Forum Discussion

riraccuia's avatar
riraccuia
Icon for Cirrus rankCirrus
Apr 26, 2017

Max TPS: RSA vs ECDSA

Dear Devcentral, I'm looking at some official datasheets (e.g. https://www.f5.com/pdf/products/viprion-overview-ds.pdf ) and am having a hard time understanding the reason for ECDSA max TPSs being so low compared to RSA.

 

No document is making the difference between Signature and Verify operations.

 

I would agree with those numbers if they were referring to Verify operations but in my understanding of the TLS implementation that would only happen if one enabled ECDSA-based Client Certificate Authentication.

 

When no certificate authentication is enabled on a VS, the operations should mainly be of Signature type and in that case ECDSA (P-256) should allow much more operations than RSA (2048).

 

Any idea?

 

BIG-IP
devops
ecdsa
LTM
security
ssl-tls
tps
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 07, 2018

    just to confirm you are comparing these?

    Included RSA SSL TPS: 24,000 (2K keys)
Max RSA SSL TPS: 160,000 (2K keys)
Included ECDSA P-256 TPS: 24,000
Max ECDSA P-256 TPS: 80,000

    where you expect ECDSA P-256 Max to be much higher then RSA (2k key)?

    one thing that comes into mind is where the calculation is done, are both RSA and ECDSA done in the SSL chips, or is ECDSA done in the CPU?

    i would reach out to your sales team if someone doesn't come with a definitive answer.

  • riraccuia's avatar
    riraccuia
    Icon for Cirrus rankCirrus
    Jun 01, 2017

    I'm still hoping that someone is able to shed light on this matter

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    May 16, 2017

    I think the article linked to refers to maximum capacity of the hardware in the most difficult situation, right?

     

  • riraccuia's avatar
    riraccuia
    Icon for Cirrus rankCirrus
    May 15, 2017

    I am still looking forward to understand this, does anyone have an idea ?