[tor-dev] PQ crypto updates

Yawning Angel yawning at schwanenlied.me
Mon Sep 18 07:03:44 UTC 2017


On Sun, 17 Sep 2017 21:04:28 -0400
Nick Mathewson <nickm at alum.mit.edu> wrote:
> I think the first step here is to instrument relays to figure out what
> fraction of their cryptography is relay cell cryptography: this could
> tells us what slowdown we should expect.  (It _should_ be about a
> third of our current cell crypto load, but surprises have certainly
> been known to happen!)

I'd also argue that instrumenting an high traffic client is important
(if only so that there aren't unpleasant surprises later in the form of
the clients hosting spacebookgopheri.onion or whatever exploding).

There was some discussion about obtaining profiler output for this
particular case, but AFAIK nothing really happened[0].

> The current performance we have is much faster than 13 cpb -- we're at
> approximately one AES, plus one third of a SHA1.  (The "one third" is
> because only clients and exits do the SHA1 step.)

I wonder how many of the relays have support for hardware assisted
SHA.  (nb: I don't have access to ARMv8, Ryzen or a sufficiently new
Intel system, so I don't know how good the implementations are)

Regards,

-- 
Yawning Angel

[0]: And depending on the sort of traffic the HS is serving, this
may/will be dominated by public key cryptography...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170918/185fc096/attachment.sig>


More information about the tor-dev mailing list