[TLS]Re: Curve-popularity data?

Fri, 07 Jun 2024 10:54:17 -0700 

On Friday, 7 June 2024 19:08:22 CEST, D. J. Bernstein wrote:

Hubert Kario writes:

I think the openssl compile is missing the `enable-ec_nistp_64_gcc_128`
option?


Results on the same Comet Lake of a fresh run of the script with that
option added to the Configure line:

                              op      op/s
 256 bits ecdh (nistp256)   0.0001s  12184.0
 253 bits ecdh (X25519)   0.0000s  24758.0

For comparison, results that I posted before without the option:

                              op      op/s
 256 bits ecdh (nistp256)   0.0001s  12186.0
 253 bits ecdh (X25519)   0.0000s  24753.0

Doesn't look like the option has any effect on these numbers.


hmm looks like they changed it to be the default for the P-256 since I
looked at the performance impact of it... (tried local compiles myself and
yes, no difference)


I checked the OpenSSL changelog, which says this option appeared in
3.2.0 to enable faster code for P-384, so I also tried "openssl speed
ecdhp384", and for that there's an obvious difference: 682.2 ops/sec
without the option, 1824.8 ops/sec with the option.


yes, they recently merged code to also significantly improve speed of
P-384, but the ec_nistp_64_gcc_128 option is old, I think even from 1.0.0
times


and yes, I was seeing such degree of difference with and without that 
option

for P-256, P-224, and P-521 curves


and it ignores the whole case of there being dedicated silicon for
P-256 arithmetic that makes such comparisons moot.


I presume you mean that those comparisons are moot specifically on
machines with P-256 hardware accelerators. Is there data on what
percentages of TLS clients and servers have those accelerators?


I'm not aware of any such stats, sorry.

not a good example, as they also include X25519, but Intel has P-256
in their Quick Assist Technology (which is included in certain Xeons)

the previous version, that shipped as a PCIe card might be more limited,
but I didn't work with those
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org























					Reply via email to