Predicting TLS performance from key exchange performance

Standalone cryptographic performance, in operations per second


Most benchmarking of cryptographic systems focuses on the performance of individual algorithms in a standalone setting. However, real-world applications such as the Transport Layer Security (TLS) protocol use a variety of cryptographic algorithms together. Benchmarking the performance of a web server using TLS is a more complex task, so fewer works include performance characteristics of full systems. In this work, we develop a model for the number of connections per second of a TLS-protected web server based on the runtime of individual cryptographic operations. Our model allows us to predict how performance scales with file size. Our model also allows us to predict the impact of improved key exchange algorithms: for example, on an HTTPS server with 1 KiB files running ECDSA-nistp256 with AES-128-GCM and HMAC-SHA-256, a 2x improvement in ephemeral Diffie—Hellman key exchange performance only leads to a 10% improvement in connections per second, as signatures become the dominant cost.

Keywords: Transport Layer Security (TLS) protocol, key exchange, performance


Farhad Moghimifar, Douglas Stebila. Predicting TLS performance from key exchange performance. In Xun Yi, Giovanni Russello, editors, Proc. 14th Australasian Information Security Conference (AISC) 2016. ACM, February 2016. © The authors, licensed to ACM.




This research was supported by:
  • Australian Research Council (ARC) Discovery Project grant DP130104304