Before we get too involved in discussing performance and different methods of measuring performance, I think it is very important to address the features of what Brian is suggesting;
such as: what security services are being supplied? who is involved in the service - where is the service applied and where validated? what is being protected? what are the components and the architecture? etc. --Sandy, speaking as wg co-chair ________________________________________ From: [email protected] [[email protected]] on behalf of Sriram, Kotikalapudi [[email protected]] Sent: Thursday, May 10, 2012 9:05 AM To: [email protected] Cc: sidr wg list ([email protected]) Subject: Re: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys) Hi Ross, The 10,000/s number is Brian Dickson's and it is not related to ECDSA (or RSA) signing/verification of BGPSEC updates. In my work on performance modeling of BGPSEC, I have used the basic signing/verification measurement data from the eBACS benchmarking effort: http://bench.cr.yp.to/results-sign.html The measurement numbers they report are in the same ballpark as yours for RSA signing. However, the BGPSEC spec draft specifies ECDSA-P256, which is much faster than RSA-2048 for signing. (Side note: ECDSA-P256 was also preferred because it results in a much lower size for BGPSEC updates and hence lower router RIB memory size. http://www.nist.gov/itl/antd/upload/BGPSEC_RIB_Estimation.pdf ) Regarding how the eBACS measurement data were used to model BGPSEC CPU performance, please see: http://ripe63.ripe.net/presentations/127-111102.ripe-crypto-cost.pdf (slides 10 and 11 summarize signing/verification speeds for various latest Intel and Cavium processors) or see, http://www.ietf.org/proceedings/83/slides/slides-83-sidr-7.pdf (slides 7 and 8). The performance modeling and measurement work is still evolving and there is still ways to go w.r.t. prototyping of BGPSEC and measurements with actual signed updates, etc. Sriram ________________________________________ From: [email protected] [[email protected]] Sent: Thursday, May 10, 2012 4:35 AM To: Sriram, Kotikalapudi Cc: Brian Dickson ([email protected]); sidr wg list ([email protected]) Subject: Re: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys) Sriram You can't get 10,000 signature creations and verifications a second on a standard Intel core. You can get maybe 100. Your colleagues who work on smart grid standards have experience of this. The IEC working group assumed that all LAN traffic in electricity substations could be authenticated by digital signatures. This turned out to not work, and caused a major stall in the smart grid security program. Some substation LAN traffic has a hard end-to-end latency bound of 4ms, and that simply can't be achieved on standard cores using 1024-bit RSA signatures. You need custom hardware, which brings serious export control headaches as well as significant costs. We wrote this up in http://www.cl.cam.ac.uk/~sf392/publications/S4-1010.pdf Ross _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
