Evaluation of Multi-precision Arithmetic Libraries for Use in - - PowerPoint PPT Presentation

1

COMPARATIVE ANALYSIS OF SOFTWARE LIBRARIES FOR PUBLIC KEY CRYPTOGRAPHY

Ashraf Abusharekh Kris Gaj Department of Electrical & Computer Engineering George Mason University

2

Evaluation of Multi-precision Arithmetic Libraries for Use in Public Key Cryptography Practical Recommendations

Which library is best for a particular application?

OBJECTIVE

3

Scalar Multiplication Multiplication xGCD Point Addition Multiplication Modular Exponentiation xGCD Modular Exponentiation Signature Verification Scalar Multiplication Addition Multiplication xGCD Addition Multiplication Modular Exponentiation xGCD Modular Exponentiation Signature Generation Scalar Multiplication Modular Exponentiation Modular Exponentiation Multiplication GCD xGCD Key Generation EC Generation Point Counting Primality Testing N/A System Parameters ECDSA DSA RSA Signature Scheme

PUBLIC KEY SCHEMES OPERATIONS(1)

4

PUBLIC KEY SCHEMES OPERATIONS(2) Large Integers (768 – 2048)

• Addition, Multiplication, Modular Exponentiation,

GCD, xGCD, Primality Testing

Elliptic Curve Points (140 – 224)

• Elliptic Curve Point Addition and Scalar Multiplication

Problem: Operations are difficult to implement. Solution: Use existing libraries.

5

Many arithmetic and number theoretic libraries, commercial and in the public domain have been developed to perform these multi-precision arithmetic operations efficiently

• Beecrypt, BIGNUM, Botan, bnlib, CLN, cryptolib,

CryptoPP, freelip, GMP, Libgcrypt, LiDIA, linteger, MIRACL, nettle, NTL, OpenSSL, PARI, PIOLOGIE, zen ……..

Problem: Which one to use? LIBRARIES

6

EVALUATED LIBRARIES

7

GNU C/C++ 2.95.2 Solaris 5.8 Sun: 2x 400 MHz UltraSPARC-Solaris-II, 4-MB E-cache, 2048 MB RAM GNU C/C++ 3.3.1 RedHat Linux 9.0 GNU C/C++ 3.3.1 Windows XP Cygwin 2.00 GHz Pentium IV Processor, 512 MB RAM Compiler Operating System Processor/hardware

PLATFORMS

8

PRIMARY Performance of Primitive Operations Support for Public Key Cryptosystems

• Primitive Operations
• Public Key Schemes

SECONDARY Documentation & Ease of Use Supported Compilers

EVALUATION CRITERIA

9

Evaluation Criteria Documentation & Ease of Use

Easy

Ease of use

Hard Insufficient

Documentation

Sufficient OpenSSL CryptoPP PIOLOGIE CLN GMP LiDIA MIRACL NTL Worst Best

10

Evaluation Criteria Supported Compilers

LiDIA GMP CLN NTL MIRACL OpenSSL CryptoPP PIOLOGIE

GNU C/C++ GNU C/C++ GNU C/C++ GNU C/C++ ARM C

Borland C/C++ Borland C++ Builder Watcom C++

MSVC Borland C/C++

CodeWarrior Pro CodeWarrior Pro Apogee C++

GNU C/C++

DEC C Sun WorkShop, Forte C++ Borland C/C++

Intel C/C++

GNU C/C++ GNU C/C++ front end

MSVC

Microsoft eMbedded Visual C++ Intel C/C++ Digital C++ MSVC MSVC GNU C/C++ HP aC++ HP C++ IBM C++ IBM CSet++ VisualAge C++ KAI C++ MSVC MIPSpro C++ SUN WorkShop C++

11

Large Integers (768/1024/2048)

• Multiplication, Modular Exponentiation, GCD,

xGCD, Primality Testing

E(FP) (162/224/384)

• Addition, Point Scalar Multiplication

E(F2^n) (163/233/409)

• Addition, Scalar Multiplication

OPERATIONS, OPERAND SIZES

12

Measuring Performance of Operations

• RDTSC Method: Clock Cycles

Pentium IV: RDTSC Instruction

• Timing Method: Milliseconds
• UltraSPARC-II, “gettimeofday()”
• 100 execution times for each operation

METHODOLOGY(1)

13

• Operands
• Large Integers:

Random In, Jn, Kn, n = {768, 1024, 2048} Random Primes Pn

(j), n = {768, 1024, 2048}, j = [0, 9]

• E(F2^n)

SEC 2 recommended 163, 233, 409. Random Points Tn, Sn, n = {163, 233, 409}

• E(FP)

Random, 162, 226, 386. Random Points Tn, Sn, n = {162, 226, 386}

METHODOLOGY(2)

14

• Operation Ranking

n n n n n

Min result R R  





where S Rank/Lib/O Operation

3 2048 , 1024 , 768

113,977 41,163 29,910 Piologie 17,605 5,364 3,381 Minn 48,438 15,218 9,055 OpenSSL 17,722 5,426 3,381 NTL 71,512 18,613 10,974 MIRACL 18,722 6,047 3,573 LiDIA 17,605 5,364 3,423 GMP 78,755 37,928 38,432 CryptoPP 29,133 11,763 8,940 CLN result2048 result1024 result768 Library P4-WinXP/MULTIPLICATION(Clock Cycles) P4-WinXP/MULTIPLICATION Ranking 7.60 6.47 7.67 8.85 Piologie 2.75 2.75 2.84 2.68 OpenSSL 1.01 1.01 1.01 1.00 NTL 3.58 4.06 3.47 3.25 MIRACL 1.08 1.06 1.13 1.06 LiDIA 1.00 1.00 1.00 1.01 GMP 7.11 4.47 7.07 11.37 CryptoPP 2.12 1.65 2.19 2.64 CLN Rank R2048 R1024 R768 Library

METHODOLOGY(3)

15

• Library Ranking

N N k k

X







1

Rank/OS Library

X6 X5 X4 X3 X2 X1 15.51 213.30 16.41 10.65 6.63 7.40 7.60 PIOLOGIE 4.90 12.17 8.31 2.33 2.65 8.07 2.75 OpenSSL 1.12 1.00 1.00 1.18 1.17 1.42 1.01 NTL 5.00 3.15 5.15 2.62 4.56 22.40 3.58 MIRACL 1.21 1.10 1.03 1.65 1.08 1.45 1.08 LiDIA 1.01 1.08 1.01 1.00 1.00 1.00 1.00 GMP 14.56 9.99 464.90 4.04 4.71 15.17 7.11 CryptoPP 1.95 1.37 1.34 2.79 2.25 2.23 2.12 CLN P4-WinXP Rank xGCD GCD Large E E = 65537 E = 3 MUL Library

METHODOLOGY(4)

16

0.00 2.00 4.00 6.00 8.00 10.00 12.00 14.00 16.00 18.00 GM P NTL LiDIA CLN OpenSSL M IRACL CryptoP P P iologie Library Rank

RESULTS LARGE INTEGERS

RESULTS P4-WinXP

0.00 2.00 4.00 6.00 8.00 10.00 12.00 GM P NTL LiDIA CLN M IRACL OpenSSL P iologie CryptoP P Library Rank

RESULTS RedHat RESULTS UltraSPARC-Solaris

0.00 5.00 10.00 15.00 20.00 25.00 30.00 35.00 40.00 GM P NTL LiDIA CLN OpenSSL P IOLOGIE M IRACL CryptoP P Library Rank

17

Results

Operations On Large Integers

GMP NTL LiDIA CLN RH WinXP/Solaris OpenSSL MIRACL MIRACL OpenSSL WinXP CryptoPP PIOLOGIE

Fast Medium Slow

RH/Solaris PIOLOGIE 7.0

9.2

CryptoPP 35.0

9.8 15.5 14.6 4.5 4.9 4.4 4.9 7.3 5.0

Free

18

RESULTS E(Fp)

RESULTS P4-WinXP RESULTS RedHat RESULTS UltraSPARC-Solaris

0.00 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 4.50 5.00 OpenSSL M iracl LiDIA CryptoP P Library Rank 0.00 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 OpenSSL LiDIA M iracl CryptoP P Library Rank 0.00 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 OpenSSL LiDIA M iracl CryptoP P Library Rank

19

RESULTS E(F2^n)

RESULTS P4-WinXP RESULTS RedHat RESULTS UltraSPARC-Solaris

0.00 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 4.50 5.00 M iracl LiDIA CryptoP P Library Rank 0.00 1.00 2.00 3.00 4.00 5.00 6.00 7.00 8.00 9.00 10.00 LiDIA M iracl CryptoP P Library Rank 0.00 2.00 4.00 6.00 8.00 10.00 12.00 14.00 16.00 18.00 LiDIA M iracl CryptoP P Library Rank

20

Results

Operations On EC Points LiDIA RH/Solaris WinXP OpenSSL MIRACL MIRACL OpenSSL CryptoPP CryptoPP LiDIA ECP EC2 RH/Solaris WinXP LiDIA MIRACL CryptoPP MIRACL CryptoPP LiDIA

1.0 1.3 4.5 16.9 9.1 1.2 1.4 1.0 1.0 4.7 2.6 1.5 1.4 1.0 1.0 1.3 1.25 2.0 1.8 8.2 3.6

Free

21

Low level routines

– Targeting Pentium 4 and UltraSPARC

Algorithms

– Choice of algorithm and algorithm parameters – Different implementations FACTORS AFFECTING PERFORMANCE

22

Factors Affecting Performance Examples

CLN CryptoPP GMP/LiDIA/NTL PIV GMP/LiDIA/NTL SPARC MIRACL OpenSSL Piologie Libraries Classic Karatsuba Karatsuba-Comba 768bit 1024bit 2048bit

113,977 41,163 29,910 Piologie 17,605 5,364 3,381 Minn 48,438 15,218 9,055 OpenSSL 17,722 5,426 3,381 NTL 71,512 18,613 10,974 MIRACL 18,722 6,047 3,573 LiDIA 17,605 5,364 3,423 GMP 78,755 37,928 38,432 CryptoPP 29,133 11,763 8,940 CLN result2048 result1024 result768 Library P4-WinXP/MULTIPLICATION (Clock Cycles)

23 EC Generation and Point Counting EC2/ECP Support for Primitive E(F2^n) Operations Support for Primitive E(Fp) Operations Support for Primitive Large Integers Operations CLN CryptoPP GMP LiDIA MIRACL NTL OpenSSL PIOLOGIE

SUPPORT FOR PUBLIC KEY CRYPTOSYSTEMS

24

Which library is best for implementing PK Schemes operating on LARGE INTEGERS?

Support

High Schemes Low Primitives Low

CryptoPP PIOLOGIE OpenSSL MIRACL Performance GMP,NTL, LiDIA CLN

High

Worst Best

25

Support for operations on large integers,

– Group A)

{GMP(fastest), NTL, LiDIA, CLN}: best performance under all platforms tested. Trade off: amount of time and effort needed for implementation.

– Group B)

{OpenSSL, MIRACL} trail libraries from group A in terms of

• verall performance. Support implementations of

cryptographic schemes => faster development.

– {CryptoPP} is the best choice for the fast development based on the wide range of cryptographic schemes implemented.

Trade off: performance as compared to other libraries.

CONCLUSION(1)

26

• High Performance :

– A lot of time devoted for development (low support) – Free

• Use GMP.
• Medium Performance/Medium Time Devoted

For Development :

– Free

• Use OpenSSL.
• High Support/Not Enough Time to Develop

– Free

• Use CryptoPP.

Which library is best for implementing PK Schemes operating on LARGE INTEGERS?

27

Support

High Schemes Low Primitives Low

CryptoPP MIRACL Performance OpenSSL LiDIA

High

Which library is best for implementing PK Schemes

• perating on ECP?

Worst Best

28

Support

High Schemes Low Primitives Low

CryptoPP MIRACL Performance LiDIA

High

Which library is best for implementing PK Schemes

• perating on EC2?

Worst Best

29

Support for E(F2^n),

– LiDIA has the best performance under Pentium IV- RedHat 9.0 and UltraSPARC-Solaris. Under Pentium IV, Windows XP, MIRACL has the best performance. CryptoPP is the slowest under all platforms.

Support for E(Fp),

– OpenSSL has the best performance under all platforms, LiDIA performance is better than MIRACL

• n Pentium IVRedHat 9.0 and UltraSPARC-Solaris,

while under Pentium IV-Windows XP, MIRACL is better than LiDIA. CryptoPP is the slowest.

CONCLUSION(2)

30

Which library is best for implementing PK Schemes

• perating on ECP?
• High Performance :

– A lot of time devoted for development (low support) – Free

• Use OpenSSL.
• Medium Performance/Good Support

– Not Free

• Use MIRACL.
• High Support/Not Enough Time to Develop

– Free

• Use CryptoPP.

31

Which library is best for implementing PK Schemes

• perating on EC2?
• High Performance :

– A lot of time devoted for development (low support) – Not Free

• Use LiDIA.
• Medium Performance/Good Support

– Not Free

• Use MIRACL.
• High Support/Not Enough Time to Develop

– Free

• Use CryptoPP.

32

Thank You