OpenSSL BIGNUM vs. GMP
Ben Laurie
ben at algroup.co.uk
Tue Jan 3 17:10:50 EST 2006
Jack Lloyd wrote:
> Some relevant and recent data: in some tests I ran this weekend (GMP 4.1.2,
> OpenSSL 0.9.8a, Athlon/gcc/Linux) RSA operations using GMP were somewhat faster
> than ones using OpenSSL even when blinding was used with both (typical
> performance boost was 15-20%).
>
> I'm assume "both of which are needed" should have been "at least one of which
> is needed"? AFAIK blinding alone can protect against all (publicly known)
> timing attacks; am I wrong about this?
Yes, you are - there's the cache attack, which requires the attacker to
have an account on the same machine. I guess I shouldn't have called it
constant time, since its really constant memory access that defends
against this.
http://www.daemonology.net/papers/htt.pdf
Incidentally, I think the main component of the difference on Athlon,
like many other platforms, is simply a question of which library has
hand-optimised assembler for the platform. That is, it tells us little
about architectural differences and plenty about whether anyone has been
bothered to optimise for that particular platform recently.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list