Ben Laurie wrote:
> For those that really care it'd be cool if someone did a careful
> comparison. It would also be interesting to know why they differ.

One set of comparisons of OpenSSL 0.9.7d and GMP RSA speed from last March was
posted on the GMP discussion mailing list by the GMP developer at

The less than surprising result is that if one of the packages has optimized
assembler language Bignum routines for a platform and the other doesn't, then
the package with the assembler routines is faster.

A few years ago I found that it was not worth the overhead of a JNI call to
have a Java program call out to the OpenSSL library instead of using the java
BigNum class which is written in Java. At the time I thought I was testing the
effect of JNI overhead, assuming that the C implementation of BigNum in OpenSSL
was of course much faster than one in Java.

I revisited the question sometime in the last six months and was surprised to
find that the JNI calls to OpenSSL were now much faster. It was not a matter of
JNI overhead being large, but that OpenSSL bignum arithmetic had been slow.

Looking into it I found some discussion of how GMP bignum was much faster than
OpenSSL and subsequent revision of the OpenSSL code on the x86 platform. I'm
pretty sure I did these later tests with a newer version of OpenSSL than 0.9.7d
and the x86 performance was about equal to that of GMP, as opposed to GMP being
2.5 to 3 times faster in the March tests.

Recently OpenSSL added a GMP engine to allow GMP to be used for Bignum
arithmetic on platforms where GMP is faster than the OpenSSL library.

Based on the final sentence of the posting to gmp-discuss linked to above, I
would predict that there will continue to be a version race between the two
packages until they both reach some limit of performance, at least on platforms
 on which the OpenSSL developers want to maintain parity, letting the other
platforms be serviced by the GMP engine.

Another small thread about this in an OpenSSL mailing list:

 -- Sidney Markowitz

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to