Hi,
We're using ECDSA signing with public keys to verify data received over BLE.
I use a SHA256 hash of the data, giving a hash size of 32 bytes. The signature is 70-73 bytes.
After setting up a context and loading the public key (which is all reasonably fast), I am calling "mbedtls_ecdsa_read_signature" to verify the signature (against the calculated hash and public key).
The mbedtls_ecdsa_read_signature call takes about 900 mS to complete. This is problematic because it makes the device slow to respond to commands (the data being verified).
ESP32 at 160 MHz. I got a moderate speed increase (~20%) when I configured the ESP32 for 240 MHz.
Is taking ~900ms to run mbedtls_ecdsa_read_signature normal / expected?
Any way I can speed it up?
Signature verify seems SLOW with ECDSA and mbedtls
-
jcolebaker
- Posts: 14
- Joined: Thu Mar 18, 2021 12:23 am
-
ESP_Mahavir
- Posts: 100
- Joined: Wed Jan 24, 2018 6:51 am
Re: Signature verify seems SLOW with ECDSA and mbedtls
Hello,
Additionally, you may also try to enable compiler optimisation level to performance (-O2), I was able to get ~28% improvement with this. Other performance tuning knobs are documented at https://docs.espressif.com/projects/esp ... rall-speed
I am attaching my test code here, you will to invoke `test_ecdsa()` from your application.
Please feel free to share your feedback or any additional questions on this.
Thanks.
This number looks to be on higher side. On similar test code, I got roughly ~390ms in default configuration. If we disable `CONFIG_MBEDTLS_HARDWARE_MPI`, then it can help improve this number to roughly ~240ms. You may find reasoning for this as discussed in https://github.com/espressif/esp-idf/issues/1177.The mbedtls_ecdsa_read_signature call takes about 900 mS to complete. This is problematic because it makes the device slow to respond to commands (the data being verified).
Additionally, you may also try to enable compiler optimisation level to performance (-O2), I was able to get ~28% improvement with this. Other performance tuning knobs are documented at https://docs.espressif.com/projects/esp ... rall-speed
I am attaching my test code here, you will to invoke `test_ecdsa()` from your application.
Please feel free to share your feedback or any additional questions on this.
Thanks.
Mahavir
-
jcolebaker
- Posts: 14
- Joined: Thu Mar 18, 2021 12:23 am
Re: Signature verify seems SLOW with ECDSA and mbedtls
I didn't see any significant change in performance by changing optimization levels. I didn't try changing MPI acceleration settings. However, I was able to get a huge increase in performance by using the "micro-ecc" library instead of mbedtls:
https://github.com/kmackay/micro-ecc
This library is around 5 x faster than mbedtls for ECDSA signature verification! This made it fast enough for our usage.
https://github.com/kmackay/micro-ecc
This library is around 5 x faster than mbedtls for ECDSA signature verification! This made it fast enough for our usage.
Who is online
Users browsing this forum: Baidu [Spider], Google [Bot] and 29 guests