DH Keypair generation time on Android

问题

This is the code that I'm using to generate a DH keypair:

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
keyGen.initialize(1024, new SecureRandom());
KeyPair ackp = keyGen.generateKeyPair();

(without the needed try/catch, of course).

I've done some tests running such code iteratively and varying the key size (in particular ramping up from 128 with a 128 step up to 1024. 1024 would be the desired size.

First of all, running each size generation 10 times to have some minimal std deviation on the results gives HIGH fluctuation of results, on average, anyway, the time needed for creating the keys (1024 bit) is: 683027ms, which rounds up to around 11 minutes for creating a key.

The questions are:

1. Is anyone else getting the same results?
2. Is there some optimization to be run in order to achieve lower times?
3. What is the high fluctuation dependent of? (i.e. for generating a 1024bit key it can take from 18 seconds to 30 minutes...)

Tests have been run on a Nexus-One phone

Thanks in advance for shedding some light on the "issue"

Regards

回答1:

I did some further coding/research and apparently the call that's the most time (battery?) consuming is:

new SecureRandom()

In particular, though, since for DH the parameters (g, p, l) can be pre-computed and hard-coded it's a wise suggestion to do so beforehand and use the generated values to generate the key pair (which will be almost instantaneous).

Example code:

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
keyGen.initialize(new DHParameterSpec(p, g, l));
KeyPair ackp = keyGen.generateKeyPair();

Where p, g, and l are:

final BigInteger p = new BigInteger("X");
final BigInteger g = new BigInteger("Y");
final int l = 1023;

And X and Y can be generated offline with:

AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(1024, new SecureRandom());
AlgorithmParameters params = paramGen.generateParameters();
DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
System.out.println("p: " + dhSpec.getP() + "\ng: " + dhSpec.getG() + " \nl: " + dhSpec.getL());

来源：https://stackoverflow.com/questions/2469235/dh-keypair-generation-time-on-android