Some quick notes on RSA1024 signing performance

Just so this does not get lost - I've been doing some RSA1024 signing experiments because of my 'DNSSEC on PowerDNS' experiment, and the results were at first confusing.

For starters, friends of mine with Apple OS X reported very low numbers from the version of OpenSSL that ships with OS X (intel). The command to have OpenSSL perform speed tests is: 'openssl speed rsa1024'. Numbers were around half those reported on identical machines running a 32-bit Ubuntu.

Much investigations ensued, and conclusions are:

• Apple ships a version of OpenSSL that misses certain optimizations. If you need performance for your applications, investigate which OpenSSL library they link against, and possibly investigate how to recompile or relink.
  
• Go 64-bit, in a hurry. Twice as many bits appear to deliver over twice as much performance.
• A modern Core2 based CPU running 64 bits code maxes out at about 1500 RSA1024 signatures/second/core, based on OpenSSL 1.0 beta 3, or Botan linked against GnuMP 4
• Non-beta OpenSSLs are quite a bit slower, but not dramatically so
  
• More naive code, that is not as highly optimized (like the otherwise excellent PolarSSL), will deliver around 1200 RSA1024 signatures/second/core (64 bits)
• These numbers scale linearly with the number of cores involved - my 600 euro PC delivers 6000 signatures/second ('0.10 euro/signature/second').
  

It also looks like no worthwhile general purpose RSA hardware accelerators are available for use from Linux - Sun ships one, but its performance is not stellar (a lot more than 0.10 euro/signature/second), but it is not cheap, plus it is only officially supported on Sun hardware. If anyone has better ideas, please let me know!

PS: Why RSA1024? Because this is what DNSSEC is about for the foreseeable future..