Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
8 replies Latest Post - ‏2008-12-16T13:59:42Z by SystemAdmin
neilc_dublin
neilc_dublin
94 Posts
ACCEPTED ANSWER

Pinned topic FYI. OpenSSL on the Cell using MPM from the SDK

‏2007-01-09T20:56:01Z |
Hi all
I've been working on an OpenSSL engine to support the SPU's.
Seems I've finally got it all glued together using the IBM multi-precision (MPM) library.
You may be interested in the results of [b][i]version 0.001 [/i][/b]

bottom line is [b] 47 * 4096bit RSA sign/sec[/b] as opposed to [b]11[/b] sign/sec without
>./apps/openssl speed rsa4096 -engine cellspumpm -elapsed -multi 15

(see [2] below for openssl build options)

code
This is with 15 Multi processes and elapsed time. The choice of 15 is random.


with SPU engine : -
sign verify sign/s verify/s
rsa 4096 bits 0.020915s 0.000546s 47.8 1832.2


'raw' OpenSSL (same build)
sign verify sign/s verify/s
rsa 4096 bits 0.091103s 0.001213s 11.0 824.7


Without the -multi option.


with SPU engine : -
sign verify sign/s verify/s
rsa 4096 bits 0.098480s 0.001725s 10.2 579.7


'raw' OpenSSL (same build)
sign verify sign/s verify/s
rsa 4096 bits 0.108516s 0.001742s 9.2 574.1



[/code]
[b][i]Note:[/i][/b]

  • Results are from a 3.2 GHz Playstation 3 Cell running yellow dog linux 5.0. [1] (I'd like to try a blade cell hint hint...)

  • This is [i]first cut[/i] with a basic a mod_exp(). Further optimisations maybe possible with pre-computation and different window sizes.

  • There are overheads with the current DMA transfer of parameters that will be erased as I optimise the big number conversion code and introduce better double buffering techniques.

  • I still have an intermittent PKCS#1 padding problems. :-( (arrraggghhhh)

big thanks to Augusto Jun Devegili for assistance.

Regards

Neil Costigan,
School of Computing,
Dublin City University,
Dublin,
IRELAND.

http://www.computing.dcu.ie/~ncostiga

1 - Linux 2.6.16-20061110.ydl.1ps3 #1 SMP Fri Nov 24 16:16:29 EST 2006 ppc64 ppc64 ppc64 GNU/Linux

2 - OpenSSL 0.9.8d 28 Sep 2006
built on: Tue Jan 9 19:08:02 GMT 2007
options:bn(64,64) md2(int) rc4(ptr,char) des(idx,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: ppu-gcc -DOPENSSL_USE_MPM_SPU -DOPENSSL_USE_MIRACL -DOPENSSL_USE_MIRACL_SPU -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
available timing options: TIMES TIMEB HZ=100 sysconf value
timing function used:
Updated on 2008-12-16T13:59:42Z at 2008-12-16T13:59:42Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    10114 Posts
    ACCEPTED ANSWER

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-01-09T21:55:07Z  in response to neilc_dublin

    Hi Neil,

    Great results so far. Keep posting!

    In terms of your hint, you might want to find a friend from Trinity at the Temple Bar: http://www.ibm.com/news/ie/en/2006/12/ie_en_news_20061212.html
    :)

    Cheers!
  • neilc_dublin
    neilc_dublin
    94 Posts
    ACCEPTED ANSWER

    Re: FYI. OpenSSL on the Cell using MPM from the SDK

    ‏2007-02-10T21:47:58Z  in response to neilc_dublin
    > I've been working on an OpenSSL engine to support the
    > SPU's.
    >
    >
    > Seems I've finally got it all glued together using
    > the IBM multi-precision (MPM) library.
    >
    >
    > You may be interested in the results of [b][i]version
    > 0.001 [/i][/b]
    >
    > bottom line is [b] 47 * 4096bit RSA sign/sec[/b] as
    > opposed to [b]11[/b] sign/sec without
    >

    An update:
    I've got some time to finally fix the outstanding PKCS padding error and improved DMA transfers.

    On my PS3 with [b]6[/b] SPU
    bottom line is up to [b] 80 * 4096bit RSA sign/sec[/b] as opposed to [b]11[/b] sign/sec without

    code
    RSA PPU 6 SPUs
    key length sign sign/sec sign sign/sec
    1024-bits 0.000724s 384.5 0.001906s 524.7
    2048-bits 0.002600s 71.7 0.003033s 329.7
    4096-bits 0.089455s 11.2 0.011925s 83.9
    [/code]

    Regards

    Neil Costigan,
    School of Computing,
    Dublin City University,
    Dublin,
    IRELAND.

    http://www.computing.dcu.ie/~ncostiga
    • SystemAdmin
      SystemAdmin
      10114 Posts
      ACCEPTED ANSWER

      Re: FYI. OpenSSL on the Cell using MPM from the SDK

      ‏2007-02-11T01:52:25Z  in response to neilc_dublin
      Hi Neil,

      Cool stuff! Any chance you could post, or point to, something which would allow a comparison (for those of us who don't know if 80 is a big number or a small one)?

      Also, I sent you original post along internally in IBM and found some interest. Did someone get in touch with you?

      Cheers,
      Dan
      • neilc_dublin
        neilc_dublin
        94 Posts
        ACCEPTED ANSWER

        Re: FYI. OpenSSL on the Cell using MPM from the SDK

        ‏2007-02-11T12:24:03Z  in response to SystemAdmin
        >
        > Cool stuff! Any chance you could post, or point to,
        > something which would allow a comparison (for those
        > of us who don't know if 80 is a big number or a small
        > one)?
        I have written a paper which includes have a bit more detail/comparisons. I've submitted to a security conference and hope to get published through that.

        I think [b]80[/b] is significant. I've even seen it report [b]84[/b].

        In context....
        The PPU (with ASM and a technique called Karatsuba's method) reports [b]11[/b] for the same call.
        1 SPU reports [b]14.2[/b]

        The macbook pro I'm typing this on reports [b]7.2[/b] using the openssl shipped with OSX.

        Using the Cell simulator's cycle counting capabilities the algorithm (RSA/CRT) indicates about 88 is possible on the PS3 with perfect DMA and more efficient big number conversion.
        note:
        The top end 4096-bit RSA isn't really a judge of everyday usage. That should be the 1024/2048-bit. I have some more steps to implement which can improve the numbers on the lower end. Namely the RSA/CRT can use parallel mod_exp()'s and improve the individual RSA numbers but it will still run into a top limit of about 80.

        We also believe a fine tuned multi-precision library made specifically for crypto will help us jump a little more.
        >
        > Also, I sent you original post along internally in
        > IBM and found some interest. Did someone get in
        > touch with you?
        >
        They did. and are going to try the code on a 'full' cell.
        The delay was on my side as I tracked that elusive padding bug.
        I'll keep you posted.
        /nc
        • SystemAdmin
          SystemAdmin
          10114 Posts
          ACCEPTED ANSWER

          Re: FYI. OpenSSL on the Cell using MPM from the SDK

          ‏2007-08-18T00:42:17Z  in response to neilc_dublin

          Neil -- Did you paper ever publish?
          • neilc_dublin
            neilc_dublin
            94 Posts
            ACCEPTED ANSWER

            Re: FYI. OpenSSL on the Cell using MPM from the SDK

            ‏2007-08-18T17:57:37Z  in response to SystemAdmin
            >
            > Neil -- Did you paper ever publish?
            Its on eprint at
            http://eprint.iacr.org/2007/061

            I did present it at at Crypto Performance workshop (SPEED) last June
            http://www.hyperelliptic.org/SPEED/

            After a few distractions (the joy of graduate studies :-)) I'm back working on an additional section. There are one or two of the conclusions that should be implemented.

            I'm still keen to see it published if any one knows of a forum.
            I'll present anywhere hot :-)

            -Neil
            • SystemAdmin
              SystemAdmin
              10114 Posts
              ACCEPTED ANSWER

              Re: FYI. OpenSSL on the Cell using MPM from the SDK

              ‏2008-02-12T22:17:34Z  in response to neilc_dublin
              You did a great job Neil. Congratulations. I wish I will manage to write a paper like you did.<hr />
              Nouveau Riche University
            • SystemAdmin
              SystemAdmin
              10114 Posts
              ACCEPTED ANSWER

              Re: FYI. OpenSSL on the Cell using MPM from the SDK

              ‏2008-12-16T13:59:42Z  in response to neilc_dublin
              Hi. I'm new to CBEA, but I want to use it for the purposes quite similar to yours (cryptography). I was lookting through your pdf paper and got a question about the 128 and 64 bit add method. It seems to me that adding carry bits once might generate new carries that you don't process. Correct me if I'm wrong