Friday, September 28, 2007

Software Crypto Performance

Interesting results - Solaris 10 08/07 (update 4) on v440, no crypto card.

openssl speed rsa1024 -engine pkcs11 -multi N
openssl speed rsa1024 -multi N

Where N was 1 2 4 8

As you can see even without having crypto card there's huge performance increase by using pkcs11 - different algorithm implementation and different compiler?

1 comment:

Garrett D'Amore said...

Yes. Ferenc Rakoczi has hand tuned UltraSPARC III assembler versions of modular exponentiation (and also some symmetric crypto) in our PKCS#11. OpenSSL doesn't get the benefit of that without engine.

Note that a single v440 CPU can do about 200 ops/sec. By comparison, the SCA 1000 accelerator can do about 4400 ops/sec. (A 20-fold increase, never mind the fact that your CPU is also available to do other things!)

Some people have said a few times that hardware crypto acceleration is dead. I don't think so. Its just moving into the CPUs proper instead of being on an expansion bus.

I'm curious about the SCA 6000. That was created after I left the crypto group; I imagine it uses a pair of bcm582x parts, but that's just a guess on my part. Anyone know for sure?