Forum Discussion

riraccuia's avatar
riraccuia
Icon for Cirrus rankCirrus
Apr 26, 2017

Max TPS: RSA vs ECDSA

Dear Devcentral, I'm looking at some official datasheets (e.g. https://www.f5.com/pdf/products/viprion-overview-ds.pdf ) and am having a hard time understanding the reason for ECDSA max TPSs being so low compared to RSA.

 

No document is making the difference between Signature and Verify operations.

 

I would agree with those numbers if they were referring to Verify operations but in my understanding of the TLS implementation that would only happen if one enabled ECDSA-based Client Certificate Authentication.

 

When no certificate authentication is enabled on a VS, the operations should mainly be of Signature type and in that case ECDSA (P-256) should allow much more operations than RSA (2048).

 

Any idea?

 

  • I am still looking forward to understand this, does anyone have an idea ?

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    I think the article linked to refers to maximum capacity of the hardware in the most difficult situation, right?

     

  • I'm still hoping that someone is able to shed light on this matter

     

  • just to confirm you are comparing these?

    Included RSA SSL TPS: 24,000 (2K keys)
    Max RSA SSL TPS: 160,000 (2K keys)
    Included ECDSA P-256 TPS: 24,000
    Max ECDSA P-256 TPS: 80,000
    

    where you expect ECDSA P-256 Max to be much higher then RSA (2k key)?

    one thing that comes into mind is where the calculation is done, are both RSA and ECDSA done in the SSL chips, or is ECDSA done in the CPU?

    i would reach out to your sales team if someone doesn't come with a definitive answer.