skip to main content
10.1145/3629527.3652266acmconferencesArticle/Chapter ViewAbstractPublication PagesicpeConference Proceedingsconference-collections
research-article

Fastcrypto: Pioneering Cryptography Via Continuous Benchmarking

Published: 07 May 2024 Publication History

Abstract

In the rapidly evolving fields of encryption and blockchain technologies, the efficiency and security of cryptographic schemes significantly impact performance. This paper introduces a comprehensive framework for continuous benchmarking in one of the most popular cryptography Rust libraries, \textttfastcrypto. What makes our analysis unique is the realization that automated benchmarking is not just a performance monitor and optimization tool, but it can be used for cryptanalysis and innovation discovery as well. Surprisingly, benchmarks can uncover spectacular security flaws and inconsistencies in various cryptographic implementations and standards, while at the same time they can identify unique opportunities for innovation not previously known to science, such as providing a) hints for novel algorithms, b) indications for mix-and-match library functions that result in world record speeds, and c) evidences of biased or untested real world algorithm comparisons in the literature.
Our approach transcends traditional benchmarking methods by identifying inconsistencies in multi-threaded code, which previously resulted in unfair comparisons. We demonstrate the effectiveness of our methodology in identifying the fastest algorithms for specific cryptographic operations like signing, while revealing hidden performance characteristics and security flaws. The process of continuous benchmarking allowed \textttfastcrypto to break many crypto-operations speed records in the Rust language ecosystem. A notable discovery in our research is the identification of vulnerabilities and unfair speed claims due to missing padding checks in high-performance Base64 encoding libraries. We also uncover insights into algorithmic implementations such as multi-scalar elliptic curve multiplications, which exhibit different performance gains when applied in different schemes and libraries. This was not evident in conventional benchmarking practices. Further, our analysis highlights bottlenecks in cryptographic algorithms where pre-computed tables can be strategically applied, accounting for L1 and L2 CPU cache limitations.
Our benchmarking framework also reveals that certain algorithmic implementations incur additional overheads due to serialization processes, necessitating a refined 'apples to apples' comparison approach. We identified unique performance patterns in some schemes, where efficiency scales with input size, aiding blockchain technologies in optimal parameter selection and data compression.
Crucially, continuous benchmarking serves as a tool for ongoing audit and security assurance. Variations in performance can signal potential security issues during upgrades, such as cleptography, hardware manipulation or supply chain attacks. This was evidenced by critical private key leakage vulnerabilities we found in one of the most popular EdDSA Rust libraries. By providing a dynamic and thorough benchmarking approach, our framework empowers stakeholders to make informed decisions, enhance security measures, and optimize cryptographic operations in an ever-changing digital landscape.

References

[1]
Zachary Amsden, Ramnik Arora, Shehar Bano, Mathieu Baudet, Sam Blackshear, Abhay Bothra, G Cabrera, C Catalini, K Chalkias, E Cheng, et al. 2019. The libra blockchain. URl: https://developers. libra. org/docs/assets/papers/the-libra-blockchain. pdf (2019).
[2]
X9 ANSI. 1999. 62: public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ecdsa). Am. Nat'l Standards Inst (1999).
[3]
Jorge Aparicio and Brook Heisler. 2024. criterion.rs: Statistics-driven micro-benchmarking library. https://github.com/japaric/criterion.rs.
[4]
Arkworks. 2024. arkworks-rs. https://github.com/arkworks-rs/.
[5]
arnaucube. 2024. poseidon-ark. https://github.com/arnaucube/poseidon-ark.
[6]
Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein. 2013. BLAKE2: simpler, smaller, fast as MD5. In Proceedings of the 11th International Conference on Applied Cryptography and Network Security (Banff, AB, Canada) (ACNS'13). Springer-Verlag, Berlin, Heidelberg, 119--135. https://doi.org/10.1007/978--3--642--38980--1_8
[7]
Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Yan Ji, Jonas Lindstrøm, Deepak Maram, Ben Riva, Arnab Roy, Mahdi Sedaghat, and Joy Wang. 2024. zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials. arxiv: 2401.11735 [cs.CR]
[8]
Paulo S. L. M. Barreto, Ben Lynn, and Michael Scott. 2003. Constructing Elliptic Curves with Prescribed Embedding Degrees. In Security in Communication Networks, Stelvio Cimato, Giuseppe Persiano, and Clemente Galdi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 257--267.
[9]
Ben Dickson. 2022. Dozens of cryptography libraries vulnerable to private key theft. The Daily Swig: https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft.
[10]
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. Journal of Cryptographic Engineering, Vol. 2, 2 (2012), 77--89. https://doi.org/10.1007/s13389-012-0027--1
[11]
Sam Blackshear, Evan Cheng, David L Dill, Victor Gao, Ben Maurer, Todd Nowacki, Alistair Pott, Shaz Qadeer, Dario Russi Rain, Stephane Sezer, et al. 2019. Move: A language with programmable resources. Libra Assoc (2019), 1.
[12]
Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. 2003. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Advances in Cryptology -- EUROCRYPT 2003, Eli Biham (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 416--432.
[13]
Dan Boneh, Ben Lynn, and Hovav Shacham. 2001. Short Signatures from the Weil Pairing. In Advances in Cryptology -- ASIACRYPT 2001, Colin Boyd (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 514--532.
[14]
Konstantinos Chalkias and Panagiotis Chatzigiannis. 2022. Base64 Malleability in Practice. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (Nagasaki, Japan) (ASIA CCS '22). Association for Computing Machinery, New York, NY, USA, 1219--1221. https://doi.org/10.1145/3488932.3527284
[15]
dalek cryptography. 2024. ed25519-dalek. https://github.com/dalek-cryptography/ed25519-dalek.
[16]
Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, and Markus Schofnegger. 2021. Poseidon: A New Hash Function for Zero-Knowledge Proof Systems. In USENIX Security Symposium. https://api.semanticscholar.org/CorpusID:221069468
[17]
Sam Grierson, Konstantinos Chalkias, and William J Buchanan. 2023. Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations. arXiv preprint arXiv:2308.15009 (2023).
[18]
Jens Groth. 2016. On the Size of Pairing-Based Non-interactive Arguments. 305--326. https://doi.org/10.1007/978--3--662--49896--5_11
[19]
iden3. 2024. rapidsnark. https://github.com/iden3/rapidsnark.
[20]
Kostas Kryptos. 2023. Blockchain research has advanced systems and cryptography. https://twitter.com/kostascrypto/status/1626983601572302849.
[21]
Zhuolun Li, Alberto Sonnino, and Philipp Jovanovic. 2023. Performance of EdDSA and BLS Signatures in Committee-Based Consensus. In Workshop on Advanced tools, programming languages, and PLatforms for Implementing and Evaluating algorithms for Distributed systems.
[22]
lurk-lab. 2024. neptune. https://github.com/lurk-lab/neptune.
[23]
Nicholas D Matsakis and Felix S Klock. 2014. The rust language. ACM SIGAda Ada Letters, Vol. 34, 3 (2014), 103--104.
[24]
Mysten Labs. 2024. fastcrypto. https://github.com/MystenLabs/fastcrypto.
[25]
NumPy Team. 2024. Numpy. https://numpy.org.
[26]
Penumbra. 2024. ed25519-consensus. https://github.com/penumbra-zone/ed25519-consensus.
[27]
Rust Bitcoin Community. 2024. rust-secp256k1. https://github.com/rust-bitcoin/rust-secp256k1/.
[28]
RustCrypto. 2024. p256. https://github.com/RustCrypto/elliptic-curves/tree/master/p256.
[29]
Rustsec. 2022. Double Public Key Signing Function Oracle Attack on ed25519-dalek. RUSTSEC-2022-0093: https://rustsec.org/advisories/RUSTSEC-2022-0093.
[30]
Supranational. 2024. blst. https://github.com/supranational/blst.
[31]
Gavin Wood et al. 2014. Ethereum: A secure decentralised generalised transaction ledger., bibinfonumpages32 pages.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ICPE '24 Companion: Companion of the 15th ACM/SPEC International Conference on Performance Engineering
May 2024
305 pages
ISBN:9798400704451
DOI:10.1145/3629527
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2024

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. blockchain
  2. continuous benchmarking
  3. cryptanalysis
  4. crypto audits
  5. cryptography
  6. rust language
  7. supply chain attacks.

Qualifiers

  • Research-article

Conference

ICPE '24

Acceptance Rates

Overall Acceptance Rate 252 of 851 submissions, 30%

Upcoming Conference

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 76
    Total Downloads
  • Downloads (Last 12 months)76
  • Downloads (Last 6 weeks)7
Reflects downloads up to 01 Mar 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media