Re: New multi6 draft: WIMP

[Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>]

> Yes. Actually, I find Jukka's numbers a bit surprising. SHA1 is used

Thanks for correcting me Jari. The question is about microseconds,
not milliseconds.

Br, Jukka

> on a per-packet basis on IPsec, for instance, and many systems can do
> this at wire speed. And I always thought that bignum operations (signatures,
> diffie-hellman) were significantly slower than symmetric operations (SHA1)
> on the same hardware.
>
> Reference http://www.eskimo.com/~weidai/benchmarks.html gives the performance
> on a 2.1 Ghz Pentium for SHA1 as 72 Mbytes/s; for RSA signature takes 4.65 ms
> and verification 0.19 according to the same source. However, this does not tell
> us how many individual SHA1 operations were run, just the data amount.
> Digging into the source code of Crypto++ library on which the tests from
> the above link were made... hmm.... it seems that it simply calls hash.update
> repeatedly. Are we comparing apples to oranges if I assume an individual
> SHA1 operation cost is according to 72 Mbytes/s? I seem to recall that
> at least HMAC_SHA1 had some fixed cost component. If anyone has better
> benchmarks, tell us...
>
> Anyway, the way I read Wimp is that the amount of SHA1 data to be calculated
> under the hash in the packet is ~ 90 bytes. For this, using the above numbers
> I get 1.19 *microsecond*, not millisecond. The RSA for this would be 4.65
> millisecond, or about 4000 times slower. DSA signature would be 2.14 millisecond,
> or about 2000 times slower (without precomputation).
>
> --Jari