Reputation: 1143
ECDSA signature verify very SLOW on ESP32 with mbedtls
We’re using mbedtls on an Espressif ESP32 module (32-bit Xtensa core, 160 MHz) to verify the signature of commands sent over Bluetooth. We use ECDSA signatures and a key pair generated with the secp256r1 curve. The signed commands are sent by a mobile app. We send the public key to the ESP32 during a registration process.
I use a SHA256 hash of the data, giving a hash size of 32 bytes. The signature is 70-73 bytes (DER format I think).
After setting up a context and loading the public key (which is all reasonably fast), I am calling mbedtls_ecdsa_read_signature to verify the signature (against the calculated hash and public key).
The mbedtls_ecdsa_read_signature call takes about 900 mS to 1 second to complete. This is problematic because it makes the device slow to respond to the commands. When choosing this signature verification system, I had indications from a different product team that the signature verify took about 200 mS on an STM32 running at a considerably lower clock speed.
I've compared debug and release builds but that didn't seem to make much difference.
Is this execution time normal / expected? Anything I can do to speed it up?
Here is the gist of my code (simplified, error checking removed):
mbedtls_ecdsa_context ecdsa_context;
mbedtls_ecdsa_init(&ecdsa_context);
mbedtls_ecp_keypair public_key;
mbedtls_ecp_keypair_init(&public_key);
mbedtls_ecp_group_init(&public_key->grp);
mbedtls_ecp_group_load(&public_key->grp, MBEDTLS_ECP_DP_SECP256R1);
mbedtls_ecp_point_init(&public_key->Q);
result = mbedtls_ecp_point_read_binary(
&public_key->grp,
&public_key->Q,
public_key_data, // points to 65 bytes of public key data in uncompressed format
public_key_data_size
);
int result;
result = mbedtls_ecdsa_read_signature(
&ecdsa_context,
message_hash,
message_hash_size,
signature,
signature_size
);
// Check result...
// Free context etc...
-- EDIT --
I figured out that the build system was confused, so I wasn't actually doing a release build. The actual release build dropped the signature verify time to 620 mS, so that's better but still a bit slow.
I also tried increasing the CPU clock speed from 160 MHZ to 240 MHZ. That is a 50% increase, but it only reduced the time by ~20%, so I think it's limited by other factors... maybe flash speed?
Upvotes: 1
Views: 1419
Answers (1)
Reputation: 1143
For anyone else looking for a faster option for ECDH and ECDSA operations on an ESP32, we found that "micro-ecc" was MUCH faster than mbedtls. It was fast enough to make our command signing usable.
See: https://github.com/kmackay/micro-ecc
Upvotes: 2
Related Questions
- ESP32: BLE transmission speed is very slow
- ECDSA signature generated with mbedtls not verifiable in JOSE (while code worked with RSA key)
- ECDSA signature verification mismatch
- Why ECDSA sign with P-256(NIST Curve P-256/ SHA-256) curve is very much faster than other eliptical curves?
- Verify Signature with a base64 public key NID_secp384r1 with openSSL
- ECDSA signature size too long?
- Why is mbedtls_ecdsa_from_keypair returning an error?
- ECDSA_do_verify fails to verify for some hash only
- BouncyCastle ECDSA signing takes several milliseconds
- OpenSSL cannot verify ECDSA signature C++, C# verifies correctly