2010/9/3 Rob Withers <reefedjib at gmail.com>:
>
>
> --------------------------------------------------
> From: "Andreas Raab" <andreas.raab at gmx.de>
> Sent: Thursday, September 02, 2010 6:10 PM
> To: "The general-purpose Squeak developers list"
> <squeak-dev at lists.squeakfoundation.org>
> Subject: [squeak-dev] Re: [Cryptography
> Team]Re:DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot random
>
>> On 9/2/2010 2:22 PM, Rob Withers wrote:
>>>>
>>>> whereas for example MD2, MD4 (outdated) and DiffieHellman (WAY too
>>>> slow) are not.
>>>
>>> Andreas, I use DiffieHellman for key exchange in my system. It is
>>> considered slow? It is a one time use in a connection...
>>
>> If I remember correctly (it's been a few years since I did this) the
>> problem was the DH had a significant server load for each connection
>> (several seconds for each new connection) whereas RSA had a high inital cost
>> but after that was basically instant. Of course all of this was pre-cog so
>> very different performance tradeoffs but when I did the math, the bottom
>> line was that a DH reconnect of ten people could never be completed in less
>> than 30 seconds simply because each connection would require 3+ seconds
>> server time and (at that point) all of the connections were serialized. It
>> was just a no-go.
>
> Very interesting.   I have never measured it.  I take my prime and generator
> from E.  I just tried a 1024 bit DiffieHellman and it took 65 seconds!  With
> E's numbers I get 315 ms pretty consistently.   This seems to match a 192
> bit DH pretty well.  This is both send and receive messages so is the total
> time for one side.  This is pre-cog.
>
>>
>>>> RSA, on the other hand, is somewhere in the middle - it performs
>>>> reasonably well (we use it for key exchange in our products) but one
>>>> could easily argue that it's not a common enough feature to be
>>>> required in Core. Not sure on ElGamal.
>>>
>>> How do you use RSA for key exchange?
>>
>> The server generates a new key pair on startup and when the client
>> connects the server sends its public key to the client. The client uses the
>> public key to encrypt the session key for the connection and sends it back.
>> The server decrypts the session key, both ends install a streaming cipher
>> based on the session key and we're done.
>
> Ok, that makes sense.  There is a qualitative security difference between DH
> and this approach.  DH does not pass the key across the wire.  It does
> modulo arithmetic to pass derivative numbers.
>
> To speed things up, we could primitize hot spots:
>
> 17.1% {7ms} SHA1>>finalHash
> 14.6% {6ms} ThirtyTwoBitRegister>>load:
> 9.8% {4ms} LargePositiveInteger>>+
>
> from SecureRandom
>
> and in raisedTo: modulo:
>
> 65.5% {1045ms} Array(SequenceableCollection)>>second
> 32.5% {519ms} LargePositiveInteger>>>=
>
> Not sure if that would improve with a plugin.
>
> Of course, the same is true of RSA.
>
> Cheers,
> Rob
>

I recompiled http://bugs.squeak.org/view.php?id=7120, and also 7109 in
COG along with recent changes of recoprocalModulo:, I get a decent
speed up at least for in trunk DSA.

Nicolas