[cryptography] cjdns review
guus at sliepen.org
Fri Oct 5 04:58:40 EDT 2012
On Fri, Oct 05, 2012 at 07:31:24AM -0000, D. J. Bernstein wrote:
> Guus Sliepen writes:
> > Then these ephemeral keys will be used to encrypt the real data
> > packets, but again using crypto_box(). That means asymmetric crypto is
> > used for every packet, which makes it VERY slow.
> 1. Measure. Don't speculate.
I found a benchmark here: https://github.com/cjdelisle/cjdns/blob/master/rfcs/benchmark.txt
So it seems that is not as slow as I suspected: it can forward packets at a
rate of 7 Gbit/s on an Opteron 6128. So for a VPN or overlay network that is
OK. But for their intended goal of being able to work completely independent
of, and a replacement for, an existing Internet, it does require an awful lot
of CPU power on routers.
> 4. Perhaps most importantly, the public-key computation (Curve25519) is
> reusable (see crypto_box_afternm()) whenever the sender-receiver set is
> the same. This means that specifying crypto_box() for every packet does
> _not_ imply public-key cryptography for every packet.
I did not know of this feature; and delving into the source code of cjdns,
crypto_box_afternm() is indeed what is being used.
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the cryptography