[cryptography] cjdns review

D. J. Bernstein djb at cr.yp.to
Fri Oct 5 03:31:24 EDT 2012

Guus Sliepen writes:
> Then these ephemeral keys will be used to encrypt the real data
> packets, but again using crypto_box(). That means asymmetric crypto is
> used for every packet, which makes it VERY slow.

1. Measure. Don't speculate.

2. The public-key operations are actually quite fast. For example, a
Phenom II X6 1100T, $190 last year, performs more than 80000 Curve25519
operations per second. This ain't your grandpa's public-key crypto.

3. Even on small processors the public-key operations are quite fast.
For example, the Allwinner A10 is reportedly $7 in bulk, and (based on
benchmarks of other Cortex A8 cores) should handle 2600 Curve25519
operations per second.

4. Perhaps most importantly, the public-key computation (Curve25519) is
reusable (see crypto_box_afternm()) whenever the sender-receiver set is
the same. This means that specifying crypto_box() for every packet does
_not_ imply public-key cryptography for every packet.

---D. J. Bernstein
   Research Professor, Computer Science, University of Illinois at Chicago

More information about the cryptography mailing list