Verification of ed25519 signature in prod app takes 3-5x more time
See original GitHub issueCurrent Behavior
Vanilla JS check script like https://gist.github.com/ukstv/5038bcb000808e2b349f8b6f7956d6b3 reports it takes about 20ms for signature verification. If run inside a full application like https://github.com/ceramicnetwork/js-ceramic (if similarly wrapped in console.time
/console.timeEnd
) it takes 70-100ms to do the same. I find it odd that verification time depends on the application so much.
Expected Behavior
Time required for verification should be similar, not 3-5x larger.
Environment Details
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
- node/browser version: v14.17.1
- OS Version: macOS Big Sur (Darwin feather 20.5.0 Darwin Kernel Version 20.5.0: Sat May 8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64 x86_64)
- Device details: Intel MBP
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (6 by maintainers)
Top Results From Across the Web
How to check runtime of e.g. Ed25519 signature algorithm
You can see why it takes a longer time by looking where Ed25519 sign and verify differ on RFC 8032 for example. Basically,...
Read more >ED25519 Verification fails in Golang for payload signed in Java
This signature needs to be verified using the public key. The verification always fails in golang app. However, I'm able to successfully verify...
Read more >RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)
It is more resilient to side-channel attacks; 4. EdDSA uses small public keys (32 or 57 bytes) and signatures (64 or 114 bytes)...
Read more >Edwards-curve Digital Signature Algorithm (EdDSA) - IETF
EdDSA uses an elliptic curve over the finite field GF(p). 2. ... Verify To verify a PureEdDSA signature ENC(R) || ENC(S) on a...
Read more >EdDSA and Ed25519 - Practical Cryptography for Developers
EdDSA (Edwards-curve Digital Signature Algorithm) is a modern and secure digital signature algorithm based on performance-optimized elliptic curves, ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@kdenhartog Simplest way to expose this:
npm install && npm run build
node_modules/dids/lib/did.js
, line 132:did_jwt_1.verifyJWS(jws, publicKeys);
console.time('did-jwt.verifyJWS') ... console.timeEnd('did-jwt.verifyJWS')
cd core && npm run test
.There you can see the time it takes for the function to complete. Note, DID resolution happens few lines above and does not affect did-jwt.verifyJWS in any way.
Thanks for the examples and for finding the “culprit” code 😃
This behavior of iterating through possible verification methods and checking each one has been there from the early days, and will likely always remain (possibly only as a fallback).
Using the verification method identified by a
kid
is a planned improvement to this library. Essentially, if there is akid
present in a header, then it must be used to filter through thepublicKeys
and only pick a matching key id for the actual cryptographic verification. (tracking this in #191)I’ll close this issue now since the “slowness” has been identified.