> From: [email protected] On Behalf Of ikuzar > Sent: Thursday, 07 April, 2011 08:31
> I'd like to know if DH_compute_key( ) runs faster than > DH_generate_key( ). DH_generate_key generate x and g^x, > in my case ( x was not set when I call this function ). > I only made measure for DH_generate_key and have got 0.00 ms > ( CPU Intel Core i7-740QM, 1.73Ghz / 6GB of memory ). Is it normal ... ? Except setup and error handling, the computation for DH-generate and DH-compute is one modexp each. generate chooses random x and computes y=g^x mod p; compute receives y(2) and computes result=y^x mod p, where x (also y) is normally uniform over most of p, and so negligibly likely to be substantially smaller. For same hardware and same group (or just group size) these should take the same CPU time within epsilon. 'speed' doesn't have dh as a case (don't know why) but RSA-sign also is basically one full-size modexp, if your size is (close to) 512 1024 2048 or 4096. The random(x) in generate MIGHT take elapsed time. The OpenSSL default (P)RNG has changed several times over the years, and I haven't kept track of when and if and on what platforms it waits. Or you can set OpenSSL to use a different (P)RNG, in which case that does whatever it does. If your code does the random(x) i.e. priv_key before calling DH_generate_key, then you can separate out the cost and/or delay of random(). But I don't see that's any real benefit. Also it matters how you measure time. Especially on Windows, trying to measure intervals less than one old-style tick (about 17ms) may give wrong results. The general workaround is to loop enough times to take at least several seconds; pretty much all OS/systems ever have been able to count seconds correctly. (This is basically what 'speed' does, only with heuristics and some platform-specific optimizations.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
