TLS handshake speeds: RSA is faster than ECC!?

MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Tue Jan 10, 2017 9:17 pm

Hi,

I am currently working on a TLS secured webserver running on esp32.
To get started I have used the example 10_openssl_server.
When I execute a GET request using the provided 2048 bit RSA key and certificate it takes about 1.6 seconds to complete the request.
Most of the time is used for handshake.
I have replaced the key and certificate by a self signed prime256v1 elliptic curve. Unexpectedly the request now takes over 1.8 seconds!

Am I missing something here?
Is the ECC hardware module slower than the RSA module?

If you want to run your own tests please consider checking out my pull request which fixes a few things:
https://github.com/espressif/esp-idf/pull/214

Thank you!

Best,
Malte

WiFive
Posts: 1016
Joined: Tue Dec 01, 2015 7:35 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby WiFive » Wed Jan 11, 2017 12:30 am

I believe only a portion of the ecc/RSA operations are hardware accelerated.

MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Wed Jan 11, 2017 12:39 am

Is it possible that currently only RSA is handled using hardware acceleration but no ECC?
I can find some RSA crypto stuff in components/mbedtls/port/esp_bignum.c but I cannot find any ECC stuff. Even in the ESP32 Technical Reference there is no chapter about the ECC accelerator.

Dear Espressif developers, what is the ETA of ECC hardware acceleration?

Best,
Malte

WiFive
Posts: 1016
Joined: Tue Dec 01, 2015 7:35 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby WiFive » Wed Jan 11, 2017 2:51 am

I think all mbedtls_mpi functions including those calls in ecc libraries use acceleration. Not sure there is any additional hw acceleration that can be added to ecc.

ESP_Sprite
Posts: 1033
Joined: Thu Nov 26, 2015 4:08 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby ESP_Sprite » Wed Jan 11, 2017 3:12 am

ECC is accelerated, but unfortunately the gains gotten from hardware acceleration aren't as big as we'd like.

MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Wed Jan 11, 2017 12:39 pm

As far as I can see you have no ECC accelerator registers somewhere in your SDK:
https://github.com/espressif/esp-idf/bl ... ypto_reg.h

So I expect ECC is completely done in software?

Malte

ESP_Sprite
Posts: 1033
Joined: Thu Nov 26, 2015 4:08 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby ESP_Sprite » Wed Jan 11, 2017 12:56 pm

The 'RSA' peripheral actually is a more general modular math module. If memory serves, this is what ECC uses as well.

MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Wed Jan 11, 2017 1:06 pm

ESP_Sprite wrote:The 'RSA' peripheral actually is a more general modular math module. If memory serves, this is what ECC uses as well.

ah yeah, I just saw it is basically a bignum accelerator.
Thank you!

Well, then I would say it would be great to see "enhanced hw crypto performance" on the ESP32 v2 roadmap ;)

Best,
Malte

Who is online

Users browsing this forum: WiFive, z43740979 and 7 guests