跑 openssl speed ecdh
的時候發現很特別的現象:
Doing 160 bit ecdh's for 10s: 40865 160-bit ECDH ops in 9.99s Doing 192 bit ecdh's for 10s: 34169 192-bit ECDH ops in 9.99s Doing 224 bit ecdh's for 10s: 60980 224-bit ECDH ops in 9.99s Doing 256 bit ecdh's for 10s: 34298 256-bit ECDH ops in 10.00s Doing 384 bit ecdh's for 10s: 9602 384-bit ECDH ops in 10.00s Doing 521 bit ecdh's for 10s: 9127 521-bit ECDH ops in 9.99s
原因是 Google 這篇論文的貢獻:「Fast Elliptic Curve Cryptography in OpenSSL」,開頭就提到:
We present a 64-bit optimized implementation of the NIST and SECG-standardized elliptic curve P-224.
而實際成果:
full TLS handshakes using a 1024-bit RSA certificate and ephemeral Elliptic Curve Diffie-Hellman key exchange over P-224 now run at twice the speed of standard OpenSSL, while atomic elliptic curve operations are up to 4 times faster.
在 OpenSSL 的 CHANGES 也可以看到對應的修改,不只是 NIST-P224 有被改善,其他的 NIST-P256 與 NIST-P521 也都有被改善:
Add optional 64-bit optimized implementations of elliptic curves NIST-P224, NIST-P256, NIST-P521, with constant-time single point multiplication on typical inputs.
頗特別的...