An Efficient Elliptic Curve Cryptography Signature Server With GPU Acceleration

Abstract

Over the Internet, digital signature has been an indispensable approach to securing e-commerce and other online transactions requiring authentication. Concerning the computing costs of signature generation and verification, it has become a more and more common practice for security practitioners to outsource such computations from heavily loaded application servers called tenants to dedicated proxies like signature servers in the enterprise private cloud. In this paper, we present our high-performance signature server called Guess. It implements the elliptic curve digital signature algorithm (ECDSA) with 256-b key size on a Linux-powered commodity computer, harnessing a desktop graphics processing unit as a featured cryptographic accelerator. We demonstrate our experience in maximizing the computing power of Guess and also its capability to deliver such power to the tenants, which includes down-to-earth customization and optimization considering various hardware and software factors. Our comprehensive implementation of ECDSA is tested against intensive network traffic. Field experiments show that Guess achieves T <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</sub> = 8.71 × 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">6</sup> operations per second (OPS) for signature generation or T <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">v</sub> = 9.29 × 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">5</sup> OPS for verification, which is significantly faster than existent prototypes and products. Guess is a universal server that readily supports various categories of elliptic curve cryptographic schemes, such as digital signature, key agreement, and encryption.