Skip to content
This repository has been archived by the owner on Feb 9, 2021. It is now read-only.

Add benchmarks for generation and fingerprinting #41

Merged
merged 2 commits into from
Nov 24, 2014
Merged

Add benchmarks for generation and fingerprinting #41

merged 2 commits into from
Nov 24, 2014

Conversation

dmcgowan
Copy link
Contributor

Results with i7-3687U CPU @ 2.10GHz × 4

BenchmarkECP256Generate     5000        765631 ns/op
BenchmarkECP384Generate      200      10228670 ns/op
BenchmarkECP521Generate      100      17862164 ns/op
BenchmarkRSA2048Generate           2     911764954 ns/op
BenchmarkRSA3072Generate           1    1426658951 ns/op
BenchmarkRSA4096Generate           1    19010220221 ns/op
BenchmarkECP256Fingerprint    500000          3202 ns/op
BenchmarkECP384Fingerprint    500000          3304 ns/op
BenchmarkECP521Fingerprint    500000          4004 ns/op
BenchmarkRSA2048Fingerprint       10     174062887 ns/op
BenchmarkRSA3072Fingerprint        1    6930198558 ns/op
BenchmarkRSA4096Fingerprint        1    3772528822 ns/op

@dmcgowan
Add benchmarks for generation and fingerprinting
781dde4 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
@dmcgowan
Copy link
Contributor Author

@jlhawn was the slow RSA fingerprint generation the reason we didn't use the standard encoding before? I believe the RSA encoding does some prime verification, perhaps if we needed speed for RSA we could take that code and strip out the prime check.

Don't record generation time on fingerprint bench
ac2e85a 
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> <github: jlhawn)
@jlhawn
Copy link
Contributor

jlhawn commented Nov 24, 2014

your fingerprint benchmark is counting the key generation. I've fixed it here: jlhawn/libtrust@ac2e85a

Here are my results:

BenchmarkECP256Generate         5000         617555 ns/op   ~0.6 ms
BenchmarkECP384Generate          200        8964434 ns/op   ~9.0 ms
BenchmarkECP521Generate          100       15907002 ns/op  ~16.0 ms
BenchmarkRSA2048Generate           5      474526423 ns/op   ~475 ms
BenchmarkRSA3072Generate           1     1709847534 ns/op   ~1.71 s
BenchmarkRSA4096Generate           1    17560242292 ns/op   ~17.6 s
BenchmarkECP256Fingerprint   1000000           3059 ns/op
BenchmarkECP384Fingerprint   1000000           3090 ns/op
BenchmarkECP521Fingerprint    500000           3528 ns/op
BenchmarkRSA2048Fingerprint   500000           4867 ns/op
BenchmarkRSA3072Fingerprint   500000           5725 ns/op
BenchmarkRSA4096Fingerprint   500000           6061 ns/op

@jlhawn
Copy link
Contributor

jlhawn commented Nov 24, 2014

The RSA key generation is slow due to checking for a large prime and it gets exponentially more difficult (half a second for a 2048-bit RSA key vs 17.5 seconds for a 4096-bit RSA key). I also recall a TLS config benchmark that showed loading an RSA cert/key as slow because the go standard lib unnecessarily decides to do a prime check again when loading in the private key.

@jlhawn
Copy link
Contributor

jlhawn commented Nov 24, 2014

Also, the RSA key generation is probabilistic. It doesn't always take 17 seconds to generate... You may get lucky and guess a prime number early on in the search, you may be unlucky and have it take over a minute! I'm not sure what it would be on expectation because the go bench only ever runs one iteration, and the variance seems pretty high.

@dmcgowan
Copy link
Contributor Author

@jlhawn Good catch on the benchmark, incorporated your change and merging

dmcgowan added a commit that referenced this pull request Nov 24, 2014
@dmcgowan
Merge pull request #41 from dmcgowan/key_benchmarks
6b78349 
Add benchmarks for generation and fingerprinting
@dmcgowan dmcgowan merged commit 6b78349 into docker:master Nov 24, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dmcgowan @jlhawn