Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tunnel crypto improvement with AESGCM #3099

Closed
Captain-Coder opened this issue Sep 18, 2017 · 5 comments
Closed

Tunnel crypto improvement with AESGCM #3099

Captain-Coder opened this issue Sep 18, 2017 · 5 comments
Assignees
@egbertbouman
Labels
type: enhancement
Milestone
V7.4: Python 3

Comments

@Captain-Coder
Copy link

Captain-Coder commented Sep 18, 2017
edited
Loading

I had a look at why my tunnels are slow. Without having run a profiler, my fist guess was the crypto layer. So I did some poking around in tunnelcrypto.py. And saw it creates a lot of python objects just to do one encryption run. So I peeked at the docs for modes.GCM, it contains a hint to use AESGCM when doing small batches of data. So does this pay off?

import timeit
timeit.timeit('cipher = Cipher(algorithms.AES(key), modes.GCM(initialization_vector=nonce), backend=default_backend()).encryptor()\ncipher.update(data) + cipher.finalize()', setup='import os\nfrom cryptography.hazmat.backends import default_backend\nfrom cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes\nfrom cryptography.hazmat.primitives.ciphers.aead import AESGCM\nnonce = os.urandom(12)\nkey=AESGCM.generate_key(bit_length=128)\ndata=os.urandom(396)')

38.672110080718994

This would be our current tunnel crypto code. But when using AESGCM:

timeit.timeit('aesgcm.encrypt(nonce, data, None)', setup='import os\nfrom cryptography.hazmat.primitives.ciphers.aead import AESGCM\naesgcm = AESGCM(AESGCM.generate_key(bit_length=128))\nnonce = os.urandom(12)\ndata=os.urandom(396)')

18.620353937149048

So nearly a 2x speedup there. But I don't know if i did this right (read: securely), and it is a breaking change. AESGCM includes it's own tag, whereas the current tunnelcrypto.py has to .pack() it along with the data (so the savings might even be better). So perhaps someone can investigate this for the future.
@Captain-Coder Captain-Coder changed the title Future tunnel crypto improvement Tunnel crypto improvement with AESGCM Sep 18, 2017
@qstokkink qstokkink added this to the Backlog milestone Sep 18, 2017
@devos50
Copy link
Contributor

devos50 commented Sep 18, 2017

@Captain-Coder interesting, thanks! :)

@egbertbouman egbertbouman mentioned this issue Apr 12, 2019
Closed
@synctext
Copy link
Member

Thnx, this breaking change should land in 7.3 nicely. Anything for double speed!

@synctext
Copy link
Member

Reminder: thesis-grade material! !

@ichorid
Copy link
Contributor

ichorid commented Aug 5, 2019

@egbertbouman , don't you mind lookin' at this one? Should we put in on 7.4?

@ichorid ichorid modified the milestones: Backlog, V7.4: P3 + nested channels Aug 5, 2019
@egbertbouman
Copy link
Member

@ichorid It's already implemented (Tribler/py-ipv8@ea90aad),

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@egbertbouman egbertbouman

Labels
type: enhancement
Milestone
V7.4: Python 3
Development

No branches or pull requests
6 participants
@synctext @devos50 @ichorid @Captain-Coder @qstokkink @egbertbouman