From: Saulo Alessandre <saulo.alessan...@tse.jus.br>

Why ECDSA on kernel:

I work on Brazilian Supreme Electoral Court [http://www.tse.jus.br], we are
using ECDSA for module and elf32 binaries verification including shared 
libraries on about 450k T-DRE voting machines [5].

This is the first part of our try to contribution, we pretend to share the
elf32 signature mechanism and elf32 kernel verification and start to work
on elf64 verification too.

We have an team of about 12 techs, between cryptologist, developers, 
testers, managers, staff and the coffee machine :). Recently we receive
authorization to share this codes.

Somes advantages from ECDSA are:
. is more secure against current methos of cracking [2];
. gives optimal security with shorter key lenghts [2];

First, comparing key size RSA vs ECDSA we have:

Table 1: Comparable key sizes table. ref [3]
|----------+-----+--------+
|Security in bits         |
|----------+-----+--------+
|Symmetric | ECC |  RSA   |
|       80 | 163 |      1.024 |
|      112 | 233 |  2.240 |
|      128 | 283 |  3.072 |
|      192 | 409 |  7.680 |
|      256 | 571 | 15.360 |
|----------+-----+--------+

So, We need a bigger key in RSA to have the same security against ECDSA.
This can be see on [1] too.

Second, comparing speed performance RSA vs ECDSA we have:

Table 2: Signature performance table. ref: [3]
|-------------+------+------+
| Key Length  | Time (s)    |   
|-----+-------+------+------+
| ECC |  RSA  | ECC      |  RSA |
|-----+-------+------+------+
| 163 | 1024  | 0.15 | 0.01 |
| 233 | 2240  | 0.34 | 0.15 |
| 283 | 3072  | 0.59 | 0.21 |
| 409 | 7680  | 1.18 | 1.53 |
| 571 | 15360 | 3.07 | 9.20 |
|-----+-------+------+------+

Table 3: Signature verification performance table. ref: [3]
|-------------+------+------+
| Key Length  | Time (s)    |   
|-----+-------+------+------+
| ECC |  RSA  | ECC      |  RSA |
|-----+-------+------+------+
| 163 | 1024  | 0.23 | 0.01 |
| 233 | 2240  | 0.51 | 0.01 |
| 283 | 3072  | 0.86 | 0.01 |
| 409 | 7680  | 1.80 | 0.01 |
| 571 | 15360 | 4.53 | 0.03 |
|-----+-------+------+------+

On tables 2 and 3, we can see that ECDSA is more fast for strong key 
signatures and very slow for verification when comparable to RSA.
Although something is not so fast to check, it pays off in safety. 

References:
[1] - https://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf
[2] - https://sectigostore.com/blog/ecdsa-vs-rsa-everything-you-need-to-know/
[3] - 
http://nicj.net/files/performance_comparison_of_elliptic_curve_and_rsa_digital_signatures.pdf
[4] - Mathematical-routines-for-the-NIST-prime-elliptic-curves.pdf [google it]
[5] - 
https://www.researchgate.net/publication/221046512_T-DRE_a_hardware_trusted_computing_base_for_direct_recording_electronic_vote_machines

---
Saulo Alessandre (4):
  ecdsa: add params to ecdsa algo
  ecdsa: prepare akcipher and x509 parser to use incoming ecdsa
  ecdsa: change ecc.c and ecc.h to support ecdsa
  ecdsa: implements ecdsa signature verification

 Documentation/admin-guide/module-signing.rst |  10 +
 crypto/Kconfig                               |  12 +
 crypto/Makefile                              |   7 +
 crypto/asymmetric_keys/pkcs7_parser.c        |   7 +-
 crypto/asymmetric_keys/pkcs7_verify.c        |   5 +-
 crypto/asymmetric_keys/public_key.c          |  30 +-
 crypto/asymmetric_keys/x509_cert_parser.c    |  37 +-
 crypto/ecc.c                                 | 338 +++++++++---
 crypto/ecc.h                                 |  59 ++-
 crypto/ecc_curve_defs.h                      |  82 +++
 crypto/ecdsa.c                               | 509 +++++++++++++++++++
 crypto/ecdsa_params.asn1                     |   1 +
 crypto/ecdsa_signature.asn1                  |   6 +
 crypto/testmgr.c                             |  17 +-
 crypto/testmgr.h                             |  78 +++
 include/crypto/ecdh.h                        |   2 +
 include/linux/oid_registry.h                 |  12 +
 lib/oid_registry.c                           | 100 ++++
 18 files changed, 1201 insertions(+), 111 deletions(-)
 create mode 100644 crypto/ecdsa.c
 create mode 100644 crypto/ecdsa_params.asn1
 create mode 100644 crypto/ecdsa_signature.asn1

-- 
2.25.1

Reply via email to