Benchmarking fastecdsa vs. cryptography

benchmarks.py

import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec as cryptography_ec
from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature
from cryptography.hazmat.primitives.hashes import SHA384
from cryptography.hazmat.primitives.serialization import load_pem_public_key
import ecdsa.util
import ecdsa.curves
import fastecdsa.ecdsa
from fastecdsa.encoding.der import DEREncoder
from fastecdsa.encoding.pem import PEMEncoder
import hashlib
import timeit

# Generated using something like
# openssl x509 -in normandy.content-signature.mozilla.org-2019-11-13-16-12-29.chain -pubkey -noout
PUBLIC_KEY_STR = '''
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAErc0oHeEDb1TLVVaj1jm8wrT3BlMgFYYG
EQEghteghSHUSM1+663fYxjOykyuO8PrblSmnaEWcZkoarRNe6fY2Bioe4+Vvn6b
oB/R/GiONA54eVYF/iR283YqXhuO+U7q
-----END PUBLIC KEY-----
'''
PUBLIC_KEY_BYTES = PUBLIC_KEY_STR.encode()

SIGNATURE = 'eNu0kQANS6ArurDVdX9qXWC8aiBdmsHU2rjUjNclTAeHtk_9HJxvjyobX9W9B29vdXBctjFE27FZ3YVxzqPS2GDTiqz884sTRdcMAvLKwCRb6_V39-Pw24oppMuRyvk5'

SIGNED_DATA = b'Content-Signature:\x00{"action":"preference-experiment","arguments":{"branches":[{"ratio":1,"slug":"control","value":true},{"ratio":99,"slug":"treatment","value":false}],"experimentDocumentUrl":"https://www.example.com","isEnrollmentPaused":false,"isHighVolume":false,"preferenceBranchType":"default","preferenceName":"extensions.blocklist.useXML","preferenceType":"boolean","slug":"remote-settings"},"capabilities":["action.preference-experiment"],"filter_expression":"(normandy.channel in [\\"beta\\",\\"aurora\\",\\"nightly\\",\\"release\\"]) && (\'cfat\'|preferenceExists)","id":842,"name":"Remote Settings","revision_id":"2706"}'

DEFAULT_BACKEND = default_backend()

def fastecdsa_load_key():
    return PEMEncoder.decode_public_key(PUBLIC_KEY_STR)

def cryptography_load_key():
    return load_pem_public_key(PUBLIC_KEY_BYTES, backend=DEFAULT_BACKEND)

def fastecdsa_verify_signature(key):
    signature = base64.urlsafe_b64decode(SIGNATURE)
    signature = ecdsa.util.sigdecode_string(signature, order=ecdsa.curves.NIST384p.order)
    return fastecdsa.ecdsa.verify(
        signature, SIGNED_DATA, key, curve=fastecdsa.curve.P384, hashfunc=hashlib.sha384
    )

def cryptography_verify_signature(key):
    signature = base64.urlsafe_b64decode(SIGNATURE)
    signature = ecdsa.util.sigdecode_string(signature, order=ecdsa.curves.NIST384p.order)
    signature = encode_dss_signature(*signature)
    return key.verify(
        signature, SIGNED_DATA, cryptography_ec.ECDSA(SHA384())
    )

if __name__ == '__main__':
    functions = globals()

    def time(stmt, added_globals):
        my_globals = {**functions}
        my_globals.update(added_globals)
        return timeit.repeat(stmt, globals=my_globals, number=1000)

    key = fastecdsa_load_key()
    fastecdsa_verify_signature(key)

    print("fastecdsa load key")
    print(time('fastecdsa_load_key()', {}))
    print("fastecdsa verify signature")
    print(time('fastecdsa_verify_signature(key)', {'key': fastecdsa_load_key()}))

    key = cryptography_load_key()
    cryptography_verify_signature(key)

    print("cryptography load key")
    print(time('cryptography_load_key()', {}))
    print("cryptography verify signature")
    print(time('cryptography_verify_signature(key)', {'key': cryptography_load_key()}))

results.txt

fastecdsa load key
[0.015703853219747543, 0.016720911022275686, 0.016789105255156755, 0.015961076132953167, 0.01401825575158]
fastecdsa verify signature
[2.748437942005694, 2.6813256917521358, 2.745816638227552, 2.984783248975873, 2.7603529458865523]
cryptography load key
[0.029546580743044615, 0.026752188801765442, 0.026104706805199385, 0.025954395066946745, 0.02583075501024723]
cryptography verify signature
[0.797003943938762, 0.788643229752779, 0.8073184317909181, 0.8101031836122274, 0.8151431903243065]