How slow is Public-key cryptography?
TLS and SSH, two well-known practical implementations of public-key cryptography, use a hybrid system - they use a symmetric key for data encapsulation and an asymmetric key for the key encapsulation.
JWT, a well-known claims presentation format, uses a cryptographic hash on the payload and signs the generated hash with a private key.
All this got me curious: How slow is asymmetric key cryptography compared to symmetric key cryptography or cryptographic hashing?
OpenSSL comes with performance testing functionality built in. So, I ran the benchmark on three algorithms - rsa2048, aes-256-gcm and sha256- to determine how their performance differs. Here are the results.
❯ openssl speed sha256 rsa2048 aes-256-gcm
Doing sha256 for 3s on 16 size blocks: 16986930 sha256's in 2.99s
Doing sha256 for 3s on 64 size blocks: 13293120 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 10630596 sha256's in 3.00s
Doing sha256 for 3s on 1024 size blocks: 5056862 sha256's in 2.99s
Doing sha256 for 3s on 8192 size blocks: 858300 sha256's in 3.00s
Doing aes-256 gcm for 3s on 16 size blocks: 11883130 aes-256 gcm's in 2.99s
Doing aes-256 gcm for 3s on 64 size blocks: 5161771 aes-256 gcm's in 2.99s
Doing aes-256 gcm for 3s on 256 size blocks: 1542553 aes-256 gcm's in 2.99s
Doing aes-256 gcm for 3s on 1024 size blocks: 405505 aes-256 gcm's in 2.99s
Doing aes-256 gcm for 3s on 8192 size blocks: 51914 aes-256 gcm's in 2.99s
Doing 2048 bit private rsa's for 10s: 5771 2048 bit private RSA's in 9.96s
Doing 2048 bit public rsa's for 10s: 128433 2048 bit public RSA's in 9.96s
LibreSSL 2.8.3
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha256 90814.37k 284014.19k 908076.48k 1730359.36k 2346912.05k
aes-256 gcm 63622.28k 110315.84k 131922.74k 138819.58k 142053.07k
sign verify sign/s verify/s
rsa 2048 bits 0.001725s 0.000078s 579.7 12893.2Since rsa2048 operates only on blocks of 256 bytes, let’s compare the throughput of aes-256-gcm and sha256 algorithms on 256-byte blocks only.
| algorithm | ceil(ops/s) |
|---|---|
| sha256 | 3543532 |
| aes-256 gcm | 514184 |
| rsa2048 -verify | 12893 |
| rsa2048 -sign | 579 |
So there we have it; Hashing(sha256) is roughly an order of magnitude faster than a symmetric key algorithm(aes-256 gcm). An asymmetric key algorithm(rsa2048) is about 2-3 orders of magnitude slower to verify and 4-5 orders of magnitude slower to sign when compared to a symmetric key algorithm.