When watching discussions in the cryptography community, one often sees arguments which involve the performance of a given cryptographic algorithm. Indeed, a cryptographic algorithm must not only be secure but also perform well in different types of devices to be accepted by professional cryptographers. Bruce Schneier once said: "given enough rounds, pretty much anything is secure", but of course being slow limits the usability and therefore the adoption of an algorithm.

OpenSSL has a performance analysis tool which shows how well its implemented ciphers, hash functions, public key algorithms and key exchange algorithms perform. To see the numbers for your computer, open a terminal and run:

openssl speed

The output will be long and might take a few minutes to finish. Here are the first output lines which I get (showing the performance of some cryptographic hash functions; notice that different input sizes are used for each hash function):

Doing md4 for 3s on 16 size blocks: 11817261 md4's in 2.99s Doing md4 for 3s on 64 size blocks: 9164094 md4's in 2.99s Doing md4 for 3s on 256 size blocks: 5436759 md4's in 2.99s Doing md4 for 3s on 1024 size blocks: 2053975 md4's in 2.99s Doing md4 for 3s on 8192 size blocks: 304846 md4's in 2.98s Doing md5 for 3s on 16 size blocks: 8763024 md5's in 3.00s Doing md5 for 3s on 64 size blocks: 6537570 md5's in 2.99s Doing md5 for 3s on 256 size blocks: 3710551 md5's in 2.99s Doing md5 for 3s on 1024 size blocks: 1334743 md5's in 3.00s Doing md5 for 3s on 8192 size blocks: 192998 md5's in 2.99s Doing hmac(md5) for 3s on 16 size blocks: 7157191 hmac(md5)'s in 3.00s Doing hmac(md5) for 3s on 64 size blocks: 5738849 hmac(md5)'s in 2.99s Doing hmac(md5) for 3s on 256 size blocks: 3437022 hmac(md5)'s in 2.99s Doing hmac(md5) for 3s on 1024 size blocks: 1312290 hmac(md5)'s in 3.00s Doing hmac(md5) for 3s on 8192 size blocks: 193418 hmac(md5)'s in 2.99s

Not surprisingly, the number of times each hash function can process a given input in a fixed amount of time decreases as the input becomes larger.

The results for hash functions are followed by results for ciphers, public key algorithms and finally for key exchange algorithms. The best way to visualize the data is through the tables which appear at the end. For example, the speeds of the hash functions and ciphers (in bytes processed per second) are shown on the following table (only the first lines are shown here; results for MD2 and MDC-2 are absent because they are not enabled in my system):

The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 0.00 0.00 0.00 0.00 0.00 mdc2 0.00 0.00 0.00 0.00 0.00 md4 63236.18k 196154.52k 465488.40k 703434.92k 838019.61k md5 46736.13k 139934.61k 317692.66k 455592.28k 528775.79k hmac(md5) 38171.69k 122838.24k 294273.46k 447928.32k 529926.51k

The performances of public key algorithms (signatures per second and verifications per second) are shown right below the table above (again, only first lines are shown here):

sign verify sign/s verify/s rsa 512 bits 0.000100s 0.000007s 9976.6 142275.1 rsa 1024 bits 0.000350s 0.000020s 2858.7 49126.4 rsa 2048 bits 0.002291s 0.000072s 436.5 13813.4 rsa 4096 bits 0.017219s 0.000273s 58.1 3659.7

The performances of the key exchange algorithms (operations per second) come right at the end (again, only first lines are shown here):

op op/s 160 bit ecdh (secp160r1) 0.0003s 3239.5 192 bit ecdh (nistp192) 0.0004s 2825.5 224 bit ecdh (nistp224) 0.0002s 6557.5 256 bit ecdh (nistp256) 0.0003s 3225.8

## Comments

No comments posted yet.