Re: Need for speedy cryptography
- From: Le Chaud Lapin <jaibuduvin@xxxxxxxxx>
- Date: Sun, 18 Oct 2009 09:17:18 -0700 (PDT)
On Oct 18, 9:05 am, n...@xxxxxxxxxxxxxxxx (Robert Scott) wrote:
On Sun, 18 Oct 2009 12:33:30 +0100, Rob Blank <Rob.Bl...@xxxxxx> wrote:
Hi all,
However, I assume there is also a technical motivation for this problem.
I could image, for instance, that in networks routers need a certain
throughput; that means, if the packets are encrypted, we need fast
decryption routines in order to meet throughput. Maybe there are other
examples in audio or video applications that need high-speed crypto
engines to meet performance targets.
As I understand it, if the end-to-end model is to persist, then there
is no need for routers, or at least the routing feature of routers, to
encrypt/decrypt packets in transit.
I will google for more information about this, but maybe someone knows
a good articel or source that could be helpful to start my research in
this direction.
First you need to make the distinction between symmetric and public key
technologies. The public key systems (like the RSA you mentioned) do take
considerably longer to compute. However they are used in contexts where
throughput speed is not that important. Symmetric algorithms are usually used
for bulk encryption. I think any discussion of encryption speed must take
applications into account from the very beginning.
One might imagine a steady-state, semi-terminal model for computer
networking, where a PDA moves at 100km/hr, acting as a DNS server for
mobile cameras that are 10,000km away, while also receiving secure
multicast video streams as one of 1,000,000 multicast target devices,
all dispersed across the planet, each maintaining topologically
optimal paths most of the time, with new connections established and
broken with these mobile devices by other devices, anywhere, including
stationary and mobile devices, over unsecure links whenever and
wherever they become available, using generic hardware purchased from
local electronics store, with easy access control throughout entire
system, managed by computer neophytes.
IMHO, there are four fundamental problems that prevent us from
realizing this model:
1. ***
2. ***
3. ***
4. Fast forward stateless signing of individual packets.
#4 stipulates that the only information allowed by target is the
public key of source, at instant where very first packet arrives from
source. Each packet signing must be independent of preceeding packet
signings.
This idependence of signing, IMO, is ideal, but obviously a
performance nightmare, so one has to wonder what remains unexplored in
realm of fast modular reduction.
Performance notwithstanding, I think network researchers are still
trying to discover the model to make this feasible, but when they do,
I think they will discover that #4 is a necessity, not a luxury.
In the meantime, we are left more or less with what we have now:
Heavy-handed management of one-sided public/private key-pair with
hardware-assisted encryption/decryption and no secure mobility or
large-scale secure multicast.
-Le Chaud Lapin-
.
- References:
- Need for speedy cryptography
- From: Rob Blank
- Re: Need for speedy cryptography
- From: Robert Scott
- Need for speedy cryptography
- Prev by Date: Re: Need for speedy cryptography
- Next by Date: Re: Need for speedy cryptography
- Previous by thread: Re: Need for speedy cryptography
- Next by thread: Re: Need for speedy cryptography
- Index(es):
Relevant Pages
|
