-
Enhancement
-
Resolution: Unresolved
-
P4
-
None
-
None
-
None
We should look at the existing crypto microbenchmarks to ensure that the set of algorithms included is current. For example, we should make sure that every algorithm and key size allowed by TLS 1.3 is enabled by default in a full benchmark. We may also want to stop benchmarking older algorithms that are not commonly used anymore.
The most important algorithms and key sizes to benchmark are (note that we may not have implementations for all of these):
Cipher: AES_GCM_(128|256), ChaCha20_Poly1305
Signature: RSA(2048|4096), RSA_PSS_(2048|4096), ECDSA_(256|384), EdDSA_(255|448)
KeyAgreement: ECDH_(256|384), XDH_(255|448), DH_(2048|4096)
KeyPairGenerator: EC_(256|384), DH_(2048|4096)
Some additional algorithms that are less important to benchmark are:
Cipher: AES_CCM_128
KeyPairGenerator: RSA(2048|4096), EC_521, DH_8192
KeyAgreement: ECDH_521, DH_8192
Signature: ECDSA_521
Other: HKDF (HMAC)
The most important algorithms and key sizes to benchmark are (note that we may not have implementations for all of these):
Cipher: AES_GCM_(128|256), ChaCha20_Poly1305
Signature: RSA(2048|4096), RSA_PSS_(2048|4096), ECDSA_(256|384), EdDSA_(255|448)
KeyAgreement: ECDH_(256|384), XDH_(255|448), DH_(2048|4096)
KeyPairGenerator: EC_(256|384), DH_(2048|4096)
Some additional algorithms that are less important to benchmark are:
Cipher: AES_CCM_128
KeyPairGenerator: RSA(2048|4096), EC_521, DH_8192
KeyAgreement: ECDH_521, DH_8192
Signature: ECDSA_521
Other: HKDF (HMAC)