burning way >>> too much CPU verifying 384 bit client certificates for TLS. The solution >>> was to have nginx do TLS termination, and proxy decrypted traffic to my Go >>> server, rather than doing TLS termination in Go. >>> >>> The first place I would start looking is either the LibreSSL or OpenSSL >>> libraries. LibreSSL is a cleanup of OpenSSL, which has grown messy over the >>> years. Both of these contain a crypto library which does what you want. >>> Here is what it looks like in LibreSSL: >>> https://man.openbsd.org/ECDSA_SIG_new.3 >>> >>> -- Marcin >>> >>> On Thu, Oct 8, 2020 at 2:30 AM Shobhit Srivastava <simplysh...@gmail.com> >>> wrote: >>> >>>> Hey Marcin >>>> >>>> Can you give me the pointer on C library and if can be used in Cgo . >>>> >>>> Thanks >>>> >>>> On Wed, 7 Oct 2020, 22:27 Shobhit Srivastava, <simplysh...@gmail.com> >>>> wrote: >>>> >>>>> Yeah the inclination is towards 512 curve only so need to optimise it. >>>>> >>>>> Will check out the C library. Thanks >>>>> >>>>> >>>>> >>>>> On Wed, 7 Oct 2020, 22:22 Marcin Romaszewicz, <marc...@gmail.com> >>>>> wrote: >>>>> >>>>>> secp256r1 has been hand optimized for performance, the others haven't. >>>>>> >>>>>> If performance there matters to you, it's actually faster to call out >>>>>> to C libraries to verify 384 and 512 bit curves. >>>>>> >>>>>> On Wed, Oct 7, 2020 at 9:27 AM Shobhit Srivastava < >>>>>> simplysh...@gmail.com> wrote: >>>>>> >>>>>>> Hi All >>>>>>> >>>>>>> I have tried to do the performance analysis for different curve in >>>>>>> golang and got below output: >>>>>>> for secp256r1 I got 28000 Signature verified per second >>>>>>> for secp384r1 I got 1600 Signature verified per second >>>>>>> for secp521r1 I got 700 Signature verified per second >>>>>>> >>>>>>> Is there something I did wrong or is this the usual results? >>>>>>> >>>>>>> Let me know if someone has done performance comparison. >>>>>>> >>>>>>> Best, >>>>>>> Shobhit >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "golang-nuts" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to golang-nuts+unsubscr...@googlegroups.com. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/golang-nuts/fdc14759-b995-43af-948d-cdb2201e4718n%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/golang-nuts/fdc14759-b995-43af-948d-cdb2201e4718n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAHM18J2i76bTrNoUKu_zbsvxDcNKaDaPkXe9%3DQ9kXp5y1KuHOg%40mail.gmail.com.
