Closed dko-slapdash closed 3 years ago
Thanks @dko-slapdash , there are no plans to add createECDH
at present because I want to keep the surface area minimal. Also, running crypto in the threadpool is not always faster because of context switches. It all depends on how many createECDH
calls per second you are doing and the latency profile of these compared to the context switch cost. i.e. For large SHA256 one-shot digests it may make sense to use the threadpool, so you can use multiple cores and avoid blocking the event loop. For ECDH, have you benchmarked the latency of a single op?
I have not, but EC keypair generation + ECDH are extremely expensive operations, probably hundreds times more expensive than SHA256.
I've just done some ad-hoc measurements in our production machines. EC computeSecret blocks the event loop for 8-20ms typically, and if I need to, say, run 50 of them sequentially (ECDH), it's ~500ms. So having them be done in an async way (in a thread pool) would definitely be a great win.
What I just noticed is that, if ECDH derivation is done in a separate thread (worker_threads
node module), then proxying via the worker thread adds almost no penalty to the pure CPU time consumed in comparison to the sync call - because ECDH is so slow.
So we can consider this feature request solved: ECDH is so slow that wrapping it with worker_threads makes it only ~1% slower. Here are the primitives which are slow (and, when run in a worker_threads worker, stop blocking the event loop of the main thread):
export function generateMsgPublicKeyAndDHSecretSync(
curveName: string,
userPublicKey: Buffer
): [Buffer, Buffer] {
const publicEcdh = crypto.createECDH(curveName);
const msgPublicKey = publicEcdh.generateKeys();
const dhSecret = publicEcdh.computeSecret(userPublicKey);
return [msgPublicKey, dhSecret];
}
export function deriveDHSecretSync(
curveName: string,
userPrivateKey: Buffer,
msgPublicKey: Buffer
): Buffer {
const privateEcdh = crypto.createECDH(curveName);
privateEcdh.setPrivateKey(userPrivateKey);
const dhSecret = privateEcdh.computeSecret(msgPublicKey);
return dhSecret;
}
Hi.
In Node crypto module, there is a createECDH function which allows to work with ECDH (elliptic curves Diffie-Hellman). It allows to build https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme solutions: https://nodejs.org/api/crypto.html#crypto_class_ecdh
But it's all synchronous and slow.
Any plans of adding support to crypto-async?