Predicting TLS performance from key exchange performance (short paper)

Farhad Moghimifar, Douglas Stebila

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

1 Citation (Scopus)


Most benchmarking of cryptographic systems focuses on the performance of individual algorithms in a standalone setting. However, real-world applications such as the Transport Layer Security (TLS) protocol use a variety of cryptographic algorithms together. Benchmarking the performance of a web server using TLS is a more complex task, so fewer works include performance characteristics of full systems. In this work, we develop a model for the number of connections per second of a TLS-protected web server based on the runtime of individual cryptographic operations. Our model allows us to predict how performance scales with file size. Our model also allows us to predict the impact of improved key exchange algorithms: for example, on an HTTPS server with 1KiB files running ECDSA-nistp256 with AES-128-GCM and HMAC-SHA-256, a 2× improvement in ephemeral Diffie-Hellman key exchange performance only leads to a 10% improvement in connections per second, as signatures become the dominant cost.

Original languageEnglish
Title of host publicationProceedings of the Australasian Computer Science Week Multiconference, ACSW 2016
EditorsXun Yi, Giovanni Russello
Place of PublicationNw York NY USA
PublisherAssociation for Computing Machinery (ACM)
Number of pages4
ISBN (Electronic)9781450340427
Publication statusPublished - 2016
Externally publishedYes
EventAustralian Information Security Conference 2016 - Canberra, Australia
Duration: 2 Feb 20165 Feb 2016 (Proceedings) (Website)

Publication series

NameACM International Conference Proceeding Series
PublisherAssociation for Computing Machinery (ACM)


ConferenceAustralian Information Security Conference 2016
Abbreviated titleAISC 2016
Internet address


  • Key exchange
  • Performance
  • Transport Layer Security (TLS) protocol

Cite this