On 8/30/2010 12:20 PM, Georgi Guninski wrote:
you write "sign operation", does it explain "verification operation" -
timings for signing with low pub exponent key vs verification with big exponent
?
To answer this question, one must remember that the signing is done
using the CRT parameters (p, q, dp, dq and d^-1 mod p) and that
theoretically it is 4 times faster than doing a raw exponentiation with
the private exponent d (see section 14.75 in Handbook Of Applied
Cryptography for a justification).
Your figures exactly meet this. I'll explain.
The verification with key2 involves a modular exponentiation with a
public exponent of 100 001 bits with a hamming weight equal to 49945.
The private exponent of key1 is 100 002 bits and it has a hamming
weight of 49 922.
Thus, a modular exponentiation with the public exponent of key2 will
cost roughly the same as the modular exponentiation with the private
exponent of key1.
Moreover, as I explained at the beginning of this email, the actual
signing is done using CRT which is 4 times faster that the modular
exponentiation with the private exponent.
So, the modular exponentiation with the public exponent of key2 is 4
times slower that the signing operation of key1 and it should cost 4 x 5
min = 20 min which is very close to the 21 min you actually obtained.
Does this answer your question?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/30/2010 12:20 PM, Georgi Guninski wrote:
On Mon, Aug 30, 2010 at 06:10:23AM +0200, Mounir IDRASSI wrote:
Hi,
The big difference in the sign operation timings between the two
keys is not caused by any property of the second key parameters
(like their hamming weight) but it is rather the expected
manifestation of two counter-measures implemented by OpenSSL. Those
are :
- RSA Blinding that protects against timing attacks.
- Verification of CRT output that protects against fault attacks.
ok, thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
