benchmark_jwt.rb

benchmark_jwt.rb

$LOAD_PATH.unshift('./lib/')
require 'jwt'
require 'benchmark/ips'

@private_key = {}
@public_key = {}
@jwt = {}
@payload = { :hello => 'world' }

def init_jwt(type, key_type)
  klass = type.start_with?('ES') ? OpenSSL::PKey::EC : OpenSSL::PKey::RSA
  if type.start_with?('ES')
    @private_key[key_type] ||= klass.new(key_type).tap(&:generate_key)
  else
    @private_key[key_type] ||= klass.generate(key_type)
  end
  @public_key[key_type] ||= klass.new(@private_key[key_type]).tap { |key| key.private_key = nil if key.respond_to? :private_key= }
  @jwt[[type, key_type]] = JWT.encode(@payload, @private_key[key_type], type)
end

# ECDSA JWT
puts 'Generating ECDSA keys..'
init_jwt 'ES256', 'prime256v1'
init_jwt 'ES384', 'secp384r1'
init_jwt 'ES512', 'secp521r1'

# RSA JWT for various key lengths
[1024, 2048, 4096, 8192].each do |key_bits|
  puts "Generating #{key_bits} RSA keys.."
  init_jwt 'RS256', key_bits
  init_jwt 'RS384', key_bits
  init_jwt 'RS512', key_bits
end

Benchmark.ips do |x|
  @jwt.each do |key, jwt|
    type, key_type = key
    x.report("verify using #{key}") { JWT.decode(jwt, @public_key[key_type]) }
    x.report("sign using #{key}") { JWT.encode(@payload, @private_key[key_type], type) }
  end
  x.compare!
end

Full output:

Generating ECDSA keys..
Generating 1024 RSA keys..
Generating 2048 RSA keys..
Generating 4096 RSA keys..
Generating 8192 RSA keys..
Calculating -------------------------------------
verify using ["ES256", "prime256v1"]
                       502.000  i/100ms
sign using ["ES256", "prime256v1"]
                       829.000  i/100ms
verify using ["ES384", "secp384r1"]
                        94.000  i/100ms
sign using ["ES384", "secp384r1"]
                       107.000  i/100ms
verify using ["ES512", "secp521r1"]
                       103.000  i/100ms
sign using ["ES512", "secp521r1"]
                       183.000  i/100ms
verify using ["RS256", 1024]
                         1.736k i/100ms
sign using ["RS256", 1024]
                       475.000  i/100ms
verify using ["RS384", 1024]
                         1.654k i/100ms
sign using ["RS384", 1024]
                       471.000  i/100ms
verify using ["RS512", 1024]
                         1.640k i/100ms
sign using ["RS512", 1024]
                       471.000  i/100ms
verify using ["RS256", 2048]
                         1.146k i/100ms
sign using ["RS256", 2048]
                        86.000  i/100ms
verify using ["RS384", 2048]
                         1.173k i/100ms
sign using ["RS384", 2048]
                        88.000  i/100ms
verify using ["RS512", 2048]
                         1.177k i/100ms
sign using ["RS512", 2048]
                        90.000  i/100ms
verify using ["RS256", 4096]
                       587.000  i/100ms
sign using ["RS256", 4096]
                        12.000  i/100ms
verify using ["RS384", 4096]
                       572.000  i/100ms
sign using ["RS384", 4096]
                        13.000  i/100ms
verify using ["RS512", 4096]
                       564.000  i/100ms
sign using ["RS512", 4096]
                        12.000  i/100ms
verify using ["RS256", 8192]
                       191.000  i/100ms
sign using ["RS256", 8192]
                         1.000  i/100ms
verify using ["RS384", 8192]
                       187.000  i/100ms
sign using ["RS384", 8192]
                         1.000  i/100ms
verify using ["RS512", 8192]
                       193.000  i/100ms
sign using ["RS512", 8192]
                         1.000  i/100ms
-------------------------------------------------
verify using ["ES256", "prime256v1"]
                          5.071k (± 3.7%) i/s -     25.602k
sign using ["ES256", "prime256v1"]
                          8.284k (± 3.3%) i/s -     41.450k
verify using ["ES384", "secp384r1"]
                        957.279  (± 4.2%) i/s -      4.794k
sign using ["ES384", "secp384r1"]
                          1.081k (± 3.7%) i/s -      5.457k
verify using ["ES512", "secp521r1"]
                          1.027k (± 3.0%) i/s -      5.150k
sign using ["ES512", "secp521r1"]
                          1.814k (± 3.4%) i/s -      9.150k
verify using ["RS256", 1024]
                         16.662k (± 3.9%) i/s -     83.328k
sign using ["RS256", 1024]
                          4.713k (± 3.6%) i/s -     23.750k
verify using ["RS384", 1024]
                         16.611k (± 3.6%) i/s -     84.354k
sign using ["RS384", 1024]
                          4.772k (± 3.4%) i/s -     24.021k
verify using ["RS512", 1024]
                         16.761k (± 4.3%) i/s -     85.280k
sign using ["RS512", 1024]
                          4.717k (± 3.8%) i/s -     23.550k
verify using ["RS256", 2048]
                         11.818k (± 4.4%) i/s -     59.592k
sign using ["RS256", 2048]
                        892.868  (± 3.4%) i/s -      4.472k
verify using ["RS384", 2048]
                         12.012k (± 4.4%) i/s -     60.996k
sign using ["RS384", 2048]
                        897.104  (± 3.2%) i/s -      4.488k
verify using ["RS512", 2048]
                         11.823k (± 3.2%) i/s -     60.027k
sign using ["RS512", 2048]
                        891.130  (± 4.2%) i/s -      4.500k
verify using ["RS256", 4096]
                          5.841k (± 3.5%) i/s -     29.350k
sign using ["RS256", 4096]
                        131.503  (± 3.8%) i/s -    660.000
verify using ["RS384", 4096]
                          5.769k (± 4.1%) i/s -     29.172k
sign using ["RS384", 4096]
                        130.932  (± 3.8%) i/s -    663.000
verify using ["RS512", 4096]
                          5.797k (± 4.7%) i/s -     29.328k
sign using ["RS512", 4096]
                        131.193  (± 4.6%) i/s -    660.000
verify using ["RS256", 8192]
                          1.896k (± 4.3%) i/s -      9.550k
sign using ["RS256", 8192]
                         17.429  (± 5.7%) i/s -     87.000
verify using ["RS384", 8192]
                          1.891k (± 5.2%) i/s -      9.537k
sign using ["RS384", 8192]
                         17.389  (± 5.8%) i/s -     87.000
verify using ["RS512", 8192]
                          1.895k (± 3.2%) i/s -      9.650k
sign using ["RS512", 8192]
                         17.374  (± 5.8%) i/s -     87.000

Comparison:
verify using ["RS512", 1024]:    16761.2 i/s
verify using ["RS256", 1024]:    16662.1 i/s - 1.01x slower
verify using ["RS384", 1024]:    16611.0 i/s - 1.01x slower
verify using ["RS384", 2048]:    12012.0 i/s - 1.40x slower
verify using ["RS512", 2048]:    11822.6 i/s - 1.42x slower
verify using ["RS256", 2048]:    11818.1 i/s - 1.42x slower
sign using ["ES256", "prime256v1"]:     8284.3 i/s - 2.02x slower
verify using ["RS256", 4096]:     5840.6 i/s - 2.87x slower
verify using ["RS512", 4096]:     5796.5 i/s - 2.89x slower
verify using ["RS384", 4096]:     5769.2 i/s - 2.91x slower
verify using ["ES256", "prime256v1"]:     5070.7 i/s - 3.31x slower
sign using ["RS384", 1024]:     4771.5 i/s - 3.51x slower
sign using ["RS512", 1024]:     4716.7 i/s - 3.55x slower
sign using ["RS256", 1024]:     4713.4 i/s - 3.56x slower
verify using ["RS256", 8192]:     1896.5 i/s - 8.84x slower
verify using ["RS512", 8192]:     1895.4 i/s - 8.84x slower
verify using ["RS384", 8192]:     1890.8 i/s - 8.86x slower
sign using ["ES512", "secp521r1"]:     1814.3 i/s - 9.24x slower
sign using ["ES384", "secp384r1"]:     1081.4 i/s - 15.50x slower
verify using ["ES512", "secp521r1"]:     1027.2 i/s - 16.32x slower
verify using ["ES384", "secp384r1"]:      957.3 i/s - 17.51x slower
sign using ["RS384", 2048]:      897.1 i/s - 18.68x slower
sign using ["RS256", 2048]:      892.9 i/s - 18.77x slower
sign using ["RS512", 2048]:      891.1 i/s - 18.81x slower
sign using ["RS256", 4096]:      131.5 i/s - 127.46x slower
sign using ["RS512", 4096]:      131.2 i/s - 127.76x slower
sign using ["RS384", 4096]:      130.9 i/s - 128.01x slower
sign using ["RS256", 8192]:       17.4 i/s - 961.66x slower
sign using ["RS384", 8192]:       17.4 i/s - 963.92x slower
sign using ["RS512", 8192]:       17.4 i/s - 964.73x slower