Performance difference in ECC signature computation using OpenSSL inside and outside Intel SGX enclave

[chaudhryfaisal]

Overview:
When computing ECC signatures inside and outside the Intel SGX enclave using the OpenSSL library, we observed a significant performance difference. Inside the enclave, the performance is about 5,000 operations, while outside the enclave, it is 43,000 operations. However, when using the Ring library, the performance is similar inside and outside the enclave.

Additional Information:

• OpenSSL version: 3.0_Rev2
• Ring library version: ring-0.17.7
• Software environment: https://github.com/apache/incubator-teaclave-sgx-sdk

Steps to Reproduce:

1. Compile and run the code inside the enclave using OpenSSL.
2. Compile and run the same code outside the enclave using OpenSSL.
3. Compile and run the same code inside and outside the enclave using the Ring library.
4. Measure the performance of ECC signature computation in each case.

POC Code

• chaudhryfaisal/teaclave-sgx-sdk-hello-rust-vscode-debug-intel-sgx-ssl

git clone https://github.com/chaudhryfaisal/teaclave-sgx-sdk-hello-rust-vscode-debug-intel-sgx-ssl.git
cd teaclave-sgx-sdk-hello-rust-vscode-debug-intel-sgx-ssl
make
    ...
    cd ./bin; ./app
    [+] Init Enclave Successful 2!
    This is a normal world string passed into Enclave!
    This is a in-Enclave Rust string!
    [enclave/src/lib.rs:66] a * 2 = 4
    [+] say_something success...
    [+] ecc_test
    [+] ecall_ecc_key_create
    ecall_ecc_key_create
    [+] ecall_ecc_sign
    [+] ecc_test
    [+] ecall_ecc_key_create
    ecall_ecc_key_create
    [+] ecall_ecc_sign
    ecc_key_create
    !!! stage started: openssl_no_enclave 
    *** stage completed: openssl_no_enclave (1_000 iters, 0.023 secs)
    !!! stage started: openssl_enclave 
    *** stage completed: openssl_enclave (1_000 iters, 0.198 secs)
    --- Benchmark results ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     stage               iters  secs   msecs    iters/s  diff.s     
    ----------------------------------------------------------------
     openssl_enclave     1_000  0.198  197.980  5_051               
     openssl_no_enclave  1_000  0.023  22.962   43_549   +762.19 %  

Expected Behavior:
The performance of ECC signature computation should be similar inside and outside the enclave when using the OpenSSL library.

Actual Behavior:
There is a significant performance difference in ECC signature computation inside and outside the enclave using the OpenSSL library.

Environment Details:

lscpu
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              24
On-line CPU(s) list: 0-23
Thread(s) per core:  2
Core(s) per socket:  12
Socket(s):           1
NUMA node(s):        1
Vendor ID:           GenuineIntel
CPU family:          6
Model:               106
Model name:          Intel(R) Xeon(R) Silver 4310 CPU @ 2.10GHz
Stepping:            6
CPU MHz:             2100.000
BogoMIPS:            4200.00
Virtualization:      VT-x
L1d cache:           48K
L1i cache:           32K
L2 cache:            1280K
L3 cache:            18432K
NUMA node0 CPU(s):   0-23
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust sgx bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb intel_pt avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local split_lock_detect wbnoinvd dtherm ida arat pln pts avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg tme avx512_vpopcntdq la57 rdpid sgx_lc fsrm md_clear pconfig flush_l1d arch_capabilities

---

[chaudhryfaisal]

@jinghe-INTC any update on this?

[jinghe-INTC]

There is problem in building the project:

...
error[E0635]: unknown feature `core_panic`
   --> /home/jinghe/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/1b1d033/sgx_tstd/src/lib.rs:140:12
    |
140 | #![feature(core_panic)]
    |            ^^^^^^^^^^

error[E0635]: unknown feature `int_error_internals`
   --> /home/jinghe/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/1b1d033/sgx_tstd/src/lib.rs:102:12
    |
102 | #![feature(int_error_internals)]
    |            ^^^^^^^^^^^^^^^^^^^

Some errors have detailed explanations: E0425, E0432, E0557, E0635.
For more information about an error, try `rustc --explain E0425`.

and the rustc version is:

$ rustc --version
rustc 1.79.0-nightly (aa1c45908 2024-04-06)

Probably it needs an earlier build of Rust.

[jinghe-INTC]

I am still investigating your code, but I'm wondering if your measurement excluded the overhead of the ECALLs for openssl_no_enclave? If so, that could account for the significant difference in performance between running the code inside and outside the enclave.

[chaudhryfaisal]

There is problem in building the project:

...
error[E0635]: unknown feature `core_panic`
   --> /home/jinghe/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/1b1d033/sgx_tstd/src/lib.rs:140:12
    |
140 | #![feature(core_panic)]
    |            ^^^^^^^^^^

error[E0635]: unknown feature `int_error_internals`
   --> /home/jinghe/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/1b1d033/sgx_tstd/src/lib.rs:102:12
    |
102 | #![feature(int_error_internals)]
    |            ^^^^^^^^^^^^^^^^^^^

Some errors have detailed explanations: E0425, E0432, E0557, E0635.
For more information about an error, try `rustc --explain E0425`.

and the rustc version is:

$ rustc --version
rustc 1.79.0-nightly (aa1c45908 2024-04-06)

Probably it needs an earlier build of Rust.

since code base is based on https://github.com/apache/incubator-teaclave-sgx-sdk it requires nightly-2022-10-22. I have updated repo to include correct rust-toolchain

please try again with latest pull or with correct tool chain

[chaudhryfaisal]

I am still investigating your code, but I'm wondering if your measurement excluded the overhead of the ECALLs for openssl_no_enclave? If so, that could account for the significant difference in performance between running the code inside and outside the enclave.

yes for openssl_no_enclave measurement ECALL is excluded, how ever ECALL overhead is not much as I have done other tests with putting ring library inside enclave and overhead was only ~3-5 micro seconds. I believe large difference is due to crypto operations done in software vs hardware, So some CPU flags / operations are not configured correctly for openssl to leverage CPU instructions to perform crypto operations.

[jinghe-INTC]

I have built the updated code successfully, and run it on a VM from a Ice-Lake@2300Mhz host. There was performance degradation in enclave, but much less than that you reported.

I also tried it on different hardware platforms, and the difference were all below 50%.

Can you tell me the latest result you got, and the OS/Kernel/SDK version?

[jinghe-INTC]

I am still investigating your code, but I'm wondering if your measurement excluded the overhead of the ECALLs for openssl_no_enclave? If so, that could account for the significant difference in performance between running the code inside and outside the enclave.

yes for openssl_no_enclave measurement ECALL is excluded, how ever ECALL overhead is not much as I have done other tests with putting ring library inside enclave and overhead was only ~3-5 micro seconds. I believe large difference is due to crypto operations done in software vs hardware, So some CPU flags / operations are not configured correctly for openssl to leverage CPU instructions to perform crypto operations.

So the result of openssl_enclave included the ECALL overhead. I tried measuring an empty ECALL, and the overhead was ~4.0 micro seconds, almost the same as what you got. That means the performance difference is about 26.3% according to the measurement above.

[chaudhryfaisal]

OK so I did a lot of testing on my side and I am not able to get 5K TPS consistently. I am able to replicate it sometime when I rebuild / install sgx-ssl SDK or try to switch between rev1 and rev2. When I try on completely new setup I am getting numbers closer to your test ( ~30% diff in HW mode and ~12% diff in SIM mode ). I also added empty function and ring to the mix to compare numbers and here are my results

# Simulation
stage                      iters  secs   msecs   iters/s      diff.s
 empty_function_enclave     1_000  0.001  1.192   838_850      
 empty_function_no_enclave  1_000  0.000  0.001   871_080_139  
 openssl_enclave            1_000  0.027  27.005  37_029       -11.79 %
 openssl_no_enclave         1_000  0.024  23.822  41_978
 ring_enclave               1_000  0.022  21.975  45_506       +8.40 %
 ring_no_enclave            1_000  0.023  23.224  43_059
 
lb_empty_enclave            latency (μs) avg: 1, min: 1, max: 2
lb_empty_no_enclave         latency (μs) avg: 0, min: 0, max: 0
lb_openssl_enclave          latency (μs) avg: 26, min: 25, max: 66
lb_openssl_no_enclave       latency (μs) avg: 22, min: 22, max: 26
lb_ring_enclave             latency (μs) avg: 22, min: 21, max: 27
lb_ring_no_enclave          latency (μs) avg: 23, min: 22, max: 28

# Hardware
stage                      iters  secs   msecs   iters/s      diff.s
 empty_function_enclave     1_000  0.004  4.176   239_449      
 empty_function_no_enclave  1_000  0.000  0.001   928_505_106  
 openssl_enclave            1_000  0.033  32.663  30_616       -30.38 %
 openssl_no_enclave         1_000  0.023  22.741  43_973
 ring_enclave               1_000  0.026  26.497  37_739       -14.18 %
 ring_no_enclave            1_000  0.023  23.227  43_053

lb_empty_enclave            latency (μs) avg: 4, min: 4, max: 8
lb_empty_no_enclave         latency (μs) avg: 0, min: 0, max: 0
lb_openssl_enclave          latency (μs) avg: 32, min: 31, max: 40
lb_openssl_no_enclave       latency (μs) avg: 22, min: 22, max: 27
lb_ring_enclave             latency (μs) avg: 26, min: 26, max: 31
lb_ring_no_enclave          latency (μs) avg: 23, min: 22, max: 26

[chaudhryfaisal]

@jinghe-INTC how can we analyze performance loss between ring and openssl inside the enclave?

[jinghe-INTC]

Both Ring library and SGX SSL had modifications for the SGX, but that on SGX SSL was a little more. So a slight more performance loss is reasonable.