RSA icon indicating copy to clipboard operation
RSA copied to clipboard
verified publisher icon RustCrypto

RSA very slow, takes 11ms in release

Open Snowiiii opened this issue 1 year ago • 2 comments

Hello, I noticed that RSA key generation takes a long time, Like the README says release build do reduce the time, But 11ms for a 1024 Key is still a lot. I would love if there where some efforts going on to reduce generation time

Snowiiii avatar Oct 14 '24 18:10 Snowiiii

When #394 lands we will switch to crypto-primes for key generation.

I would expect that to be faster but haven't benchmarked myself yet.

tarcieri avatar Oct 15 '24 12:10 tarcieri

maybe related: https://github.com/RustCrypto/RSA/issues/29 (cannot say much otherwise, only remembered that old issue i also ran into that time :)

r10s avatar Oct 15 '24 16:10 r10s

The current crypto-primes branch has a rough slow down of 2x last time I benchmarked, see the PR for a description of why

dignifiedquire avatar Nov 05 '24 15:11 dignifiedquire

The current crypto-primes branch has a rough slow down of 2x last time I benchmarked, see the PR for a description of why

I don't see the Slower benchmarks, In the PR description are only a bunch of checkboxes. I also wonder what the point of this PR is when it brings a 2 times slow down

Snowiiii avatar Nov 06 '24 13:11 Snowiiii

I also wonder what the point of this PR is when it comes 2 times slower

Security: https://github.com/RustCrypto/RSA/issues/19

dignifiedquire avatar Nov 06 '24 14:11 dignifiedquire

@dignifiedquire they've recently added a number of improvements including parallel prime generation which haven't made it into a release yet.

Also, this seems relevant https://github.com/entropyxyz/crypto-primes/issues/61

tarcieri avatar Nov 06 '24 14:11 tarcieri

Glad to hear that, the slowdown I was referring to was not key generation but signing & verification operations

dignifiedquire avatar Nov 06 '24 14:11 dignifiedquire

@tarcieri, relevant in what way? We're thinking now in what way it should be exposed, so it's useful to know potential use cases.

fjarri avatar Dec 05 '24 08:12 fjarri

@fjarri I was curious if it could be used to ensure certain properties of the generated primes, like non-adjacency of p and q, and ensuring the high bits are set so the bit lengths of the primes, when added, are always the intended key size

tarcieri avatar Dec 10 '24 00:12 tarcieri

like non-adjacency of p and q,

That's probably best ensured by just starting the search from random positions for either?

and ensuring the high bits are set so the bit lengths of the primes, when added, are always the intended key size

This is already the case by default. Perhaps it should be stated clearly in the docs.

fjarri avatar Dec 10 '24 00:12 fjarri

This issue appears to be a dup of #144

tarcieri avatar Jan 02 '25 14:01 tarcieri