[openssl-dev] use SIPhash for OPENSSL_LH_strhash?

Richard Levitte levitte at openssl.org
Wed Jan 11 14:43:20 UTC 2017 

A note: I have absolutely nothing against the addition of SIPhash in
our collection of hash algos.  My scepticism was only in regards to
using it as a string hasher for our hash tables indexes.

Cheers,
Richard

In message <20170111.153458.1623912899597806811.levitte at openssl.org> on Wed, 11 Jan 2017 15:34:58 +0100 (CET), Richard Levitte <levitte at openssl.org> said:

levitte> In message <1e19cdfea8224717b3eee11e2d8acda5 at usma1ex-dag1mb1.msg.corp.akamai.com> on Wed, 11 Jan 2017 03:13:39 +0000, "Salz, Rich" <rsalz at akamai.com> said:
levitte> 
levitte> rsalz> The needs for OpenSSL's LHASH are exactly what SipHash was designed for: fast on short strings.
levitte> rsalz> OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is commented out.
levitte> rsalz> Yes, performance tests would greatly inform the decision.
levitte> 
levitte> Done, using the reference siphash implementation.
levitte> 
levitte> https://github.com/levitte/openssl/tree/test-string-hashes
levitte> 
levitte> A run on my laptop gave these results:
levitte> 
levitte>     : ; ./util/shlib_wrap.sh apps/openssl speed siphash lhash
levitte>     Doing lhash for 3s on 16 size blocks: 27635188 lhash's in 3.00s
levitte>     Doing lhash for 3s on 64 size blocks: 6934726 lhash's in 3.00s
levitte>     Doing lhash for 3s on 256 size blocks: 1698489 lhash's in 3.00s
levitte>     Doing lhash for 3s on 1024 size blocks: 431185 lhash's in 3.00s
levitte>     Doing lhash for 3s on 8192 size blocks: 53868 lhash's in 3.00s
levitte>     Doing lhash for 3s on 16384 size blocks: 27041 lhash's in 3.00s
levitte>     Doing siphash for 3s on 16 size blocks: 22488748 siphash's in 3.00s
levitte>     Doing siphash for 3s on 64 size blocks: 10485674 siphash's in 3.00s
levitte>     Doing siphash for 3s on 256 size blocks: 3320898 siphash's in 3.00s
levitte>     Doing siphash for 3s on 1024 size blocks: 894647 siphash's in 3.00s
levitte>     Doing siphash for 3s on 8192 size blocks: 114170 siphash's in 3.00s
levitte>     Doing siphash for 3s on 16384 size blocks: 57151 siphash's in 3.00s
levitte>     OpenSSL 1.1.1-dev  xx XXX xxxx
levitte>     built on: reproducible build, date unspecified
levitte>     options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) 
levitte>     compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\""  -DDEBUG_UNUSED -Wswitch -DPEDANTIC -pedantic -Wno-long-long -Wall -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -Wa,--noexecstack
levitte>     The 'numbers' are in 1000s of bytes per second processed.
levitte>     type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
levitte>     lhash           147387.67k   147940.82k   144937.73k   147177.81k   147095.55k   147679.91k
levitte>     siphash         119939.99k   223694.38k   283383.30k   305372.84k   311760.21k   312120.66k
levitte> 
levitte> So it seems that for short strings, OPENSSL_LH_strhash (*) wins some,
levitte> while siphash wins big for larger strings.
levitte> 
levitte> I have no idea how they compare with regard to distribution (which,
levitte> considering I ask for the same size output from both, should be the
levitte> main factor that affects the sensitivity to hash flooding)...
levitte> 
levitte> Our use of OPENSSL_LH_strhash() is with configuration sections and
levitte> names, ASN.1 object names and the function names in the openssl app.
levitte> All our other uses of lhash use their own hashing functions, and are
levitte> usually very short still (definitely less than 16 bytes).
levitte> 
levitte> My conclusion is that performance-wise, siphash doesn't give us any
levitte> advantage over OpenSSL_LH_strhash for our uses.
levitte> 
levitte> Cheers,
levitte> Richard
levitte> 
levitte> (*) Strictly speaking, it's a modified version that takes a length and
levitte> tolerates all 8-bit bytes, including 0x00.
levitte> 
levitte> -- 
levitte> Richard Levitte         levitte at openssl.org
levitte> OpenSSL Project         http://www.openssl.org/~levitte/
levitte> -- 
levitte> openssl-dev mailing list
levitte> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
levitte>

More information about the openssl-dev mailing list