There has been a lot of discussion in the crypto community, especially those interested in the mobile space, about the implementation of ECC due to the smaller bit sizes for keys and the perceived speed increase.
I’ve never been that sure, and an early report that I had from a BouncyCastle user indicated that in the real world it was somewhat different. So, I decided to write some code to perform some comparative testing on the key generation and key exchange speeds of ECC and RSA.
I wanted to test the real world scenarios of public key usage, where public keys are created very sparsely compared with the key exchanges that actually occur using those keys. So, in a way, I’m comparing the effort used in an operational scenario that I have specified rather than a discrete individual operation.
The playing field is as follows;
- BouncyCastle Java API’s version 1.23
- RSA key sizes from 1024 – 2048 in steps of 256 bits
- ECC key sizes, 190, 239 and 256 bits using the X.962 EC-DSA named curves prime190v1, prime239v1 and prime256v1.
- Variable number of key exchanges for a key creation
- ECC uses ECDH for key exchange
- RSA uses an public key encrypt and a private key decrypt for key exchange
- These scenarios do not perform signing or verification (which could be added)
- Dell D600 Latitude with a 1.4Ghz Centrino and 512Mb of RAM
Also taking into account the following recommended key strength comparisons;
| RSA | ECC |
|---|---|
| 1024 | 160 |
| 2048 | 282 |
| 4096 | 409 |
The comparisons below are a rough interpolation of to provide comparable key strengths.
The following tables show the results, but these operational scenarios are based on a single key creation for multiple key exchanges where the multiple is 100-1000 key exchanges for each key creation. As this turns out to be the major determinant of difference between the ECC and RSA scenario speeds, this parameter should reflect your operational scenarios as closely as possible.
The numbers in the tables show a delta between start of scenario and end of scenario in milliseconds, so the smaller the number the better.
| Algorithm | Key Exchanges | Delta | ||
|---|---|---|---|---|
| ECC (192, 239, 256) | 1 | 96 | 162 | 182 |
| RSA (1280, 1536, 1792) | 1 | 995 | 2269 | 5713 |
| ECC (192, 239, 256) | 100 | 6329 | 10457 | 11652 |
| RSA (1280, 1536, 1792) | 100 | 5014 | 7300 | 12465 |
| ECC (192, 239, 256) | 500 | 30422 | 52527 | 57584 |
| RSA (1280, 1536, 1792) | 500 | 18423 | 30079 | 46924 |
| ECC (192, 239, 256) | 2500 | 153245 | 259025 | 288532 |
| RSA (1280, 1536, 1792) | 2500 | 86191 | 143894 | 219485 |
Note: As with all things, the usual caveats apply that I might have stuffed it all up and these are nothing more than random numbers, so do your own testing. If people want the source for these tests, then drop me an email.
What does this all mean ? Well, I’m not sure what it means to you, but what it means to me is that ECC is not a panacea, and that the comparative key strengths for RSA are better performers than their equivalent ECC key strengths. There are different considerations for each application, such as the size of the encrypted data and the memory use of the algorithms, and those are best left as an exercise for the reader.
Edit: 31st October 2006
Code available here
ECC and RSA speed comparison.
I had an email discussion with Jon Eaves about his
speed comparison of ECC-based key exchange scenario with a scenario based on RSA.
His test is basically reflects PGP protocol and assumes that publc key is generated once and then reused for multiple
Hi Jon,
I’m doing something similar on the signature using RSA and ECC, and would like to make use of your source as reference. Would u please share the source for this with me ? Thanks.
Hi Jon,
could you please mail me the source code? Thanks.
Hi Jon,
I’m doing my master’s project in comparing ECC and RSA algorithms in terms of power consumption. I’m using a software for calculating the power but I need a source code for the cryptography algorithms. Would you please share the source for this with me. I would really apperciate that. Thanks.
Hi Jon,
could you please mail me the source code?
Thanks!!!
Source now available – link on the main entry. Enjoy all.
Hi,
I need help, I try use C# bc release, I have only public key (byte[]) and private key (byte[]) and I can do not invoke RSA algorithm, because dont known How I can load my public and private keys?
thanks
Hi jon, could you do for my homework for me…..i’m kidding. I’m doing my final year project on ECC vs RSA. nice work 🙂
hi jon..
could you please mail me the source code?
Dear john,
I want to use RSA algorithm implemented with ECC.Please main me the source code.
I want to use ECC and RSA algorithm in my thesis..Please send me the source code.
No, but I’ve added your emails to porn spam for being so mind numbingly stupid.
hi,
i am doing my thesis of master on Wimax security.
and i need to compare the performance between ECC and RSA,
so could you please mail me the code,
thanks alot
As far as I can tell, the BC elliptic curve code uses affine coordinates throughout – so you have to do a field inversion as part of every point addition or doubling! It would therefore seem that you could get a gigantic improvement in performance by supporting eg Chudnovsky coordinates. Do you agree?
Hello Mr. Jon Eaves
I am doing my thesis of master on Wimax security.
and I need to compare the performance between ECC and RSA,
so could you please mail me the code, (preferably MATLAB code if exists.)
thanks a lot.
I know the post is old, but could someone enlighten me: Why would you compare ECDH with key exchange done with RSA? Shouldn’t it be compared with plain DH?
hi..
pls send full source code…………..
@Ramarajan ( and all the others )
—
Jon Eaves | October 31, 2006 10:50 AM
Source now available – link on the main entry. Enjoy all.
—-
Can’t you just read instead of asking ( you la** ba** )
I download your program but its doesn’t work with me I usage jdk1.5
anybudy help me