[cryptography] cjdns review

Eugen Leitl eugen at leitl.org
Fri Oct 5 05:16:57 EDT 2012

On Fri, Oct 05, 2012 at 10:58:40AM +0200, Guus Sliepen wrote:

> > 1. Measure. Don't speculate.
> I found a benchmark here: https://github.com/cjdelisle/cjdns/blob/master/rfcs/benchmark.txt
> So it seems that is not as slow as I suspected: it can forward packets at a
> rate of 7 Gbit/s on an Opteron 6128. So for a VPN or overlay network that is
> OK. But for their intended goal of being able to work completely independent
> of, and a replacement for, an existing Internet, it does require an awful lot
> of CPU power on routers.

Current routers have memory lookups on expensive (CAM) route memory,
so if the logic is easy enough to cast into ASIC (or even an FPGA)
the resulting packet forwarding rate might be actually quite 
impressive for amount of silicon and power footprint.
> > 4. Perhaps most importantly, the public-key computation (Curve25519) is
> > reusable (see crypto_box_afternm()) whenever the sender-receiver set is
> > the same. This means that specifying crypto_box() for every packet does
> > _not_ imply public-key cryptography for every packet.
> I did not know of this feature; and delving into the source code of cjdns,
> crypto_box_afternm() is indeed what is being used.

More information about the cryptography mailing list