Performance of cryptographic algorithms in OpenSSL


Posted by Diego Assencio on 2014.04.09 under Linux (Security)

When watching discussions in the cryptography community, one often sees arguments which involve the performance of a given cryptographic algorithm. Indeed, a cryptographic algorithm must not only be secure but also perform well in different types of devices to be accepted by professional cryptographers. Bruce Schneier once said: "given enough rounds, pretty much anything is secure", but of course being slow limits the usability and therefore the adoption of an algorithm.

OpenSSL has a performance analysis tool which shows how well its implemented ciphers, hash functions, public key algorithms and key exchange algorithms perform. To see the numbers for your computer, open a terminal and run:

openssl speed

The output will be long and might take a few minutes to finish. Here are the first output lines which I get (showing the performance of some cryptographic hash functions; notice that different input sizes are used for each hash function):

Doing md4 for 3s on 16 size blocks: 11817261 md4's in 2.99s
Doing md4 for 3s on 64 size blocks: 9164094 md4's in 2.99s
Doing md4 for 3s on 256 size blocks: 5436759 md4's in 2.99s
Doing md4 for 3s on 1024 size blocks: 2053975 md4's in 2.99s
Doing md4 for 3s on 8192 size blocks: 304846 md4's in 2.98s
Doing md5 for 3s on 16 size blocks: 8763024 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 6537570 md5's in 2.99s
Doing md5 for 3s on 256 size blocks: 3710551 md5's in 2.99s
Doing md5 for 3s on 1024 size blocks: 1334743 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 192998 md5's in 2.99s
Doing hmac(md5) for 3s on 16 size blocks: 7157191 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 64 size blocks: 5738849 hmac(md5)'s in 2.99s
Doing hmac(md5) for 3s on 256 size blocks: 3437022 hmac(md5)'s in 2.99s
Doing hmac(md5) for 3s on 1024 size blocks: 1312290 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 8192 size blocks: 193418 hmac(md5)'s in 2.99s

Not surprisingly, the number of times each hash function can process a given input in a fixed amount of time decreases as the input becomes larger.

The results for hash functions are followed by results for ciphers, public key algorithms and finally for key exchange algorithms. The best way to visualize the data is through the tables which appear at the end. For example, the speeds of the hash functions and ciphers (in bytes processed per second) are shown on the following table (only the first lines are shown here; results for MD2 and MDC-2 are absent because they are not enabled in my system):

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                  0.00         0.00         0.00         0.00         0.00
mdc2                 0.00         0.00         0.00         0.00         0.00
md4              63236.18k   196154.52k   465488.40k   703434.92k   838019.61k
md5              46736.13k   139934.61k   317692.66k   455592.28k   528775.79k
hmac(md5)        38171.69k   122838.24k   294273.46k   447928.32k   529926.51k

The performances of public key algorithms (signatures per second and verifications per second) are shown right below the table above (again, only first lines are shown here):

                  sign    verify    sign/s verify/s
rsa  512 bits 0.000100s 0.000007s   9976.6 142275.1
rsa 1024 bits 0.000350s 0.000020s   2858.7  49126.4
rsa 2048 bits 0.002291s 0.000072s    436.5  13813.4
rsa 4096 bits 0.017219s 0.000273s     58.1   3659.7

The performances of the key exchange algorithms (operations per second) come right at the end (again, only first lines are shown here):

                              op      op/s
 160 bit ecdh (secp160r1)   0.0003s   3239.5
 192 bit ecdh (nistp192)   0.0004s   2825.5
 224 bit ecdh (nistp224)   0.0002s   6557.5
 256 bit ecdh (nistp256)   0.0003s   3225.8

Comments

No comments posted yet.