TLS handshake speeds: RSA is faster than ECC!?

Post Reply
MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Tue Jan 10, 2017 9:17 pm

Hi,

I am currently working on a TLS secured webserver running on esp32.
To get started I have used the example 10_openssl_server.
When I execute a GET request using the provided 2048 bit RSA key and certificate it takes about 1.6 seconds to complete the request.
Most of the time is used for handshake.
I have replaced the key and certificate by a self signed prime256v1 elliptic curve. Unexpectedly the request now takes over 1.8 seconds!

Am I missing something here?
Is the ECC hardware module slower than the RSA module?

If you want to run your own tests please consider checking out my pull request which fixes a few things:
https://github.com/espressif/esp-idf/pull/214

Thank you!

Best,
Malte
Top
WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby WiFive » Wed Jan 11, 2017 12:30 am

I believe only a portion of the ecc/RSA operations are hardware accelerated.
Top
MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Wed Jan 11, 2017 12:39 am

Is it possible that currently only RSA is handled using hardware acceleration but no ECC?
I can find some RSA crypto stuff in components/mbedtls/port/esp_bignum.c but I cannot find any ECC stuff. Even in the ESP32 Technical Reference there is no chapter about the ECC accelerator.

Dear Espressif developers, what is the ETA of ECC hardware acceleration?

Best,
Malte
Top
WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby WiFive » Wed Jan 11, 2017 2:51 am

I think all mbedtls_mpi functions including those calls in ecc libraries use acceleration. Not sure there is any additional hw acceleration that can be added to ecc.
Top
ESP_Sprite
Posts: 9764
Joined: Thu Nov 26, 2015 4:08 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby ESP_Sprite » Wed Jan 11, 2017 3:12 am

ECC is accelerated, but unfortunately the gains gotten from hardware acceleration aren't as big as we'd like.
Top
MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Wed Jan 11, 2017 12:39 pm

As far as I can see you have no ECC accelerator registers somewhere in your SDK:
https://github.com/espressif/esp-idf/bl ... ypto_reg.h

So I expect ECC is completely done in software?

Malte
Top
ESP_Sprite
Posts: 9764
Joined: Thu Nov 26, 2015 4:08 am

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby ESP_Sprite » Wed Jan 11, 2017 12:56 pm

The 'RSA' peripheral actually is a more general modular math module. If memory serves, this is what ECC uses as well.
Top
MalteJ
Posts: 62
Joined: Wed Sep 21, 2016 10:26 pm

Re: TLS handshake speeds: RSA is faster than ECC!?

Postby MalteJ » Wed Jan 11, 2017 1:06 pm

ESP_Sprite wrote:The 'RSA' peripheral actually is a more general modular math module. If memory serves, this is what ECC uses as well.
ah yeah, I just saw it is basically a bignum accelerator.
Thank you!

Well, then I would say it would be great to see "enhanced hw crypto performance" on the ESP32 v2 roadmap ;)

Best,
Malte
Top
Post Reply

Return to “ESP-IDF”

Who is online

Users browsing this forum: No registered users and 252 guests