Some quick notes on RSA1024 signing performance

Jul 27, 2009

Just so this does not get lost – I’ve been doing some RSA1024 signing experiments because of my ‘DNSSEC on PowerDNS’ experiment, and the results were at first confusing.

For starters, friends of mine with Apple OS X reported very low numbers from the version of OpenSSL that ships with OS X (intel). The command to have OpenSSL perform speed tests is: ‘openssl speed rsa1024’. Numbers were around half those reported on identical machines running a 32-bit Ubuntu.

Much investigations ensued, and conclusions are:

  • Apple ships a version of OpenSSL that misses certain optimizations. If you need performance for your applications, investigate which OpenSSL library they link against, and possibly investigate how to recompile or relink.
  • Go 64-bit, in a hurry. Twice as many bits appear to deliver over twice as much performance.
  • A modern Core2 based CPU running 64 bits code maxes out at about 1500 RSA1024 signatures/second/core, based on OpenSSL 1.0 beta 3, or Botan linked against GnuMP 4
  • Non-beta OpenSSLs are quite a bit slower, but not dramatically so
  • More naive code, that is not as highly optimized (like the otherwise excellent PolarSSL), will deliver around 1200 RSA1024 signatures/second/core (64 bits)
  • These numbers scale linearly with the number of cores involved – my 600 euro PC delivers 6000 signatures/second (‘0.10 euro/signature/second’).

It also looks like no worthwhile general purpose RSA hardware accelerators are available for use from Linux – Sun ships one, but its performance is not stellar (a lot more than 0.10 euro/signature/second), but it is not cheap, plus it is only officially supported on Sun hardware. If anyone has better ideas, please let me know!

PS: Why RSA1024? Because this is what DNSSEC is about for the foreseeable future..

About the author

Bert Hubert

Bert Hubert

Principal, PowerDNS

Related Articles

PowerDNS Authoritative Server 4.9.1

This is release 4.9.1 of the Authoritative Server. It contains a collection of small fixes. A detailed list of changes can...

Peter van Dijk May 28, 2024

PowerDNS Authoritative Server 4.9.0

This is release 4.9.0 of the Authoritative Server. It brings a few new features, and a collection of small improvements and...

Peter van Dijk Mar 15, 2024

PowerDNS Authoritative Server 4.9.0-beta2

This is release 4.9.0-beta2 (beta1 was not released, due to a tagging mistake) of the Authoritative Server. It brings a few...

Peter van Dijk Feb 16, 2024

PowerDNS Authoritative Server 4.9.0-alpha1

This is release 4.9.0-alpha1 of the Authoritative Server. It brings a few new features, and a collection of small...

Peter van Dijk Jan 12, 2024