Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[new release] mirage-crypto (8 packages) (0.11.3) #25349

Merged
merged 1 commit into from
Feb 27, 2024
Merged

[new release] mirage-crypto (8 packages) (0.11.3) #25349

merged 1 commit into from
Feb 27, 2024

Conversation

hannesm
Copy link
Member

@hannesm hannesm commented Feb 26, 2024

Simple symmetric cryptography for the modern age

CHANGES:

Performance differences between v0.11.2 and v0.11.3 and OpenSSL

The overall result is promising: P-256 sign operation improved 9.4 times, but
is still a 4.9 times slower than OpenSSL.

Numbers in operations per second (apart from speedup, which is a factor
v0.11.3 / v0.11.2), gathered on a Intel i7-5600U CPU 2.60GHz using FreeBSD 14.0,
OCaml 4.14.1, and OpenSSL 3.0.12.

P224

op v0.11.2 v0.11.3 speedup OpenSSL
gen 1160 20609 17.8
sign 931 8169 8.8 21319
verify 328 1606 4.9 10719
dh-sec 1011 12595 12.5
dh-kex 992 2021 2.0 16691

P256

op v0.11.2 v0.11.3 speedup OpenSSL
gen 990 19365 19.6
sign 792 7436 9.4 36182
verify 303 1488 4.9 13383
dh-sec 875 11508 13.2
dh-kex 895 1861 2.1 17742

P384

op v0.11.2 v0.11.3 speedup OpenSSL
gen 474 6703 14.1
sign 349 3061 8.8 900
verify 147 544 3.7 1062
dh-sec 378 4405 11.7
dh-kex 433 673 1.6 973

P521

op v0.11.2 v0.11.3 speedup OpenSSL
gen 185 1996 10.8
sign 137 438 3.2 2737
verify 66 211 3.2 1354
dh-sec 180 1535 8.5
dh-kex 201 268 1.3 2207

25519

op v0.11.2 v0.11.3 speedup OpenSSL
gen 23271 22345 1.0
sign 11228 10985 1.0 21794
verify 8149 8029 1.0 7729
dh-sec 14075 13968 1.0
dh-kex 13487 14079 1.0 24824

@hannesm
[new release] mirage-crypto (8 packages) (0.11.3)
7d3dab1 
CHANGES:

* mirage-crypto, mirage-crypto-rng{,lwt,mirage}: support CL.EXE compiler
  (mirage/mirage-crypto#137 @jonahbeckford) - mirage-crypto-pk not yet due to gmp dependency,
  mirage-crypto-ec doesn't pass testsuite
* mirage-crypto-ec: use simpler square root for ed25519 - saving 3
  multiplications and 2 squarings, details
  https://mailarchive.ietf.org/arch/msg/cfrg/qlKpMBqxXZYmDpXXIx6LO3Oznv4/
  (mirage/mirage-crypto#196 @hannesm)
* mirage-crypto-ec: use sliding window method with pre-computed calues of
  multiples of the generator point for NIST curves, speedup around 4x for P-256
  sign (mirage/mirage-crypto#191 @Firobe, review @palainp @hannesm)
* mirage-crypto-ec: documentation: warn about power timing analysis on `k` in
  Dsa.sign (mirage/mirage-crypto#195 @hannesm, as proposed by @edwintorok)
* mirage-crypto-ec: replace internal Cstruct.t by string (speedup up to 2.5x)
  (mirage/mirage-crypto#146 @dinosaure @hannesm @reynir, review @Firobe @palainp @hannesm @reynir)
* bench/speed: add EC (ECDSA & EdDSA generate/sign/verify, ECDH secret/share)
  operations (mirage/mirage-crypto#192 @hannesm)
* mirage-crypto-rng: use rdtime instead of rdcycle on RISC-V (rdcycle is
  privileged since Linux kernel 6.6) (mirage/mirage-crypto#194 @AdrianBunk, review by @edwintorok)
* mirage-crypto-rng: support Loongarch (mirage/mirage-crypto#190 @fangyaling, review @loongson-zn)
* mirage-crypto-rng: support NetBSD (mirage/mirage-crypto#189 @drchrispinnock)
* mirage-crypto-rng: allocate less in Fortuna when feeding (mirage/mirage-crypto#188 @hannesm,
  reported by @palainp)
* mirage-crypto-ec: avoid mirage-crypto-pk and asn1-combinators test dependency
  (instead, craft our own asn.1 decoder -- mirage/mirage-crypto#200 @hannesm)

### Performance differences between v0.11.2 and v0.11.3 and OpenSSL

The overall result is promising: P-256 sign operation improved 9.4 times, but
is still a 4.9 times slower than OpenSSL.

Numbers in operations per second (apart from speedup, which is a factor
v0.11.3 / v0.11.2), gathered on a Intel i7-5600U CPU 2.60GHz using FreeBSD 14.0,
OCaml 4.14.1, and OpenSSL 3.0.12.

#### P224

| op     | v0.11.2 | v0.11.3 | speedup | OpenSSL |
|--------|---------|---------|---------|---------|
| gen    | 1160    | 20609   |    17.8 |         |
| sign   | 931     | 8169    |     8.8 | 21319   |
| verify | 328     | 1606    |     4.9 | 10719   |
| dh-sec | 1011    | 12595   |    12.5 |         |
| dh-kex | 992     | 2021    |     2.0 | 16691   |

#### P256

| op     | v0.11.2 | v0.11.3 | speedup | OpenSSL |
|--------|---------|---------|---------|---------|
| gen    | 990     | 19365   |    19.6 |         |
| sign   | 792     | 7436    |     9.4 | 36182   |
| verify | 303     | 1488    |     4.9 | 13383   |
| dh-sec | 875     | 11508   |    13.2 |         |
| dh-kex | 895     | 1861    |     2.1 | 17742   |

#### P384

| op     | v0.11.2 | v0.11.3 | speedup | OpenSSL |
|--------|---------|---------|---------|---------|
| gen    | 474     | 6703    |    14.1 |         |
| sign   | 349     | 3061    |     8.8 | 900     |
| verify | 147     | 544     |     3.7 | 1062    |
| dh-sec | 378     | 4405    |    11.7 |         |
| dh-kex | 433     | 673     |     1.6 | 973     |

#### P521

| op     | v0.11.2 | v0.11.3 | speedup | OpenSSL |
|--------|---------|---------|---------|---------|
| gen    | 185     | 1996    |    10.8 |         |
| sign   | 137     | 438     |     3.2 | 2737    |
| verify | 66      | 211     |     3.2 | 1354    |
| dh-sec | 180     | 1535    |     8.5 |         |
| dh-kex | 201     | 268     |     1.3 | 2207    |

#### 25519

| op     | v0.11.2 | v0.11.3 | speedup | OpenSSL |
|--------|---------|---------|---------|---------|
| gen    | 23271   | 22345   |     1.0 |         |
| sign   | 11228   | 10985   |     1.0 | 21794   |
| verify | 8149    | 8029    |     1.0 | 7729    |
| dh-sec | 14075   | 13968   |     1.0 |         |
| dh-kex | 13487   | 14079   |     1.0 | 24824   |
@hannesm
Copy link
Member Author

hannesm commented Feb 27, 2024
edited
Loading

CI failures are unrelated - good to merge.

noteworthy failures:

erssical (related to #25161 (renaming lru-cache to lru_cache)?)

#=== ERROR while fetching sources for lru-cache.0.3.0 =========================#
OpamSolution.Fetch_fail("https://framagit.org/zoggy/ocaml-lru-cache/-/archive/0.3.0/ocaml-lru-cache-0.3.0.tar.gz (Bad checksum, expected md5=33da0c73f5cb1d671d2e6158c5d0edd1)")

links-mysql:

# mysql8_stubs.c:221:3: error: unknown type name 'bool'
#   221 |   bool option_bool;
#       |   ^~~~

cca:

#=== ERROR while installing cca.0.7 ===========================================#
Some files in /home/opam/.opam/4.14/.opam-switch/install/cca.install couldn't be installed:
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/fortran/Mfortran.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/fortran/Mfortran_p.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/java/Mjava.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/java/Mjava_p.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/python/Mpython.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/python/Mpython_p.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/verilog/Mverilog.cmxs to /home/opam/.opam/4.14/lib/cca
  - /home/opam/.opam/4.14/.opam-switch/build/cca.0.7/src/ast/analyzing/langs/verilog/Mverilog_p.cmxs to /home/opam/.opam/4.14/lib/cca

ppx_rapper_lwt

- File "test/ppx/test.expected.ml", line 1, characters 0-0:
- /usr/bin/git --no-pager diff --no-index --color=always -u _build/default/test/ppx/test.expected.ml _build/default/test/ppx/test.actual.ml
- diff --git a/_build/default/test/ppx/test.expected.ml b/_build/default/test/ppx/test.actual.ml
- index b4f5634..42d05ce 100644
- --- a/_build/default/test/ppx/test.expected.ml
- +++ b/_build/default/test/ppx/test.actual.ml
- @@ -220,7 +220,8 @@ let list =
-                       [@ocaml.warning "-33"]) item pack) Dynparam.empty elems in
-            let query =
-              (let open Caqti_request in find_opt) ~oneshot:true
- -              (let open Caqti_type in tup2 bool packed_list_type)
- +              ((let open Caqti_type in tup2 bool packed_list_type)
- +              [@ocaml.warning "-33"])
-                ((let open Caqti_type in
-                    tup2 int (tup2 string (tup2 bool (option string))))
-                [@ocaml.warning "-33"]) sql in
- @@ -257,8 +258,8 @@ let collect_list =
-                       [@ocaml.warning "-33"]) item pack) Dynparam.empty elems in
-            let query =
-              (let open Caqti_request in collect) ~oneshot:true
- -              packed_list_type ((let open Caqti_type in string)
- -              [@ocaml.warning "-33"]) sql in
- +              ((packed_list_type)[@ocaml.warning "-33"])
- +              ((let open Caqti_type in string)[@ocaml.warning "-33"]) sql in
-            Db.collect_list query versions in
-    wrapped
-  module Suit : Ppx_rapper_runtime.CUSTOM =
[ERROR] The compilation of ppx_rapper_lwt.3.0.0 failed at "dune build -p ppx_rapper_lwt -j 39 @install @runtest".

@mseri
Copy link
Member

mseri commented Feb 27, 2024

Thanks!

@mseri mseri merged commit b3dc9f1 into ocaml:master Feb 27, 2024
1 of 2 checks passed
@hannesm hannesm deleted the release-mirage-crypto-v0.11.3 branch February 27, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hannesm @mseri