Bodo Moeller via RT wrote: > Tom Wu via RT <[EMAIL PROTECTED]>: > >>I just tried benchmarking the snapshot code against my earlier patch on >>an 8-way P3-700 server (Win2K AS). My patch gets ~100 RSA sign/s >>(1024-bit) with a single thread and peaks at ~790 RSA sign/s with 8 >>threads. The 0402 snapshot also starts at ~100 RSA sign/s with 1 thread >>and peaks at ~650 RSA sign/s with 8 threads. > > > Thanks for the timings. One thing to take into account when > interpreting these is that some additional random blinding should be > added to your patch; maybe once in ten or hundred RSA operations, so > the timing difference would not really change a lot. A more important > aspect is that you are comparing just the case that multiple threads > do share an RSA structure. A different scenario is that you have > multiple threads with *individual* RSA structures -- then the snapshot > version will be very fast while the version with locking will be > unnecessarily slowed down because the locks are global. This is why > we are trying to avoid excessive locking.
We should try our best to quantify the cost of locking to weigh it against the cost of local blinding. If we are concerned about contention leading to a loss of parallelism on multi-processor systems, I would suggest that my patch places only a small amount of code (the blinding update squarings) inside a critical section, which results in very little contention, since the window of time for an RSA private op is still dominated by the CRT modexp. If we go by the benchmark numbers from our 8-way box, assuming the snapshot version gets perfect parallelism from multiple threads with individual RSA structs, that still makes its maximum theoretical performance 8 * 100 = 800 RSA sign/s, while the version with locking got about 790 sign/s. So far, it looks like locking is costing at most about 1% (10/800) in performance for both single and multithreaded cases, as opposed to 0% (single) and 18% (150/800) (multi) for local blinding. Perhaps there are other benchmarks we could run to get a more comprehensive picture? Tom -- Tom Wu Chief Security Architect Arcot Systems (408) 969-6124 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]