Performance of Bouncy Castle in Java

Question

I'm having some problems with performance using the Bouncy Castle Provider when generating DH parameters. Anyone knows why the Bouncy Castle example below is about 50 times slower than using the standard provider?

Using Bouncy Castle provider:

Security.addProvider(new BouncyCastleProvider());
AlgorithmParameterGenerator generator = AlgorithmParameterGenerator.getInstance("DH", "BC");
for (int i = 0; i < 3; i++) {
    generator.init(1024, new SecureRandom());
    AlgorithmParameters params = generator.generateParameters();
    DHParameterSpec dhSpec = (DHParameterSpec) params.getParameterSpec(DHParameterSpec.class);
    System.out.println("P: " + dhSpec.getP() + ", G:" + dhSpec.getG());
}

Using standard provider:

AlgorithmParameterGenerator generator = AlgorithmParameterGenerator.getInstance("DH");
for (int i = 0; i < 3; i++) {
    generator.init(1024, new SecureRandom());
    AlgorithmParameters params = generator.generateParameters();
    DHParameterSpec dhSpec = (DHParameterSpec) params.getParameterSpec(DHParameterSpec.class);
    System.out.println("P: " + dhSpec.getP() + ", G:" + dhSpec.getG());
}

Answer 1

The reason for the speed difference is that the BC provider is searching for a "Safe Prime", i.e. a prime p: p = 2q + 1, where q is also prime.

As you noticed, this is a lot slower than just finding a prime. The standard provider is not doing that, as can easily be verified.

Looking for a safe prime might be overkill, as it may suffice to have p = 2Rq + 1 for some R, which admits of a considerably faster implementation, while still ensuring a large prime factor of (p - 1).

It shouldn't be necessary to generate these parameters yourself often (if at all). A single set can be used for many key pairs, and there are standardized sets of parameters around that you may be better off using.