I recently updated an embedded HTTPs web service using mbedtls from 2.22.0 to 3.2.1, and noticed the performance is about 30% better/faster. This is good for sure, but I am curious, what are the changes contributing to this improvement?
Thanks!
Hi,
and thanks for the positive feedback, it's really nice to hear!
I can't say for sure, but if you are using ECC-based ciphersuites (which is pretty common these days), then this could be explained by an improved implementation of pre-computation for some ECC computations.
Specifically, if you use the default configuration (or otherwise have `MBEDTLS_ECP_FIXED_POINT_OPTIM` enabled in your compile-time config), then both in 2.x and 3.x this will cause some ECC operations (ECDSA signature generation, and key generation aka the first half of an ephemeral ECDH) to use pre-computed multiples of the conventional base point for faster computation. In 2.x these multiples were computed the first time an operation was made, then cached and re-used in later operations on the same curve. Unfortunately, there was a design flaw in this caching mechanism that caused the information to be lost before it could be re-used in several common workflows, including TLS.
In Mbed TLS 3.0 this was changed to store the pre-computed multiples as part of the program (in flash/ROM), ensuring that they would always be available. This also reduces RAM usage, the only drawback being increased program size. Looking again at the numbers in the PR description [1], they would seem to match yours: TLS handshakes being about 30% faster. So, if you're using ECC-based ciphersuites like ECDHE-ECDSA, then this PR likely explains the improvement you're seeing.
[1] https://github.com/Mbed-TLS/mbedtls/pull/4315
Thanks, Manuel. ________________________________ From: Work Only via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 04 April 2024 23:34 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Why is mbedtls 3.x faster than 2.x?
I recently updated an embedded HTTPs web service using mbedtls from 2.22.0 to 3.2.1, and noticed the performance is about 30% better/faster. This is good for sure, but I am curious, what are the changes contributing to this improvement?
Thanks!
Thanks for the reply. I am using RSA key exchange. I noticed that the improvement mainly came from calling mbedtls_ssl_handshake() to handle TLS handshake, and this function ssl_write_server_key_exchange() takes less time to finish in 3.2.1 than 2.22.0.
On Fri, Apr 5, 2024 at 5:12 AM Manuel Pegourie-Gonnard < Manuel.Pegourie-Gonnard@arm.com> wrote:
Hi,
and thanks for the positive feedback, it's really nice to hear!
I can't say for sure, but if you are using ECC-based ciphersuites (which is pretty common these days), then this could be explained by an improved implementation of pre-computation for some ECC computations.
Specifically, if you use the default configuration (or otherwise have `MBEDTLS_ECP_FIXED_POINT_OPTIM` enabled in your compile-time config), then both in 2.x and 3.x this will cause some ECC operations (ECDSA signature generation, and key generation aka the first half of an ephemeral ECDH) to use pre-computed multiples of the conventional base point for faster computation. In 2.x these multiples were computed the first time an operation was made, then cached and re-used in later operations on the same curve. Unfortunately, there was a design flaw in this caching mechanism that caused the information to be lost before it could be re-used in several common workflows, including TLS.
In Mbed TLS 3.0 this was changed to store the pre-computed multiples as part of the program (in flash/ROM), ensuring that they would always be available. This also reduces RAM usage, the only drawback being increased program size. Looking again at the numbers in the PR description [1], they would seem to match yours: TLS handshakes being about 30% faster. So, if you're using ECC-based ciphersuites like ECDHE-ECDSA, then this PR likely explains the improvement you're seeing.
[1] https://github.com/Mbed-TLS/mbedtls/pull/4315
Thanks, Manuel.
*From:* Work Only via mbed-tls mbed-tls@lists.trustedfirmware.org *Sent:* 04 April 2024 23:34 *To:* mbed-tls@lists.trustedfirmware.org < mbed-tls@lists.trustedfirmware.org> *Subject:* [mbed-tls] Why is mbedtls 3.x faster than 2.x?
I recently updated an embedded HTTPs web service using mbedtls from 2.22.0 to 3.2.1, and noticed the performance is about 30% better/faster. This is good for sure, but I am curious, what are the changes contributing to this improvement?
Thanks!
mbed-tls@lists.trustedfirmware.org
-
Manuel Pegourie-Gonnard -
Work Only