Hi there,
On Wed, 19 Sep 2001, Tom Biggs wrote:
> I've got a nearly rhetorical question, but I thought I'd toss
> it into the ring anyway.
>
> I'm wondering how much overlap there might be between _all_ of
> the modulus values used across all OpenSSL modular exponentiation
> calls. If there is a good probability that some reasonably-sized
> set of moduli (plural sp?) are used again and again, I can get
> increased performance from our hardware by caching values derived
> from the moduli.
For general "BN_mod_exp[_crt|_mont]" implementations, "not really". You
could if you want and yes, you will often getting matching modulii (and
exponents for that matter), but you'd have to use a hash-table as there may
be a few commonly used keys rather than one.
Better still is to simply do it at the RSA, DSA, and DH levels (which is
after all where most of the action will be happening through). Consult the
"ex_data" functions - you can cache any per-key stuff you like using the
"ex_data" storage inside each one of those objects. This is also useful for
converted BIGNUM forms (eg. not recomputing and reallocating BN_bn2bin()
output every time, etc). If your "cache" is attached to each key, you know
extremely well that the modulus, exponent, or any other key details won't
be changing much, if at all. :-)
> My gut feeling is that even if I maintained a global cache,
> I wouldn't get too many second hits on the same modulus.
You certainly would. Ditto on the exponents. It's just that it may not be
just *one* commonly occuring value (or, if you're running a single SSL
server, you'll probably have one very common modulus and exponent from the
server's key, but lots of other always-changing values when verifying
client certificates and/or using EDH cipher-suites). For this sort of
BIGNUM level cache trickery, you're better to simply build the support into
a hardware driver or on the hardware itself. However, at the RSA, DSA (etc)
structure levels ... you know a *lot* more about what will and won't
change at run-time.
> My boss is betting that I will see the same moduli re-used
> quite often [1]. I'm guessing not - but mathematically challenged
> as I am, I have no way to test this theory except by metering
> a production OpenSSL system...
>
> [1] He may be thinking of exponents...
You're right on both counts, but if you abstractly hook just the mod_exp
(without regard to keys) you will never get any guarantees.
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
