Topic
  • 8 replies
  • Latest Post - ‏2008-12-16T13:59:42Z by SystemAdmin
neilc_dublin
neilc_dublin
94 Posts

Pinned topic FYI. OpenSSL on the Cell using MPM from the SDK

‏2007-01-09T20:56:01Z |
Hi all
I've been working on an OpenSSL engine to support the SPU's.
Seems I've finally got it all glued together using the IBM multi-precision (MPM) library.
You may be interested in the results of [b][i]version 0.001 [/i][/b]

bottom line is [b] 47 * 4096bit RSA sign/sec[/b] as opposed to [b]11[/b] sign/sec without
>./apps/openssl speed rsa4096 -engine cellspumpm -elapsed -multi 15

(see [2] below for openssl build options)

code
This is with 15 Multi processes and elapsed time. The choice of 15 is random.


with SPU engine : -
sign verify sign/s verify/s
rsa 4096 bits 0.020915s 0.000546s 47.8 1832.2


'raw' OpenSSL (same build)
sign verify sign/s verify/s
rsa 4096 bits 0.091103s 0.001213s 11.0 824.7


Without the -multi option.


with SPU engine : -
sign verify sign/s verify/s
rsa 4096 bits 0.098480s 0.001725s 10.2 579.7


'raw' OpenSSL (same build)
sign verify sign/s verify/s
rsa 4096 bits 0.108516s 0.001742s 9.2 574.1



[/code]
[b][i]Note:[/i][/b]

  • Results are from a 3.2 GHz Playstation 3 Cell running yellow dog linux 5.0. [1] (I'd like to try a blade cell hint hint...)

  • This is [i]first cut[/i] with a basic a mod_exp(). Further optimisations maybe possible with pre-computation and different window sizes.

  • There are overheads with the current DMA transfer of parameters that will be erased as I optimise the big number conversion code and introduce better double buffering techniques.

  • I still have an intermittent PKCS#1 padding problems. :-( (arrraggghhhh)

big thanks to Augusto Jun Devegili for assistance.

Regards

Neil Costigan,
School of Computing,
Dublin City University,
Dublin,
IRELAND.

http://www.computing.dcu.ie/~ncostiga

1 - Linux 2.6.16-20061110.ydl.1ps3 #1 SMP Fri Nov 24 16:16:29 EST 2006 ppc64 ppc64 ppc64 GNU/Linux

2 - OpenSSL 0.9.8d 28 Sep 2006
built on: Tue Jan 9 19:08:02 GMT 2007
options:bn(64,64) md2(int) rc4(ptr,char) des(idx,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: ppu-gcc -DOPENSSL_USE_MPM_SPU -DOPENSSL_USE_MIRACL -DOPENSSL_USE_MIRACL_SPU -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
available timing options: TIMES TIMEB HZ=100 sysconf value
timing function used:
Updated on 2008-12-16T13:59:42Z at 2008-12-16T13:59:42Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    10114 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-01-09T21:55:07Z  

    Hi Neil,

    Great results so far. Keep posting!

    In terms of your hint, you might want to find a friend from Trinity at the Temple Bar: http://www.ibm.com/news/ie/en/2006/12/ie_en_news_20061212.html
    :)

    Cheers!
  • neilc_dublin
    neilc_dublin
    94 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-02-10T21:47:58Z  
    > I've been working on an OpenSSL engine to support the
    > SPU's.
    >
    >
    > Seems I've finally got it all glued together using
    > the IBM multi-precision (MPM) library.
    >
    >
    > You may be interested in the results of [b][i]version
    > 0.001 [/i][/b]
    >
    > bottom line is [b] 47 * 4096bit RSA sign/sec[/b] as
    > opposed to [b]11[/b] sign/sec without
    >

    An update:
    I've got some time to finally fix the outstanding PKCS padding error and improved DMA transfers.

    On my PS3 with [b]6[/b] SPU
    bottom line is up to [b] 80 * 4096bit RSA sign/sec[/b] as opposed to [b]11[/b] sign/sec without

    code
    RSA PPU 6 SPUs
    key length sign sign/sec sign sign/sec
    1024-bits 0.000724s 384.5 0.001906s 524.7
    2048-bits 0.002600s 71.7 0.003033s 329.7
    4096-bits 0.089455s 11.2 0.011925s 83.9
    [/code]

    Regards

    Neil Costigan,
    School of Computing,
    Dublin City University,
    Dublin,
    IRELAND.

    http://www.computing.dcu.ie/~ncostiga
  • SystemAdmin
    SystemAdmin
    10114 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-02-11T01:52:25Z  
    > I've been working on an OpenSSL engine to support the
    > SPU's.
    >
    >
    > Seems I've finally got it all glued together using
    > the IBM multi-precision (MPM) library.
    >
    >
    > You may be interested in the results of [b][i]version
    > 0.001 [/i][/b]
    >
    > bottom line is [b] 47 * 4096bit RSA sign/sec[/b] as
    > opposed to [b]11[/b] sign/sec without
    >

    An update:
    I've got some time to finally fix the outstanding PKCS padding error and improved DMA transfers.

    On my PS3 with [b]6[/b] SPU
    bottom line is up to [b] 80 * 4096bit RSA sign/sec[/b] as opposed to [b]11[/b] sign/sec without

    code
    RSA PPU 6 SPUs
    key length sign sign/sec sign sign/sec
    1024-bits 0.000724s 384.5 0.001906s 524.7
    2048-bits 0.002600s 71.7 0.003033s 329.7
    4096-bits 0.089455s 11.2 0.011925s 83.9
    [/code]

    Regards

    Neil Costigan,
    School of Computing,
    Dublin City University,
    Dublin,
    IRELAND.

    http://www.computing.dcu.ie/~ncostiga
    Hi Neil,

    Cool stuff! Any chance you could post, or point to, something which would allow a comparison (for those of us who don't know if 80 is a big number or a small one)?

    Also, I sent you original post along internally in IBM and found some interest. Did someone get in touch with you?

    Cheers,
    Dan
  • neilc_dublin
    neilc_dublin
    94 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-02-11T12:24:03Z  
    Hi Neil,

    Cool stuff! Any chance you could post, or point to, something which would allow a comparison (for those of us who don't know if 80 is a big number or a small one)?

    Also, I sent you original post along internally in IBM and found some interest. Did someone get in touch with you?

    Cheers,
    Dan
    >
    > Cool stuff! Any chance you could post, or point to,
    > something which would allow a comparison (for those
    > of us who don't know if 80 is a big number or a small
    > one)?
    I have written a paper which includes have a bit more detail/comparisons. I've submitted to a security conference and hope to get published through that.

    I think [b]80[/b] is significant. I've even seen it report [b]84[/b].

    In context....
    The PPU (with ASM and a technique called Karatsuba's method) reports [b]11[/b] for the same call.
    1 SPU reports [b]14.2[/b]

    The macbook pro I'm typing this on reports [b]7.2[/b] using the openssl shipped with OSX.

    Using the Cell simulator's cycle counting capabilities the algorithm (RSA/CRT) indicates about 88 is possible on the PS3 with perfect DMA and more efficient big number conversion.
    note:
    The top end 4096-bit RSA isn't really a judge of everyday usage. That should be the 1024/2048-bit. I have some more steps to implement which can improve the numbers on the lower end. Namely the RSA/CRT can use parallel mod_exp()'s and improve the individual RSA numbers but it will still run into a top limit of about 80.

    We also believe a fine tuned multi-precision library made specifically for crypto will help us jump a little more.
    >
    > Also, I sent you original post along internally in
    > IBM and found some interest. Did someone get in
    > touch with you?
    >
    They did. and are going to try the code on a 'full' cell.
    The delay was on my side as I tracked that elusive padding bug.
    I'll keep you posted.
    /nc
  • SystemAdmin
    SystemAdmin
    10114 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-08-18T00:42:17Z  
    >
    > Cool stuff! Any chance you could post, or point to,
    > something which would allow a comparison (for those
    > of us who don't know if 80 is a big number or a small
    > one)?
    I have written a paper which includes have a bit more detail/comparisons. I've submitted to a security conference and hope to get published through that.

    I think [b]80[/b] is significant. I've even seen it report [b]84[/b].

    In context....
    The PPU (with ASM and a technique called Karatsuba's method) reports [b]11[/b] for the same call.
    1 SPU reports [b]14.2[/b]

    The macbook pro I'm typing this on reports [b]7.2[/b] using the openssl shipped with OSX.

    Using the Cell simulator's cycle counting capabilities the algorithm (RSA/CRT) indicates about 88 is possible on the PS3 with perfect DMA and more efficient big number conversion.
    note:
    The top end 4096-bit RSA isn't really a judge of everyday usage. That should be the 1024/2048-bit. I have some more steps to implement which can improve the numbers on the lower end. Namely the RSA/CRT can use parallel mod_exp()'s and improve the individual RSA numbers but it will still run into a top limit of about 80.

    We also believe a fine tuned multi-precision library made specifically for crypto will help us jump a little more.
    >
    > Also, I sent you original post along internally in
    > IBM and found some interest. Did someone get in
    > touch with you?
    >
    They did. and are going to try the code on a 'full' cell.
    The delay was on my side as I tracked that elusive padding bug.
    I'll keep you posted.
    /nc

    Neil -- Did you paper ever publish?
  • neilc_dublin
    neilc_dublin
    94 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-08-18T17:57:37Z  

    Neil -- Did you paper ever publish?
    >
    > Neil -- Did you paper ever publish?
    Its on eprint at
    http://eprint.iacr.org/2007/061

    I did present it at at Crypto Performance workshop (SPEED) last June
    http://www.hyperelliptic.org/SPEED/

    After a few distractions (the joy of graduate studies :-)) I'm back working on an additional section. There are one or two of the conclusions that should be implemented.

    I'm still keen to see it published if any one knows of a forum.
    I'll present anywhere hot :-)

    -Neil
  • SystemAdmin
    SystemAdmin
    10114 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2008-02-12T22:17:34Z  
    >
    > Neil -- Did you paper ever publish?
    Its on eprint at
    http://eprint.iacr.org/2007/061

    I did present it at at Crypto Performance workshop (SPEED) last June
    http://www.hyperelliptic.org/SPEED/

    After a few distractions (the joy of graduate studies :-)) I'm back working on an additional section. There are one or two of the conclusions that should be implemented.

    I'm still keen to see it published if any one knows of a forum.
    I'll present anywhere hot :-)

    -Neil
    You did a great job Neil. Congratulations. I wish I will manage to write a paper like you did.<hr />
    Nouveau Riche University
  • SystemAdmin
    SystemAdmin
    10114 Posts

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2008-12-16T13:59:42Z  
    >
    > Neil -- Did you paper ever publish?
    Its on eprint at
    http://eprint.iacr.org/2007/061

    I did present it at at Crypto Performance workshop (SPEED) last June
    http://www.hyperelliptic.org/SPEED/

    After a few distractions (the joy of graduate studies :-)) I'm back working on an additional section. There are one or two of the conclusions that should be implemented.

    I'm still keen to see it published if any one knows of a forum.
    I'll present anywhere hot :-)

    -Neil
    Hi. I'm new to CBEA, but I want to use it for the purposes quite similar to yours (cryptography). I was lookting through your pdf paper and got a question about the 128 and 64 bit add method. It seems to me that adding carry bits once might generate new carries that you don't process. Correct me if I'm wrong