Bitcoin Forum
November 17, 2024, 06:02:38 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: ECDsa Verification Speed  (Read 3180 times)
pmlyon (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10


View Profile
June 17, 2013, 01:03:44 PM
 #1

Hi, I'm working on a c# node implementation and I have a question around the verification of ECDsa signatures. I'm using the BouncyCastle library and calling ECDsaSigner.VerifySignature is taking ~100ms on a quad-core i5-2500K cpu. This means that if I max out all 4 cores I can process about 40 signatures per second. This seems extremely slow to me but I've not used ECDsa before. Does this seem like a reasonable signature verification speed? The wiki scalability page mentions being able to do tens of thousands of signature verifications per second.

Thanks,

Paul

Author of BitSharp, a C# Bitcoin node
https://github.com/pmlyon/BitSharp/wiki
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 17, 2013, 02:08:46 PM
 #2

For such a CPU OpenSSL needs ~1ms per operation. Even less, if you use 64 bit arch.
So I would say that 100ms is not reasonable.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
June 17, 2013, 02:13:54 PM
 #3

If this was implemented in C, it would be faster. I can see how the Java implementation can be slower.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
June 17, 2013, 02:17:57 PM
 #4

You can try jasvet to see how much time it takes in Python

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 17, 2013, 02:43:43 PM
 #5

I once had similar problem in Go - it's a pretty optimal compiler, but its current implementation of the big numbers lib is far away from optimal.

So for me it was like 10ms per op, which was still to long, so I decided to use the openssl implementation.
For a moment I even had a solution with a TCP server (written in C, with openssl) that was doing the ECDSAs for my actual app. That was pretty crazy, though it worked.. Smiley
Later I figured out how to combine the openssl lib with my go app and ever since then it works as fast as I needed.

Most of the languages these days allow creation of wrappers for native libs - that's probably the best way for you to go as well.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
pmlyon (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10


View Profile
June 17, 2013, 04:21:32 PM
 #6

Thanks everyone! What I have now is functional at least; it's good to know that the performance can be improved down the line.

P.S. Does anyone have much interest in a c# implementation? I started this mostly to educate myself, but I'm making more progress than I was expecting.

Author of BitSharp, a C# Bitcoin node
https://github.com/pmlyon/BitSharp/wiki
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 17, 2013, 04:28:27 PM
 #7

P.S. Does anyone have much interest in a c# implementation? I started this mostly to educate myself, but I'm making more progress than I was expecting.
If you started, just finish it - turn it into a full node.
It will give you a great satisfaction and the community need other clients.
Bittorrent would have never became a success if people would have stuck to the original python download dialogs.

Personally I believe that the future of bitcoin is not in the official client - the official core is just too important and no sane developer will want to risk breaking it, which will surely paralyze its further development. Since it will be harder and harder to add new features there, sooner or later alternative clients will just beat it on the functionality and a speed of development.

As for your further possible concerns, since I've been there I can tell you that the biggest challenge, besides the ECDSA performance, is a proper database for UTXO.
Forget about anything SQL based. Unless you want to make a node for testnet only Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
pmlyon (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10


View Profile
June 17, 2013, 04:31:15 PM
 #8

Heh, SQL Server is what I'm currently using, but I haven't gotten around to implementing the UTXO yet. We'll see how that goes. Smiley

Author of BitSharp, a C# Bitcoin node
https://github.com/pmlyon/BitSharp/wiki
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526
Merit: 1134


View Profile
June 18, 2013, 09:24:20 AM
 #9

The fastest implementation is this one:

https://github.com/sipa/secp256k1
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 18, 2013, 10:44:41 AM
 #10

The fastest implementation is this one:

https://github.com/sipa/secp256k1
Wow, it's great.
187us versus OpenSSL's 1008us, on my test laptop.

Sipa for president! Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
pmlyon (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10


View Profile
June 18, 2013, 11:40:37 AM
 #11

Wow, that's gotta be near 1000x better performance than I'm currently getting. It sucks that my verification speed is going to hamstrung by this for now, but I've got a million others things left to implement anyway. Smiley

Author of BitSharp, a C# Bitcoin node
https://github.com/pmlyon/BitSharp/wiki
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
June 18, 2013, 11:42:43 AM
 #12

The fastest implementation is this one:

https://github.com/sipa/secp256k1
I don't suppose I can use this library for even speedier address creation?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
June 18, 2013, 11:46:54 AM
 #13

The fastest implementation is this one:

https://github.com/sipa/secp256k1
I don't suppose I can use this library for even speedier address creation?
If you mean private key -> public key (or address), I'm sure you can
If you mean creating a private key, no

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
riplin
Member
**
Offline Offline

Activity: 116
Merit: 10


View Profile
June 24, 2013, 02:37:37 AM
Last edit: June 24, 2013, 02:49:11 AM by riplin
 #14

Regarding that secp256k1 library,


I've been trying to get it to compile in Visual Studio, but there are some issues with it, namely the secp256k1_fe_mul_inner and secp256k1_fe_sqr_inner inner have a sysv_abi calling convention, that VS doesn't understand and it's using __int128 that VS doesn't support.

Maybe I can get something to work via MingW, but I'll save that for another day.

Edit: defining field 10x26 looks promising.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 24, 2013, 09:22:20 AM
 #15

Regarding that secp256k1 library,


I've been trying to get it to compile in Visual Studio, but there are some issues with it, namely the secp256k1_fe_mul_inner and secp256k1_fe_sqr_inner inner have a sysv_abi calling convention, that VS doesn't understand and it's using __int128 that VS doesn't support.

Maybe I can get something to work via MingW, but I'll save that for another day.

Edit: defining field 10x26 looks promising.
It works fine in mingw.
You just need some changes in the config script and a slightly different Makefile.
See build_windows.txt in my fork: https://github.com/piotrnar/secp256k1

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
MatthewLM
Legendary
*
Offline Offline

Activity: 1190
Merit: 1004


View Profile
June 24, 2013, 02:53:16 PM
 #16

A faster and smaller alternative to OpenSSL would be nice, but does sipa's library implement all of the OpenSSL quirks that are necessary to implement a full bitcoin node? Also has anyone thought of a GPU library for the ECDSA code?
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 24, 2013, 03:04:09 PM
Last edit: June 24, 2013, 03:22:04 PM by piotr_n
 #17

A faster and smaller alternative to OpenSSL would be nice, but does sipa's library implement all of the OpenSSL quirks that are necessary to implement a full bitcoin node?
The only thing except ECDSA are SHA256 and RIMP160 hashing funcs, but both are easy to implement without OpenSSL.

Though from what I heard, they are currently busy adding some X509 stuff, so eventually it will need OpenSSL even more. Unless Terminator will get Gavin's ass first, in which case there may be some more time to see the reference code with no OpenSSL dependency.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
riplin
Member
**
Offline Offline

Activity: 116
Merit: 10


View Profile
June 24, 2013, 05:42:21 PM
 #18

Regarding that secp256k1 library,


I've been trying to get it to compile in Visual Studio, but there are some issues with it, namely the secp256k1_fe_mul_inner and secp256k1_fe_sqr_inner inner have a sysv_abi calling convention, that VS doesn't understand and it's using __int128 that VS doesn't support.

Maybe I can get something to work via MingW, but I'll save that for another day.

Edit: defining field 10x26 looks promising.
It works fine in mingw.
You just need some changes in the config script and a slightly different Makefile.
See build_windows.txt in my fork: https://github.com/piotrnar/secp256k1

I managed to get it to compile in Visual Studio. 32bit right now because 64bit OpenSSL seems to be giving me some linker trouble (_ prefix on the BN_* functions). Haven't had the time to look at that yet.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
June 24, 2013, 05:49:19 PM
 #19

I managed to get it to compile in Visual Studio. 32bit right now because 64bit OpenSSL seems to be giving me some linker trouble (_ prefix on the BN_* functions). Haven't had the time to look at that yet.
We can only appeal to spia to make a version without openssl/gmp dependencies, which would be just perfect.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
June 28, 2013, 01:30:00 AM
 #20

Hi, I'm working on a c# node implementation and I have a question around the verification of ECDsa signatures. I'm using the BouncyCastle library and calling ECDsaSigner.VerifySignature is taking ~100ms on a quad-core i5-2500K cpu. This means that if I max out all 4 cores I can process about 40 signatures per second. This seems extremely slow to me but I've not used ECDsa before. Does this seem like a reasonable signature verification speed? The wiki scalability page mentions being able to do tens of thousands of signature verifications per second.

Thanks,

Paul
If you can find C# bindings for OpenSSL, that will greatly speed things up. There's this, although I haven't tried it. It does add the clutter of OpenSSL though (large dependency).
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!