Skip to content

jessmail/crypto-benchmark

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
results
results
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cli.py
cli.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Crypto Benchmark - Hash Algorithm Comparison for Embedded Systems

License: MIT Python 3.12+

Performance and security analysis of SHA-2, SHA-3, and BLAKE2 hash algorithm families for resource-constrained embedded environments.

Motivation

Choosing the right cryptographic hash function for an embedded system involves trade-offs between security margins, throughput, memory footprint, and hardware acceleration support. This project provides reproducible benchmarks and a structured security evaluation to support informed algorithm selection for firmware integrity verification, secure boot chains, and IoT message authentication.

Results Summary

Typical results on an x86-64 host (Python 3.12, hashlib with OpenSSL backend):

Algorithm 1 KB (us) 1 MB (MB/s) 10 MB (MB/s) Digest (bits) Security Level
SHA-256 ~3 ~450 ~480 256 128-bit
SHA-384 ~3 ~520 ~550 384 192-bit
SHA-512 ~3 ~550 ~580 512 256-bit
SHA3-256 ~4 ~280 ~300 256 128-bit
SHA3-512 ~6 ~160 ~170 512 256-bit
BLAKE2b ~2 ~600 ~640 512 256-bit
BLAKE2s ~2 ~420 ~450 256 128-bit

Actual numbers depend on CPU, OpenSSL version, and system load. Run the benchmark yourself for accurate measurements.

Generated Charts

After running the full benchmark, the following charts are saved to results/:

  • throughput_comparison.png -- Bar chart of throughput (MB/s) per algorithm at various data sizes
  • time_vs_datasize.png -- Line chart showing hashing time as a function of input size
  • memory_usage.png -- Comparison of peak memory usage per algorithm
  • radar_comparison.png -- Radar chart comparing security, speed, memory efficiency, and HW support

Setup

# Clone the repository
git clone <repo-url> && cd crypto-benchmark

# Create virtual environment (recommended)
python -m venv .venv
source .venv/bin/activate   # Linux/macOS/Git Bash
# .venv\Scripts\activate    # Windows CMD

# Install dependencies
pip install -r requirements.txt

Requirements

  • Python >= 3.10
  • hashlib with OpenSSL backend (ships with CPython)
  • See requirements.txt for visualization and CLI dependencies

Usage

CLI

# Run all benchmarks (default: 100 iterations per data size)
python cli.py benchmark

# Run with custom iterations
python cli.py benchmark --iterations 500

# Security analysis report
python cli.py security

# Embedded suitability analysis
python cli.py embedded

# Generate full report with charts
python cli.py report

# Quick head-to-head comparison
python cli.py compare sha256 blake2b

Direct Module Execution

# Run benchmark standalone
python src/benchmark.py

# Security analysis only
python src/security_analysis.py

# Embedded analysis only
python src/embedded_analysis.py

Methodology

Performance Benchmarks

  1. Each algorithm hashes random data of sizes 1 KB, 10 KB, 100 KB, 1 MB, and 10 MB.
  2. Every measurement is repeated for N iterations (default 100) to reduce variance.
  3. Timing uses time.perf_counter_ns() for nanosecond resolution.
  4. Memory tracking uses tracemalloc to capture peak allocation per hash call.
  5. Throughput is derived as data_size / median_time.
  6. CPU cycle estimates are obtained via time.perf_counter() delta scaled by the nominal CPU frequency (where available via os/platform).

Security Analysis

Security properties are sourced from:

  • NIST FIPS 180-4 (SHA-2) and FIPS 202 (SHA-3)
  • RFC 7693 (BLAKE2)
  • Aumasson et al., "BLAKE2: simpler, smaller, fast as MD5" (2013)
  • Keccak reference, Bertoni et al. (2011)
  • Grover's algorithm impact estimates from Bernstein (2009)

Embedded Analysis

Embedded footprint numbers are based on published datasheets and reference implementations:

  • ARM mbed TLS / Mbed Crypto measured code sizes
  • wolfSSL benchmarks on Cortex-M4 (STM32F4)
  • RISC-V BLAKE2 reference implementation measurements
  • AVR-Crypto-Lib measurements on ATmega1284P

Key Findings

  1. BLAKE2b consistently delivers the highest throughput on 64-bit platforms, outperforming SHA-256 by ~30-40 % in software-only scenarios.
  2. BLAKE2s is the best choice for 32-bit and 8-bit MCUs due to its 32-bit word size and smaller state.
  3. SHA-256 remains the safe default when hardware acceleration (e.g., ARM Cryptographic Extensions, Intel SHA-NI) is available, as HW-accelerated SHA-256 vastly outperforms any software hash.
  4. SHA-3 has the strongest security margin (sponge construction, no length-extension attacks) but pays a throughput penalty in pure software, making it less suitable for heavily constrained MCUs.
  5. All evaluated algorithms provide at least 128-bit collision resistance and are considered quantum-safe at their intended security levels against Grover-type attacks (requiring ~2^(n/2) quantum operations for an n-bit digest).

Project Structure

crypto-benchmark/
  cli.py                    # Click CLI entry point
  requirements.txt
  LICENSE
  README.md
  src/
    benchmark.py            # Core performance benchmarks
    security_analysis.py    # Security property comparison
    embedded_analysis.py    # Embedded suitability scoring
    visualizer.py           # Chart generation (matplotlib)
    hmac_benchmark.py       # HMAC / keyed hashing benchmarks
    report_generator.py     # Full report assembly
  tests/
    test_benchmark.py
    test_security_analysis.py
  results/
    README.md               # Placeholder for generated output

License

MIT License -- see LICENSE.

Author

J. Essmail

About

Performance and security analysis of SHA-2, SHA-3, and BLAKE2 for embedded systems

Topics

python security benchmarking cryptography hash-functions embedded-systems

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages