[3948] in cryptography@c2.net mail archive
EDH vs RSA
daemon@ATHENA.MIT.EDU (Wei Dai)
Mon Jan 11 21:27:56 1999
Date: Mon, 11 Jan 1999 10:26:09 -0800
From: Wei Dai <weidai@eskimo.com>
To: Eric Young <eay@uq.net.au>
Cc: cryptography@c2.net
In-Reply-To: <Pine.OSF.3.95.990111160155.7847A-100000@fox.uq.net.au>; from Eric Young on Mon, Jan 11, 1999 at 04:29:42PM +1000
On Mon, Jan 11, 1999 at 04:29:42PM +1000, Eric Young wrote:
> The main negative for EDH is that it is very CPU expensive and this is not
> a good thing to do to a web server. An approximate rule of thumb is that
> the CPU load for the same size key (512 RSA vs 512 EDH/RSA) is that the
> EDH is 9 times as great (or 5 times if you 'reuse' the temp EDH key a
> few times). The client takes this full CPU load as well (8 times RSA
> private).
What is behind these numbers? My own benchmarks
(http://www.eskimo.com/~weidai/benchmarks.html) show that DH 512 key-gen +
agreement take 5+8=13 ms, while RSA 512 private key operation takes 8 ms,
so the difference in speed should be nowhere near 9 times.
