3

I'm a beginner and working on cryptography performance metrics.

  • My question is that what are the important metrics to check the performance of Cryptography Algorithms.
AleksanderCH
  • 6,435
  • 10
  • 29
  • 62
Anum
  • 31
  • 2
  • 2
    Money, money, money... – kelalaka Feb 28 '19 at 12:22
  • @kelalaka It appears not. I tried appealing to the pocket with Finding flaw in cryptographic protocol and got spanked. – Paul Uszak Feb 28 '19 at 13:48
  • @PaulUszak That was for an action that would be considered negative / going to the dark side by most of the cryptographic community. Money is nice to have, but fortunately a lot of people (apparently including many cryptographers) put morale still above money. Of course if you find selling vulnerabilities to the authority of your choice morale right or wrong depends on your point of view (which is why I didn't up- or downvote it). – Maarten Bodewes Feb 28 '19 at 13:54

2 Answers2

6

Criteria for evaluation of Cryptography Algorithms:

  • Having public specification (the only secret is the key).
  • Patent status.
  • What it aims at: block cipher (DES, AES..), cipher, message digest, MAC, proof of origin, signature, key establishment, TRNG, PRNG.
  • Requirements for and limitations of the algorithm itself.
    • Randomness requirements;
    • Requirements to validate the input parameters (e.g. public key for ECDH).
  • Being symmetric (block ciphers, SHA) or asymmetric (RSA, ECDSA, ECDH).
  • Security under some threat model:
    • Resistance to key recovery (bounded at least by key size);
    • Block size (for block ciphers);
    • Resistance to pure cryptanalytic attacks;
    • Resistance to side-channel leakage (with many subdivisions);
    • Resistance to fault injection.
  • Complexity and familiarity / learning curve to use the algorithm.
  • Parameter sizes:
    • Output size (overhead / expansion ratio);
    • Encoded (public) key size;
    • Accepted input sizes;
  • Speed (often very platform-dependent):
    • Cycles/byte averages for large messages or multiple uses with the same key;
    • Time to setup a new key;
    • Time versus size.
  • Memory footprint:
    • Code;
    • RAM per running instance.
  • Availability of a version with suitable characteristics as above on a given platform.
  • Acceptance by security authorities.

Note: fell free to restructure / add to the list, this is a community wiki.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
fgrieu
  • 140,762
  • 12
  • 307
  • 587
  • @Maarten Bodewes: no, the duplicate line was a glitch, but dual laser attack conceivably is a concern with cross-checking dual CPUs like in this and this [order determined by coin toss]; search CPU in these public TOEs. Community wiki are here to stop the drain of my productivity, please edit, you usually have good karma! Note: did not get the next comment. – fgrieu Feb 28 '19 at 14:10
  • Ah, no, you were commenting on my previous comment, which I removed because it would otherwise put a drain on your resources :) I'll think about additions a bit more and won't contact you; you can then review the contents now and then if you like; I'll keep an eye out too. – Maarten Bodewes Feb 28 '19 at 14:17
  • 2
    There's a lot of useful information here, but I notice that the question asked about what are the important metrics to check the performance of Cryptography Algorithms, and some of these points appear to be wholly unrelated to performance (e.g. patent status, public specification, etc). Anyone care to enlighten me as to how these other points are relevant to what the OP asked about? – Ella Rose Feb 28 '19 at 16:12
5

The SUPERCOP page lists the following criteria:

Hashing

  • Time to hash a very short packet of data.

  • Time to hash a typical-size Internet packet.

  • Time to hash a long message.

  • Length of the hash output.

Symmetric encryption

  • Time to encrypt a very short packet of data using a secret key and a nonce.

  • Time to encrypt a typical-size Internet packet.

  • Time to encrypt a long message.

  • Length of the secret key.

  • Length of the nonce.

  • Time for authenticated encryption of a short packet of data.

  • Time for authenticated encryption of a typical-size Internet packet.

  • Time for authenticated encryption of a long message.

Asymmetric algorithms

  • Time to generate a key pair (a private key and a corresponding public key).

  • Length of the private key.

  • Length of the public key.

  • Time to generate a shared secret from a private key and another user's public key.

  • Length of the shared secret.

  • Time to encrypt a message using a public key.

  • Length of the encrypted message.

  • Time to decrypt a message using a private key.

  • Time to sign a message using a private key.

  • Length of the signed message.

  • Time to verify a signed message using a public key.

MACs

Curiously, MACs do not appear to be measured with SUPERCOP. AEAD schemes may include them, but there is not standalone category for measuring MACs. Some relevant metrics might be:

  • Key size
  • Time to evaluate on small messages
  • Time to evaluate on large messages

Other metrics

Another standard metric (as mentioned in another answer) is cycles per byte. This is a measurement of how many CPU cycles it took to perform the operation per each byte of input.

I suspect that power consumption may also be a relevant metric, considering the prevalence of mobile/IoT devices.

Throughput is a common metric, which is the amount of data per unit of time (e.g. second) that a system can process.

As mentioned in the other answer (again), many of these metrics will be platform dependent.

Note

The above includes metrics used for asymmetric algorithms and hashing, but the question mentions interest in DES, AES, etc and so may only be interested in symmetric encryption algorithms or all of the above - it is not clear.

Community
  • 1
Ella Rose
  • 19,603
  • 6
  • 53
  • 101