Bodo Moeller via RT wrote:
> Tom Wu via RT <[EMAIL PROTECTED]>:
> 
>>I just tried benchmarking the snapshot code against my earlier patch on 
>>an 8-way P3-700 server (Win2K AS).  My patch gets ~100 RSA sign/s 
>>(1024-bit) with a single thread and peaks at ~790 RSA sign/s with 8 
>>threads.  The 0402 snapshot also starts at ~100 RSA sign/s with 1 thread 
>>and peaks at ~650 RSA sign/s with 8 threads.
> 
> 
> Thanks for the timings.  One thing to take into account when
> interpreting these is that some additional random blinding should be
> added to your patch; maybe once in ten or hundred RSA operations, so
> the timing difference would not really change a lot.  A more important
> aspect is that you are comparing just the case that multiple threads
> do share an RSA structure.  A different scenario is that you have
> multiple threads with *individual* RSA structures -- then the snapshot
> version will be very fast while the version with locking will be
> unnecessarily slowed down because the locks are global.  This is why
> we are trying to avoid excessive locking.

We should try our best to quantify the cost of locking to weigh it 
against the cost of local blinding.  If we are concerned about 
contention leading to a loss of parallelism on multi-processor systems, 
I would suggest that my patch places only a small amount of code (the 
blinding update squarings) inside a critical section, which results in 
very little contention, since the window of time for an RSA private op 
is still dominated by the CRT modexp.

If we go by the benchmark numbers from our 8-way box, assuming the 
snapshot version gets perfect parallelism from multiple threads with 
individual RSA structs, that still makes its maximum theoretical 
performance 8 * 100 = 800 RSA sign/s, while the version with locking got 
  about 790 sign/s.  So far, it looks like locking is costing at most 
about 1% (10/800) in performance for both single and multithreaded 
cases, as opposed to 0% (single) and 18% (150/800) (multi) for local 
blinding.  Perhaps there are other benchmarks we could run to get a more 
comprehensive picture?

Tom
-- 
Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to