Georgi Guninski
2010-08-29 08:51:23 UTC
inconsistent timings for rsa sign/verify with 100K bit rsa keys.
using pycrypto i generated two valid 100 000 bit rsa keys with the same modulus:
key1: log(n)=100K, e=2^16-1,d=BIG
key2: log(n)=100K, e=BIG, d=BIG
(note key1 and key2 share the same modulus)
recompiled openssl with increased parameters so the keys are usable.
i expect the keys to be slow, but this benchmarks quite surprise me:
sign verify
key1 5min <1sec
key2 48min 21min
(tested on patched openssl1.0.0a)
is it normal key2 to be so slower compared with the signing of key1 (the 1sec verification with low exponent is clear to me).
signature verification passes for both keys and the big exponents seem of the right size. both keys passed "rsa check" with reduced number of pseudoprimality tests (to 3).
pycrypto is much faster with key2 and general purpose math program suggest sign/verify to be about 5min for big exponents (<phi(n)).
the tarball with the private keys + 2 certs (190K) is at:
http://seclists.org/fulldisclosure/2010/Aug/384
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
using pycrypto i generated two valid 100 000 bit rsa keys with the same modulus:
key1: log(n)=100K, e=2^16-1,d=BIG
key2: log(n)=100K, e=BIG, d=BIG
(note key1 and key2 share the same modulus)
recompiled openssl with increased parameters so the keys are usable.
i expect the keys to be slow, but this benchmarks quite surprise me:
sign verify
key1 5min <1sec
key2 48min 21min
(tested on patched openssl1.0.0a)
is it normal key2 to be so slower compared with the signing of key1 (the 1sec verification with low exponent is clear to me).
signature verification passes for both keys and the big exponents seem of the right size. both keys passed "rsa check" with reduced number of pseudoprimality tests (to 3).
pycrypto is much faster with key2 and general purpose math program suggest sign/verify to be about 5min for big exponents (<phi(n)).
the tarball with the private keys + 2 certs (190K) is at:
http://seclists.org/fulldisclosure/2010/Aug/384
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org