Signature verify seems SLOW with ECDSA and mbedtls

jcolebaker
Posts: 14
Joined: Thu Mar 18, 2021 12:23 am

Signature verify seems SLOW with ECDSA and mbedtls

Postby jcolebaker » Wed Jan 19, 2022 1:42 am

Hi,

We're using ECDSA signing with public keys to verify data received over BLE.

I use a SHA256 hash of the data, giving a hash size of 32 bytes. The signature is 70-73 bytes.

After setting up a context and loading the public key (which is all reasonably fast), I am calling "mbedtls_ecdsa_read_signature" to verify the signature (against the calculated hash and public key).

The mbedtls_ecdsa_read_signature call takes about 900 mS to complete. This is problematic because it makes the device slow to respond to commands (the data being verified).

ESP32 at 160 MHz. I got a moderate speed increase (~20%) when I configured the ESP32 for 240 MHz.

Is taking ~900ms to run mbedtls_ecdsa_read_signature normal / expected?

Any way I can speed it up?

ESP_Mahavir
Posts: 101
Joined: Wed Jan 24, 2018 6:51 am

Re: Signature verify seems SLOW with ECDSA and mbedtls

Postby ESP_Mahavir » Fri Feb 11, 2022 1:20 pm

Hello,
The mbedtls_ecdsa_read_signature call takes about 900 mS to complete. This is problematic because it makes the device slow to respond to commands (the data being verified).
This number looks to be on higher side. On similar test code, I got roughly ~390ms in default configuration. If we disable `CONFIG_MBEDTLS_HARDWARE_MPI`, then it can help improve this number to roughly ~240ms. You may find reasoning for this as discussed in https://github.com/espressif/esp-idf/issues/1177.

Additionally, you may also try to enable compiler optimisation level to performance (-O2), I was able to get ~28% improvement with this. Other performance tuning knobs are documented at https://docs.espressif.com/projects/esp ... rall-speed

I am attaching my test code here, you will to invoke `test_ecdsa()` from your application.
test_ecdsa.c
(7.93 KiB) Downloaded 41 times

Please feel free to share your feedback or any additional questions on this.

Thanks.
Mahavir

jcolebaker
Posts: 14
Joined: Thu Mar 18, 2021 12:23 am

Re: Signature verify seems SLOW with ECDSA and mbedtls

Postby jcolebaker » Wed Mar 09, 2022 7:44 pm

I didn't see any significant change in performance by changing optimization levels. I didn't try changing MPI acceleration settings. However, I was able to get a huge increase in performance by using the "micro-ecc" library instead of mbedtls:

https://github.com/kmackay/micro-ecc

This library is around 5 x faster than mbedtls for ECDSA signature verification! This made it fast enough for our usage.

Who is online

Users browsing this forum: stoumk and 42 guests