Master of Science in Engineering: Computer Security May 2019 Performance Evaluation and Comparison of Standard Cryptographic Algorithms and Chinese Cryptographic Algorithms Louise Bergman Martinkauppi Qiuping He Faculty of Computing, Blekinge Institute of Technology, 371 79 Karlskrona, Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfilment of the requirements for the degree of Master of Science in Engineering: Computer Security. The thesis is equivalent to 20 weeks of full time studies. The authors declare that they are the sole authors of this thesis and that they have not used any sources other than those listed in the bibliography and identified as references. They further declare that they have not submitted this thesis at any other institution to obtain a degree. Contact Information: Author(s): Louise Bergman Martinkauppi E-mail: [email protected] Qiuping He E-mail: [email protected] University advisor: Senior Lecturer Dragos Ilie Department of Computer Science and Engineering Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE–371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 Abstract Background. China is regulating the import, export, sale, and use of encryption technology in China. If any foreign company wants to develop or release a product in China, they need to report their use of any encryption technology to the Office of State Commercial Cryptography Administration (OSCCA) to gain approval. SM2, SM3, and SM4 are cryptographic standards published by OSCCA and are authorized to be used in China. To comply with Chinese cryptography laws organizations and companies may have to replace standard cryptographic algorithms in their systems with Chinese cryptographic algorithms, such as SM2, SM3, and SM4. It is important to know beforehand how the replacement of algorithms will impact performance to determine future system costs. Objectives. Perform a theoretical study and performance comparison of the stan- dard cryptographic algorithms and Chinese Cryptographic algorithms. The standard cryptographic algorithms studied are RSA, ECDSA, SHA-256, and AES-128, and the Chinese cryptographic algorithms studied are SM2, SM3, and SM4. Methods. A literature analysis was conducted to gain knowledge and collect infor- mation about the selected cryptographic algorithms in order to make a theoretical comparison of the algorithms. An experiment was conducted to get measurements of how the algorithms perform and to be able to rate them. Results. The literature analysis provides a comparison that identifies design simi- larities and differences between the algorithms. The controlled experiment provides measurements of the metrics of the algorithms mentioned in objectives. Conclusions. The conclusions are that the digital signature algorithms SM2 and ECDSA have similar design and also similar performance. SM2 and RSA have funda- mentally different designs, and SM2 performs better than RSA when generating keys and signatures. When verifying signatures, RSA shows comparable performance in some cases and worse performance in other cases. Hash algorithms SM3 and SHA- 256 have many design similarities, but SHA-256 performs slightly better than SM3. AES-128 and SM4 have many similarities but also a few differences. In the controlled experiment, AES-128 outperforms SM4 with a significant margin. Keywords: cryptography, performance, SM2, SM3, SM4 i Sammanfattning Bakgrund. Kina reglerar import, export, försäljning och användning av krypter- ingsteknologi i Kina. Om ett utländskt företag vill utveckla eller släppa en produkt i Kina måste de rapportera sin användning av krypteringsteknologi till Office of State Commercial Cryptography Administration (OSCCA) för godkännande. SM2, SM3 och SM4 är kryptografiska standarder som lagligt får används i Kina. Organisationer och företag kan behöva byta ut krypteringsalgoritmerna i sina system till kinesiska krypteringsalgoritmer för att uppfylla kraven för de kinesiska lagarna. Det är därför viktigt att i förväg veta hur ersättningen av algoritmer kommer att påverka prestan- dan för att utvärdera framtida kostnader för systemet. Syfte. Genomföra en teoretisk studie och prestanda jämförelse av standard krypter- ingsalgoritmer och kinesiska krypteringsalgoritmer. De standard krypteringsalgorit- merna är RSA, ECDSA, SHA-256 och AES-128. De kinesiska krypteringsalgorit- merna är SM2, SM3 och SM4. Metod. En litteraturanalys har genomförts för att få en bättre förståelse av de valda algoritmerna. Ett experiment har genomförts för att samla mätvärden av de bestämda parametrarna och för att sedan kunna ranka mätvärdena. Resultat. Litteraturanalysen gav en jämförelse som identifierar likheter och skill- nader mellan algoritmerna. Det kontrollerade experimentet gav mätvärden av parame- trarna för algoritmerna nämnda i syftet. Slutsatser. Slutsatserna är att de digitala signatur-algoritmerna SM2 och ECDSA har liknade design och också liknade prestanda. SM2 och RSA har fundamentala skillnader i deras design, och SM2 har bättre prestanda vid nyckelgenerering samt signaturgenerering. Vid verifiering av signaturer så visar RSA likvärdig prestanda i vissa fall och sämre prestanda i andra fall. Hashfunktionerna SM3 och SHA-256 har också många likheter i sin design, men SHA-256 presterar lite bättre än SM3. AES-128 och SM3 har många design likheter men också några skillnader. I det kontrollerade experimentet så presterar AES-128 bättre än SM4 med stor marginal. Nyckelord: kryptering, prestanda, SM2, SM3, SM4 iii Acknowledgments Firstly, we would like to thank our supervisor Dragos Ilie for the support and guidance throughout our master thesis project. This thesis was supported by the Ericsson M- commerce department, which we thank for giving us the opportunity to do our master thesis with them. Here, we would like to thank our supervisor at Ericsson Mattias Liljeson for the interesting thesis subject and continuous feedback. We also give thanks to Alexander Mohlin for his guidance and assistance. Lastly, we would like to thank our manager Ulf Santesson, for all support and providing the resources. v Nomenclature AES Advanced Encryption Standard CBC Cipher Block Chaining Mode CPU Central Processing Unit CRT Chinese Remainder Theorem CTR Counter Mode DES Data Encryption Standard ECB Electronic Codebook Mode ECC Elliptic-Curve Cryptography ECDLP Elliptic Curve Discrete Logarithm Problem ECDSA Elliptic Curve Digital Signature Algorithm FIPS Federal Information Processing Standard IEEE Institute of Electrical and Electronics Engineers IFP Integer Factorization Problem ISO International Organization for Standardization NIST National Institute of Standards and Technology OF AT One-Factor-at-a-Time OSCCA Office of State Commercial Cryptography Administration P SS Probabilistic Signature Scheme RSA Rivest–Shamir–Adleman RSS Resident Set Size SCA State Cryptography Administration SHA Secure Hash Algorithm SP N Substitution-Permutation Network UFN Unbalanced Feistel Network vii Contents Abstract i Sammanfattning iii Acknowledgments v Nomenclature vii 1 Introduction 1 1.1 Motivation . 1 1.2 Aim, Objectives, and Research Questions . 2 1.3 Decisions . 3 1.4 Scope and Limitations . 5 1.5 Thesis Outline . 6 2 Related Work 7 2.1 SM2 . 7 2.2 SM3 . 8 2.3 SM4 . 8 2.4 Cryptographic Algorithm Comparison . 9 2.5 Knowledge Gap . 9 3 Background 11 3.1 Cryptography Law in China . 11 3.2 Symmetric and Asymmetric Cryptosystems . 12 3.3 Confusion and Diffusion . 12 3.4 Elliptic Curve Cryptography . 13 3.5 Block Cipher Mode of Operation . 14 3.6 Algorithm Design . 16 4 Method 17 4.1 Literature Analysis . 17 4.1.1 Databases and Search Engines . 17 4.1.2 Procedures and Approaches . 17 4.1.3 Used Approach . 18 4.2 Controlled Experiment . 19 4.2.1 Libraries and Tools . 19 4.2.2 System Specification . 20 ix 4.2.3 Experiment Design . 20 4.2.4 Used Approach . 21 4.2.5 Distribution Analysis . 22 4.2.6 Mann-Whitney U test . 22 4.3 Validity . 23 4.3.1 Internal . 23 4.3.2 External . 24 4.3.3 Algorithm Implementations Verification . 24 5 Results 27 5.1 Literature Analysis . 27 5.1.1 Design Comparison of SM2, RSA, and ECDSA . 27 5.1.2 Design Comparison of SM3 and SHA-256 . 30 5.1.3 Design Comparison of SM4 and AES-128 . 32 5.2 Algorithm Results . 34 5.2.1 Digital Signature Results . 34 5.2.2 Hash Results . 38 5.2.3 Block Cipher results . 41 5.2.4 Relative Differences Between the Algorithms . 45 5.3 Distribution Analysis Results . 47 5.4 Mann-Whitney U Test Results . 50 6 Analysis and Discussion 51 6.1 Overall Performance Impact . 51 6.2 File size . 51 6.3 Distribution Analysis . 52 6.4 Performance . 52 6.4.1 Digital Signature Algorithms . 52 6.4.2 Hash Algorithms . 54 6.4.3 Block Cipher Algorithms . 54 6.5 Memory . 54 7 Conclusions and Future Work 57 7.1 Conclusion . 57 7.2 Future work . 59 References 61 A Algorithm Design 69 A.1 AES . 69 A.2 ECDSA . 75 A.3 RSA . 78 A.4 SHA-256 . 80 A.5 SM2 . 84 A.6 SM3 . 88 A.7 SM4 . 91 x B Mann Whitney U Test 95 B.1 Digital Signature . 95 B.2 Hash Function . 98 B.3 Block Cipher . 99 xi List of Figures 3.1 The ECB encryption and decryption. Figure adapted from figure 1 in [1]. 14 3.2 The CBC encryption and decryption. Figure adapted from figure 2 in [1]. 15 3.3 The CTR encryption and decryption. Figure adapted from figure 5 in [1]. 16 5.1 Digital signature real-time in Botan and GmSSL. 34 5.2 Digital signature CPU time in Botan and GmSSL. 35 5.3 Digital signature CPU cycles in Botan and GmSSL. 35 5.4 Digital signature RSS in Botan and GmSSL. 36 5.5 Hash algorithms real-time in Botan and OpenSSL. 38 5.6 Hash algorithms CPU time in Botan and OpenSSL. 39 5.7 Hash algorithms CPU cycles in Botan and OpenSSL. 39 5.8 Hash algorithms RSS in Botan and OpenSSL. 40 5.9 Block Ciphers real-time graphs in Botan and OpenSSL.