Skip to content

crypto: make timingSafeEqual faster for Uint8Array

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/crypto-timingsafeequal-fast into main

Add a fast API that V8 can use if the user supplies Uint8Arrays (including Buffers) to timingSafeEqual.

Benchmark CI:

                                                   confidence improvement accuracy (*)   (**)  (***)
crypto/timingSafeEqual.js bufferSize=10 n=100000           ***     53.66 %       ±5.44% ±7.25% ±9.46%
crypto/timingSafeEqual.js bufferSize=100 n=100000          ***     40.93 %       ±4.56% ±6.08% ±7.94%
crypto/timingSafeEqual.js bufferSize=200 n=100000          ***     22.19 %       ±3.30% ±4.41% ±5.76%
crypto/timingSafeEqual.js bufferSize=2100 n=100000         ***      2.82 %       ±0.46% ±0.61% ±0.80%
crypto/timingSafeEqual.js bufferSize=22023 n=100000        ***      0.25 %       ±0.05% ±0.07% ±0.09%

Be aware that when doing many comparisons the risk of a false-positive
result increases. In this case, there are 5 comparisons, you can thus
expect the following amount of false-positive results:
  0.25 false positives, when considering a   5% risk acceptance (*, **, ***),
  0.05 false positives, when considering a   1% risk acceptance (**, ***),
  0.01 false positives, when considering a 0.1% risk acceptance (***)

Local benchmark:

                                                    confidence improvement accuracy (*)    (**)   (***)
crypto/timingSafeEqual.js bufferSize=10 n=100000           ***     51.19 %      ±18.92% ±25.21% ±32.86%
crypto/timingSafeEqual.js bufferSize=100 n=100000          ***     31.63 %      ±17.65% ±23.51% ±30.63%
crypto/timingSafeEqual.js bufferSize=200 n=100000           **     24.00 %      ±17.51% ±23.31% ±30.35%
crypto/timingSafeEqual.js bufferSize=2100 n=100000                  1.26 %      ±15.88% ±21.12% ±27.49%
crypto/timingSafeEqual.js bufferSize=22023 n=100000                -0.40 %      ±14.46% ±19.24% ±25.05%

Be aware that when doing many comparisons the risk of a false-positive result increases.
In this case, there are 5 comparisons, you can thus expect the following amount of false-positive results:
  0.25 false positives, when considering a   5% risk acceptance (*, **, ***),
  0.05 false positives, when considering a   1% risk acceptance (**, ***),
  0.01 false positives, when considering a 0.1% risk acceptance (***)

V8 has rudimentary support for fast APIs that consume TypedArrays only, which is why this is limited to Uint8Array for now.

Merge request reports