「ECDSA」の版間の差分

提供: セキュリティ
移動: 案内検索
(ページの作成:「ECDSA (Elliptic Curve Digial Signature Algorithm, Elliptic Curve DSA, 楕円曲線DSA)とは、デジタル署名アルゴリズムの1つです。[[Digital S...」)
 
行11: 行11:
 
[[ECDSA]]では、楕円曲線上(だえんきょくせんじょう)の離散対数問題(りさんたいすうもんだい)の困難性を利用した[[デジタル署名]]の方式です。
 
[[ECDSA]]では、楕円曲線上(だえんきょくせんじょう)の離散対数問題(りさんたいすうもんだい)の困難性を利用した[[デジタル署名]]の方式です。
  
 +
== RSAとECDSAの鍵長 ==
 
[[RSA署名]], [[Digital Signature Algorithm|DSA]]と比較し、[[鍵長]]が短く、少ない計算量で同等の安全性を確保できるため、[[鍵長]]が長くなるほど、[[RSA署名]]や[[Digital Signature Algorithm|DSA]]よりも処理性能が高くなります。
 
[[RSA署名]], [[Digital Signature Algorithm|DSA]]と比較し、[[鍵長]]が短く、少ない計算量で同等の安全性を確保できるため、[[鍵長]]が長くなるほど、[[RSA署名]]や[[Digital Signature Algorithm|DSA]]よりも処理性能が高くなります。
  
行30: 行31:
 
| 448bit
 
| 448bit
 
|}
 
|}
== 使い方 ==
+
== RSAとECDSAの署名と検証のスピードは? ==
 +
ここでは、まず、一般論です。
  
 +
[[RSA]] の署名と検証の時間は
 +
署名 > 検証
 +
です。
 +
 +
[[ECDSA]] の署名と検証の時間は
 +
署名 < 検証
 +
です。
 +
== 署名と検証のスピードを実際に比較する ==
 +
ここでのスピードは、[[OpenSSL]] コマンドの openssl speed で調べた結果です。
 +
調査に使った [[CPU]] は、
 +
Intel(R) Xeon(R) CPU E5-2690 v4 @ 2.60GHz
 +
(family: 0x6, model: 0x4f, stepping: 0x1)
 +
です。
 +
 +
RSAとECDSAの署名と検証のスピードの具体的な根拠を示します。
 +
 +
[[RSA]] の 2048 ビットは、 [[ECDSA]] の 224-255 に相当します。
 +
[[署名]](sign)と'''検証'''を比較してみましょう。
 +
 +
[[RSA]] は、明らかに、署名に時間がかかっています。
 +
ECDSA 224 だと署名と検証は、大差ないように見えます。
 +
ECDSA 256 では、'''検証'''が[[署名]]の2倍の時間がかかっています。
 +
 +
{|class="wikitable"
 +
|+ RSAとECDSAの署名と検証にかかる時間
 +
! アルゴリズム
 +
! 署名 時間(秒)
 +
! 検証 時間(秒)
 +
|-
 +
| RSA 2048
 +
| 0.000811 s
 +
| 0.000024s
 +
|-
 +
| ECDSA 224
 +
| 0.000075 s
 +
| 0.000074 s
 +
|-
 +
| ECDSA 256
 +
| 0.000047 s
 +
| 0.000103 s
 +
|}
 +
 +
{|class="wikitable"
 +
|+ RSAとECDSAの署名と検証にかかる時間
 +
! アルゴリズム
 +
! 署名 時間(マイクロ秒)
 +
! 検証 時間(マイクロ秒)
 +
|-
 +
| RSA 2048
 +
| 811
 +
| 24
 +
|-
 +
| ECDSA 224
 +
| 76
 +
| 74
 +
|-
 +
| ECDSA 256
 +
| 47
 +
| 103
 +
|}
 +
 +
 +
== 署名と検証のスピード ==
 +
<syntaxhighlight lang="bash">
 +
$ openssl speed ecdsa
 +
Doing 160 bit sign ecdsa's for 10s: 150397 160 bit ECDSA signs in 10.00s
 +
Doing 160 bit verify ecdsa's for 10s: 40354 160 bit ECDSA verify in 10.00s
 +
Doing 192 bit sign ecdsa's for 10s: 128142 192 bit ECDSA signs in 10.00s
 +
Doing 192 bit verify ecdsa's for 10s: 33445 192 bit ECDSA verify in 10.00s
 +
Doing 224 bit sign ecdsa's for 10s: 135191 224 bit ECDSA signs in 10.00s
 +
Doing 224 bit verify ecdsa's for 10s: 65532 224 bit ECDSA verify in 10.00s
 +
Doing 256 bit sign ecdsa's for 10s: 209917 256 bit ECDSA signs in 10.00s
 +
Doing 256 bit verify ecdsa's for 10s: 97071 256 bit ECDSA verify in 10.00s
 +
Doing 384 bit sign ecdsa's for 10s: 40877 384 bit ECDSA signs in 10.00s
 +
Doing 384 bit verify ecdsa's for 10s: 10143 384 bit ECDSA verify in 10.00s
 +
Doing 521 bit sign ecdsa's for 10s: 22399 521 bit ECDSA signs in 10.00s
 +
Doing 521 bit verify ecdsa's for 10s: 12356 521 bit ECDSA verify in 10.00s
 +
Doing 163 bit sign ecdsa's for 10s: 47607 163 bit ECDSA signs in 10.00s
 +
Doing 163 bit verify ecdsa's for 10s: 20923 163 bit ECDSA verify in 10.00s
 +
Doing 233 bit sign ecdsa's for 10s: 24022 233 bit ECDSA signs in 10.00s
 +
Doing 233 bit verify ecdsa's for 10s: 15724 233 bit ECDSA verify in 10.00s
 +
Doing 283 bit sign ecdsa's for 10s: 15414 283 bit ECDSA signs in 10.00s
 +
Doing 283 bit verify ecdsa's for 10s: 8691 283 bit ECDSA verify in 10.00s
 +
Doing 409 bit sign ecdsa's for 10s: 6730 409 bit ECDSA signs in 10.00s
 +
Doing 409 bit verify ecdsa's for 10s: 5493 409 bit ECDSA verify in 10.00s
 +
Doing 571 bit sign ecdsa's for 10s: 3085 571 bit ECDSA signs in 10.00s
 +
Doing 571 bit verify ecdsa's for 10s: 2288 571 bit ECDSA verify in 10.01s
 +
Doing 163 bit sign ecdsa's for 10s: 47447 163 bit ECDSA signs in 10.00s
 +
Doing 163 bit verify ecdsa's for 10s: 19570 163 bit ECDSA verify in 10.00s
 +
Doing 233 bit sign ecdsa's for 10s: 24168 233 bit ECDSA signs in 10.00s
 +
Doing 233 bit verify ecdsa's for 10s: 15003 233 bit ECDSA verify in 10.00s
 +
Doing 283 bit sign ecdsa's for 10s: 15322 283 bit ECDSA signs in 10.00s
 +
Doing 283 bit verify ecdsa's for 10s: 8073 283 bit ECDSA verify in 10.01s
 +
Doing 409 bit sign ecdsa's for 10s: 6705 409 bit ECDSA signs in 10.00s
 +
Doing 409 bit verify ecdsa's for 10s: 5079 409 bit ECDSA verify in 10.00s
 +
Doing 571 bit sign ecdsa's for 10s: 3091 571 bit ECDSA signs in 10.00s
 +
Doing 571 bit verify ecdsa's for 10s: 2106 571 bit ECDSA verify in 10.00s
 +
OpenSSL 1.0.2g  1 Mar 2016
 +
built on: reproducible build, date unspecified
 +
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
 +
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
 +
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2
 +
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
 +
-D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
 +
-Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
 +
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
 +
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
 +
-DGHASH_ASM -DECP_NISTZ256_ASM
 +
                              sign    verify    sign/s verify/s
 +
160 bit ecdsa (secp160r1)  0.0001s  0.0002s  15039.7  4035.4
 +
192 bit ecdsa (nistp192)  0.0001s  0.0003s  12814.2  3344.5
 +
224 bit ecdsa (nistp224)  0.0001s  0.0002s  13519.1  6553.2
 +
256 bit ecdsa (nistp256)  0.0000s  0.0001s  20991.7  9707.1
 +
384 bit ecdsa (nistp384)  0.0002s  0.0010s  4087.7  1014.3
 +
521 bit ecdsa (nistp521)  0.0004s  0.0008s  2239.9  1235.6
 +
163 bit ecdsa (nistk163)  0.0002s  0.0005s  4760.7  2092.3
 +
233 bit ecdsa (nistk233)  0.0004s  0.0006s  2402.2  1572.4
 +
283 bit ecdsa (nistk283)  0.0006s  0.0012s  1541.4    869.1
 +
409 bit ecdsa (nistk409)  0.0015s  0.0018s    673.0    549.3
 +
571 bit ecdsa (nistk571)  0.0032s  0.0044s    308.5    228.6
 +
163 bit ecdsa (nistb163)  0.0002s  0.0005s  4744.7  1957.0
 +
233 bit ecdsa (nistb233)  0.0004s  0.0007s  2416.8  1500.3
 +
283 bit ecdsa (nistb283)  0.0007s  0.0012s  1532.2    806.5
 +
409 bit ecdsa (nistb409)  0.0015s  0.0020s    670.5    507.9
 +
571 bit ecdsa (nistb571)  0.0032s  0.0047s    309.1    210.6
 +
</syntaxhighlight>
 +
== rsa ==
 +
<syntaxhighlight lang="bash">
 +
$ openssl speed rsa
 +
Doing 512 bit private rsa's for 10s: 167277 512 bit private RSA's in 10.00s
 +
Doing 512 bit public rsa's for 10s: 2583804 512 bit public RSA's in 10.00s
 +
Doing 1024 bit private rsa's for 10s: 79187 1024 bit private RSA's in 9.99s
 +
Doing 1024 bit public rsa's for 10s: 1203611 1024 bit public RSA's in 10.00s
 +
Doing 2048 bit private rsa's for 10s: 12333 2048 bit private RSA's in 10.00s
 +
Doing 2048 bit public rsa's for 10s: 422877 2048 bit public RSA's in 10.00s
 +
Doing 4096 bit private rsa's for 10s: 1875 4096 bit private RSA's in 10.01s
 +
Doing 4096 bit public rsa's for 10s: 122509 4096 bit public RSA's in 10.00s
 +
OpenSSL 1.0.2g  1 Mar 2016
 +
built on: reproducible build, date unspecified
 +
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
 +
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
 +
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2
 +
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
 +
-D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
 +
-Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
 +
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
 +
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
 +
-DGHASH_ASM -DECP_NISTZ256_ASM
 +
                  sign    verify    sign/s verify/s
 +
rsa  512 bits 0.000060s 0.000004s  16727.7 258380.4
 +
rsa 1024 bits 0.000126s 0.000008s  7926.6 120361.1
 +
rsa 2048 bits 0.000811s 0.000024s  1233.3  42287.7
 +
rsa 4096 bits 0.005339s 0.000082s    187.3  12250.9
 +
</syntaxhighlight>
 
== 関連項目 ==
 
== 関連項目 ==
 
* [[デジタル署名]]
 
* [[デジタル署名]]
 +
* [[RSA]]
 
<!-- vim: filetype=mediawiki
 
<!-- vim: filetype=mediawiki
 
-->
 
-->

2017年8月13日 (日) 00:01時点における版

ECDSA (Elliptic Curve Digial Signature Algorithm, Elliptic Curve DSA, 楕円曲線DSA)とは、デジタル署名アルゴリズムの1つです。Digital Signature Algorithm(DSA,DSS)の改良版にあたります。

読み方

ECDSA
いーしー でぃーえすえー
Elliptic Curve Digial Signature Algorithm
えりぷてぃっく かーぶ でじたる しぐねちゃ あるごりずむ
Elliptic Curve DSA
えりぷてぃっく かーぶ でじたる でぃーえすえー
楕円曲線DSA
いーしー でぃーえすえー

概要

ECDSAでは、楕円曲線上(だえんきょくせんじょう)の離散対数問題(りさんたいすうもんだい)の困難性を利用したデジタル署名の方式です。

RSAとECDSAの鍵長

RSA署名, DSAと比較し、鍵長が短く、少ない計算量で同等の安全性を確保できるため、鍵長が長くなるほど、RSA署名DSAよりも処理性能が高くなります。

署名アルゴリズムと同程度の安全性のビット長
署名アルゴリズム RSA署名 DSA ECDSA
鍵長 2048bit 2048bit 224bit
署名長 2048bit 4096bit 448bit

RSAとECDSAの署名と検証のスピードは?

ここでは、まず、一般論です。

RSA の署名と検証の時間は

署名 > 検証 

です。

ECDSA の署名と検証の時間は

署名 < 検証 

です。

署名と検証のスピードを実際に比較する

ここでのスピードは、OpenSSL コマンドの openssl speed で調べた結果です。 調査に使った CPU は、

Intel(R) Xeon(R) CPU E5-2690 v4 @ 2.60GHz
(family: 0x6, model: 0x4f, stepping: 0x1)

です。

RSAとECDSAの署名と検証のスピードの具体的な根拠を示します。

RSA の 2048 ビットは、 ECDSA の 224-255 に相当します。 署名(sign)と検証を比較してみましょう。

RSA は、明らかに、署名に時間がかかっています。 ECDSA 224 だと署名と検証は、大差ないように見えます。 ECDSA 256 では、検証署名の2倍の時間がかかっています。

RSAとECDSAの署名と検証にかかる時間
アルゴリズム 署名 時間(秒) 検証 時間(秒)
RSA 2048 0.000811 s 0.000024s
ECDSA 224 0.000075 s 0.000074 s
ECDSA 256 0.000047 s 0.000103 s
RSAとECDSAの署名と検証にかかる時間
アルゴリズム 署名 時間(マイクロ秒) 検証 時間(マイクロ秒)
RSA 2048 811 24
ECDSA 224 76 74
ECDSA 256 47 103


署名と検証のスピード

$ openssl speed ecdsa
Doing 160 bit sign ecdsa's for 10s: 150397 160 bit ECDSA signs in 10.00s
Doing 160 bit verify ecdsa's for 10s: 40354 160 bit ECDSA verify in 10.00s
Doing 192 bit sign ecdsa's for 10s: 128142 192 bit ECDSA signs in 10.00s
Doing 192 bit verify ecdsa's for 10s: 33445 192 bit ECDSA verify in 10.00s
Doing 224 bit sign ecdsa's for 10s: 135191 224 bit ECDSA signs in 10.00s
Doing 224 bit verify ecdsa's for 10s: 65532 224 bit ECDSA verify in 10.00s
Doing 256 bit sign ecdsa's for 10s: 209917 256 bit ECDSA signs in 10.00s
Doing 256 bit verify ecdsa's for 10s: 97071 256 bit ECDSA verify in 10.00s
Doing 384 bit sign ecdsa's for 10s: 40877 384 bit ECDSA signs in 10.00s
Doing 384 bit verify ecdsa's for 10s: 10143 384 bit ECDSA verify in 10.00s
Doing 521 bit sign ecdsa's for 10s: 22399 521 bit ECDSA signs in 10.00s
Doing 521 bit verify ecdsa's for 10s: 12356 521 bit ECDSA verify in 10.00s
Doing 163 bit sign ecdsa's for 10s: 47607 163 bit ECDSA signs in 10.00s
Doing 163 bit verify ecdsa's for 10s: 20923 163 bit ECDSA verify in 10.00s
Doing 233 bit sign ecdsa's for 10s: 24022 233 bit ECDSA signs in 10.00s
Doing 233 bit verify ecdsa's for 10s: 15724 233 bit ECDSA verify in 10.00s
Doing 283 bit sign ecdsa's for 10s: 15414 283 bit ECDSA signs in 10.00s
Doing 283 bit verify ecdsa's for 10s: 8691 283 bit ECDSA verify in 10.00s
Doing 409 bit sign ecdsa's for 10s: 6730 409 bit ECDSA signs in 10.00s
Doing 409 bit verify ecdsa's for 10s: 5493 409 bit ECDSA verify in 10.00s
Doing 571 bit sign ecdsa's for 10s: 3085 571 bit ECDSA signs in 10.00s
Doing 571 bit verify ecdsa's for 10s: 2288 571 bit ECDSA verify in 10.01s
Doing 163 bit sign ecdsa's for 10s: 47447 163 bit ECDSA signs in 10.00s
Doing 163 bit verify ecdsa's for 10s: 19570 163 bit ECDSA verify in 10.00s
Doing 233 bit sign ecdsa's for 10s: 24168 233 bit ECDSA signs in 10.00s
Doing 233 bit verify ecdsa's for 10s: 15003 233 bit ECDSA verify in 10.00s
Doing 283 bit sign ecdsa's for 10s: 15322 283 bit ECDSA signs in 10.00s
Doing 283 bit verify ecdsa's for 10s: 8073 283 bit ECDSA verify in 10.01s
Doing 409 bit sign ecdsa's for 10s: 6705 409 bit ECDSA signs in 10.00s
Doing 409 bit verify ecdsa's for 10s: 5079 409 bit ECDSA verify in 10.00s
Doing 571 bit sign ecdsa's for 10s: 3091 571 bit ECDSA signs in 10.00s
Doing 571 bit verify ecdsa's for 10s: 2106 571 bit ECDSA verify in 10.00s
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
-Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
                              sign    verify    sign/s verify/s
 160 bit ecdsa (secp160r1)   0.0001s   0.0002s  15039.7   4035.4
 192 bit ecdsa (nistp192)   0.0001s   0.0003s  12814.2   3344.5
 224 bit ecdsa (nistp224)   0.0001s   0.0002s  13519.1   6553.2
 256 bit ecdsa (nistp256)   0.0000s   0.0001s  20991.7   9707.1
 384 bit ecdsa (nistp384)   0.0002s   0.0010s   4087.7   1014.3
 521 bit ecdsa (nistp521)   0.0004s   0.0008s   2239.9   1235.6
 163 bit ecdsa (nistk163)   0.0002s   0.0005s   4760.7   2092.3
 233 bit ecdsa (nistk233)   0.0004s   0.0006s   2402.2   1572.4
 283 bit ecdsa (nistk283)   0.0006s   0.0012s   1541.4    869.1
 409 bit ecdsa (nistk409)   0.0015s   0.0018s    673.0    549.3
 571 bit ecdsa (nistk571)   0.0032s   0.0044s    308.5    228.6
 163 bit ecdsa (nistb163)   0.0002s   0.0005s   4744.7   1957.0
 233 bit ecdsa (nistb233)   0.0004s   0.0007s   2416.8   1500.3
 283 bit ecdsa (nistb283)   0.0007s   0.0012s   1532.2    806.5
 409 bit ecdsa (nistb409)   0.0015s   0.0020s    670.5    507.9
 571 bit ecdsa (nistb571)   0.0032s   0.0047s    309.1    210.6

rsa

$ openssl speed rsa
Doing 512 bit private rsa's for 10s: 167277 512 bit private RSA's in 10.00s
Doing 512 bit public rsa's for 10s: 2583804 512 bit public RSA's in 10.00s
Doing 1024 bit private rsa's for 10s: 79187 1024 bit private RSA's in 9.99s
Doing 1024 bit public rsa's for 10s: 1203611 1024 bit public RSA's in 10.00s
Doing 2048 bit private rsa's for 10s: 12333 2048 bit private RSA's in 10.00s
Doing 2048 bit public rsa's for 10s: 422877 2048 bit public RSA's in 10.00s
Doing 4096 bit private rsa's for 10s: 1875 4096 bit private RSA's in 10.01s
Doing 4096 bit public rsa's for 10s: 122509 4096 bit public RSA's in 10.00s
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
-Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000060s 0.000004s  16727.7 258380.4
rsa 1024 bits 0.000126s 0.000008s   7926.6 120361.1
rsa 2048 bits 0.000811s 0.000024s   1233.3  42287.7
rsa 4096 bits 0.005339s 0.000082s    187.3  12250.9

関連項目