On Mon, Jan 11, 1999 at 04:29:42PM +1000, Eric Young wrote:
> The main negative for EDH is that it is very CPU expensive and this is not
> a good thing to do to a web server. An approximate rule of thumb is that
> the CPU load for the same size key (512 RSA vs 512 EDH/RSA) is that the
> EDH is 9 times as great (or 5 times if you 'reuse' the temp EDH key a
> few times). The client takes this full CPU load as well (8 times RSA
> private).
What is behind these numbers? My own benchmarks
(http://www.eskimo.com/~weidai/benchmarks.html) show that DH 512 key-gen +
agreement take 5+8=13 ms, while RSA 512 private key operation takes 8 ms,
so the difference in speed should be nowhere near 9 times.
