ESP32 Forum

ESP32 Official Forum
http://esp32.io/

TLS handshake speeds: RSA is faster than ECC!?

http://esp32.io/viewtopic.php?f=13&t=929

Page 1 of 1

TLS handshake speeds: RSA is faster than ECC!?

Posted: Tue Jan 10, 2017 9:17 pm
by MalteJ
Hi,

I am currently working on a TLS secured webserver running on esp32.
To get started I have used the example 10_openssl_server.
When I execute a GET request using the provided 2048 bit RSA key and certificate it takes about 1.6 seconds to complete the request.
Most of the time is used for handshake.
I have replaced the key and certificate by a self signed prime256v1 elliptic curve. Unexpectedly the request now takes over 1.8 seconds!

Am I missing something here?
Is the ECC hardware module slower than the RSA module?

If you want to run your own tests please consider checking out my pull request which fixes a few things:
https://github.com/espressif/esp-idf/pull/214

Thank you!

Best,
Malte

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 12:30 am
by WiFive
I believe only a portion of the ecc/RSA operations are hardware accelerated.

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 12:39 am
by MalteJ
Is it possible that currently only RSA is handled using hardware acceleration but no ECC?
I can find some RSA crypto stuff in components/mbedtls/port/esp_bignum.c but I cannot find any ECC stuff. Even in the ESP32 Technical Reference there is no chapter about the ECC accelerator.

Dear Espressif developers, what is the ETA of ECC hardware acceleration?

Best,
Malte

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 2:51 am
by WiFive
I think all mbedtls_mpi functions including those calls in ecc libraries use acceleration. Not sure there is any additional hw acceleration that can be added to ecc.

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 3:12 am
by ESP_Sprite
ECC is accelerated, but unfortunately the gains gotten from hardware acceleration aren't as big as we'd like.

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 12:39 pm
by MalteJ
As far as I can see you have no ECC accelerator registers somewhere in your SDK:
https://github.com/espressif/esp-idf/bl ... ypto_reg.h

So I expect ECC is completely done in software?

Malte

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 12:56 pm
by ESP_Sprite
The 'RSA' peripheral actually is a more general modular math module. If memory serves, this is what ECC uses as well.

Re: TLS handshake speeds: RSA is faster than ECC!?

Posted: Wed Jan 11, 2017 1:06 pm
by MalteJ
ESP_Sprite wrote:The 'RSA' peripheral actually is a more general modular math module. If memory serves, this is what ECC uses as well.
ah yeah, I just saw it is basically a bignum accelerator.
Thank you!

Well, then I would say it would be great to see "enhanced hw crypto performance" on the ESP32 v2 roadmap ;)

Best,
Malte
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/