pull down to refresh

Comparing ECDSA signature validation in OpenSSL vs. libsecp256k1 - The Stackdelvingbitcoin.org/t/comparing-the-performance-of-ecdsa-signature-validation-in-openssl-vs-libsecp256k1-over-the-last-decade/2087
222 sats \ 0 comments \ @Scoresby 8 Nov crypto

Don't do DIY cryptogrphy

Cryptography is really, really, ridiculously hard. This means if you want to write software that uses cryptography to do something (like validating signatures), you probably don't want to write the math functions yourself. Satoshi knew this, and that's why he relied on a library of pre-written functions to do all the cryptography when he wrote the original Bitcoin client. This library was called OpenSSL.
The scope of OpenSSL is...being a “full-featured toolkit for general-purpose cryptography”, it includes a large suite of cryptographic primitives, with support for a very wide range of applications.
It turns out that OpenSSL is not the most efficient way to do Bitcoin signature validation. In 2015, Pieter Wuille did the work to replace OpenSSL with a different cryptography library called libsecp256k1. This made signature validation in Bitcoin "anywhere between 2.5 and 5.5 times faster.” Pretty cool!

But wait...there's more!

This whole change happened ten years ago in PR #6954. Since then, the people who maintain libsecp256k1 have been making small improvements to the library which have resulted in some pretty impressive speedups.
But could similar speedups been achieved with OpenSSL? It is still actively maintained and widely used, so how do we know that switching over to a different library was a good choice?

Bitcoiners are cool because they just do things

Last week, a user by the name of TheStack posted to Delving Bitcoin a very interesting comparison of Bitcoin signature validation with OpenSSL and libsecp256k1. It's pretty clear from the results that libsecp256k1 was the way to go.
It’s clearly visible that in OpenSSL, the runtime for ECDSA signature verification on the curve secp256k1 hasn’t changed, while libsecp256k1 improved steadily, leading to an increasing performance gap over time between the two libraries.
TheStack also made a little tool you can use to run the comparison on your own machine. If you want to give it a try, you can do:
$ git clone https://github.com/theStack/secp256k1-plugbench
$ cd secp256k1-plugbench
$ ./build_libs.sh && make && ./secp-plugbench results.csv
I find things like this really cool. It's probably not something that we think about very much, but it ends up making a pretty big difference when it comes to the first time you download the blockchain (IBD). Check out TheStack's original post on delving if you want the full download and if you want to learn a little more about some of the awesome things TheStack does.
write
preview
related posts