IETF Logo Mail Archive

Re: [Cfrg] network traffic

David Jacobson <dmjacobson@sbcglobal.net> Mon, 23 February 2015 16:48 UTC

Return-Path: <dmjacobson@sbcglobal.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 548651A1BCE for <cfrg@ietfa.amsl.com>; Mon, 23 Feb 2015 08:48:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRv7JUY5DyPi for <cfrg@ietfa.amsl.com>; Mon, 23 Feb 2015 08:47:57 -0800 (PST)
Received: from nm1-vm4.access.bullet.mail.gq1.yahoo.com (nm1-vm4.access.bullet.mail.gq1.yahoo.com [216.39.63.89]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BDFD1A1B9E for <cfrg@irtf.org>; Mon, 23 Feb 2015 08:47:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s2048; t=1424710077; bh=WHwZqD412zdMrSKyaZAIvnp7HuntxSxB3pKKq88FJ5w=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=svQyhBhUInKOjBUPA96Go8T+KoJ88vTTc5lgoj7KT4oxKO6N5jH+eOQO+NMGZmKUlNVISQ92KNz0cS3HANgNwln5EKGN+NTbQkyL0UhK+bIKvR9Zsdv7b45JJaDT6tnCFOXs8jWJ/yXAZFzNxW5DJsiww0mpevPJWNy6/DOCKvlzKaVRRYRgkgoDhY0j+ZUktINKKs8Z6wRdkoZP+97MViZYzzryxZPN7MhYl3FhrGfHyu3rH/8OgzKLV6rRmJPrTSECXQBD/f4o4EFj1ygsUvY0OnjtjWQ8dUHoOC47s2A5zuD5fCyeUCUXBiSqzQYdu/bWFOv1buNmbyfYDuyaKw==
Received: from [216.39.60.166] by nm1.access.bullet.mail.gq1.yahoo.com with NNFMP; 23 Feb 2015 16:47:57 -0000
Received: from [67.195.23.145] by tm2.access.bullet.mail.gq1.yahoo.com with NNFMP; 23 Feb 2015 16:47:57 -0000
Received: from [127.0.0.1] by smtp117.sbc.mail.gq1.yahoo.com with NNFMP; 23 Feb 2015 16:47:57 -0000
X-Yahoo-Newman-Id: 198802.80970.bm@smtp117.sbc.mail.gq1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: _d1TZ1oVM1kekfy7ArTIkW5ftV_rpY5J.1_tyZQLiMiWkf_ JiqG0AfDHo6VA33yzoiT8EO1uyhWZ6B3.jG5QL10EPzsFx656wF1fQxzsNoX C99D1ccmrou2GeaqJ32P9LeF5y57eJ.Yey0FYywuJyqHN4QKuX8DDzld0V5P RlYYJiQ_aCvVpfFwWtmqs7l2I5DgToZXK8GbHxAyu3yDH7r9kaRfnPJmrAhX DRjFQAlJpGtQYG4ivwr2W.ElvFHAzYg_829I.KMsH0aeo_Z66H3RGhy9slQp FXpdxFYjFwm5LGHMp6MLCIsS4ZTK_ViESHd_9cA2XpOm8BegeINiibnp4O5U 4m9iTJ37b0bzm7iioqjXgnnn47VwKJizAtIiYD9AJaP.fP2eGxicWdzua0Je Q1nUU0NhEYAVN9cgbjnlCmB0h_wR.0yfTh3SoymQBovhbepM5vd3ECj9Fafk tEu2cqR0Tb5F6uekN2i5U5Zen8bt9AbtDHQjy4g4C1mrp9Y.Z2gLOjcJ42lF vMkRPyQiTQRcI3.dm_EZxfhzXyT3RTrm912NtSIpQjDx6dPspLW8HZA--
X-Yahoo-SMTP: nOrmCa6swBAE50FabWnlVFUpgFVJ9Gbi__8U5mpvhtQq7tTV1g--
Message-ID: <54EB59BC.80308@sbcglobal.net>
Date: Mon, 23 Feb 2015 08:47:56 -0800
From: David Jacobson <dmjacobson@sbcglobal.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: RONDEPIERRE Franck <F.RONDEPIERRE@oberthur.com>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <20150222163717.GA6342@roeckx.be> <20150223032102.23370.qmail@cr.yp.to> <8FBEB0194016E64D9DF7E7855CD88E0C0E9A8E80@FRPASERV0088.emea.oberthurcs.com>
In-Reply-To: <8FBEB0194016E64D9DF7E7855CD88E0C0E9A8E80@FRPASERV0088.emea.oberthurcs.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/j4FCOfVYBsYUqhy6EgUo084KlK4>
Subject: Re: [Cfrg] network traffic
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 16:48:00 -0000

Where computational efficiency does matter is code verification in 
embedded systems.  For automotive systems, they often want boot times on 
the order of half a second or less.  The code is running on a low-end 
ARM processor and has to validate the certificate chain and the 
executable image.  In some mobile systems, entire subsystems (say WiFi) 
are shut down when not being used, to save power.  They are powered back 
on, and have to boot and verify the code signature in a new 
milliseconds. Alas, in these systems there is no secure non-volatile 
memory available and thus the shortcut of just checking the hash of the 
image against the correct value won't work.

Now admittedly the CFRG serves the IETF, and thus is focused on network 
issues, not embedded systems. So my remarks are perhaps out of scope.  
But standards developed for networking are widely used for other things.

     --David Jacobson

On 2/23/15 3:12 AM, RONDEPIERRE Franck wrote:
> I suggest another view for this study with same figures.
>
> Let's say we are working at 128 bit of security, with uncompressed 64-byte points. Let's assume the key agreement requires 300k CPU cycles.
> Hence each 3GHz CPU can process 10k key agreements per second whereas the network can absorb 195k key agreements per second.
> Besides, most websites do not have more than 10k connections per second, with the exception of google which processes roughly 65k researches per second in 2014 (less than in 2013).
> In this context, which part benefits most from improvement? I'd rather say that saving computations would help to increase the capacity of websites.
> How this still means nothing as long as we don't identify the bottleneck by taking into account the global network capacity, the cost to install wires, the cost of servers (internet providers or web sites)...
>
> I personally doubt it has importance at our level, since big companies will adapt (or not) depending on their policy to fit customers needs and they would make us pay for it (with more commercials or money). I also reckon that cryptography has currently no impact on the internet bandwidth.
>
> On the internet user side, I think we can agree that saving time is pointless since the whole cost of the key agreement (0.1 ms) is nothing compare to human times.
>
> My current personal point of view is that internet industry doesn't really need performance improvements, but I'm ready to listen other argumentations.
>
> Regards,
>
> Franck Rondepierre
>
> -----Message d'origine-----
> De : Cfrg [mailto:cfrg-bounces@irtf.org] De la part de D. J. Bernstein
> Envoyé : lundi 23 février 2015 04:21
> À : cfrg@irtf.org
> Objet : [Cfrg] network traffic
>
> Kurt Roeckx writes:
>> Depending on who you ask you might get a different answer, but I doubt
>> many people here care about bandwidth.
> I care very much about network traffic---although it has to be quantified and put into context, just like CPU time.
>
> As a concrete example, suppose your server resources are ten quad-core 3GHz CPUs and a 100Mbps network connection. Each microsecond the CPUs will perform a total of 120000 cycles of computation while the network connection will transmit 100 bits, i.e., 12.5 bytes.
>
> Case study 1: Suppose you save 20000 cycles of computation by replacing a compressed 32-byte point with an uncompressed 64-byte point. You're
>
>     * saving 0.17 microseconds of computation but
>     * costing 2.56 microseconds of network capacity.
>
> Is this a worthwhile tradeoff? The factor 15 imbalance suggests an answer of "no" (unless your ten servers cost fifteen times more than your network connection, which I doubt). This isn't a guarantee---maybe at this instant your CPUs are fully loaded while your network isn't--- but my experience is that if you need to reduce CPU time then there will be many better ways to reduce CPU time in other parts of the system with less cost to the network.
>
> For me security and simplicity are ample reasons to require compression, but this example still illustrates how to think about the performance impact.
>
> Case study 2: Suppose you save 200000 cycles of computation by switching from 65-byte numsp512t1 points to 66-byte E-521 points. You're
>
>     * saving 1.67 microseconds of computation but
>     * costing 0.08 microseconds of network capacity.
>
> Is this a worthwhile tradeoff? The factor 20 imbalance the other way suggests an answer of "yes" (unless your network connection costs twenty times more than your ten servers, which I doubt). This again isn't a guarantee---maybe at this instant your network is fully loaded while your CPUs aren't---but my experience is that there will be many better ways to reduce network traffic in other parts of the system with less cost to the CPUs.
>
> I should note that a single numsp512t1 coordinate uses only 64 bytes, but sending a compressed second coordinate spills over into another byte. Of course, a single-coordinate ladder skips this compressed bit; there are various cheap tricks to squeeze more bits out of keys; and one can always squeeze out another bit by doubling the key-generation time.
> Any method of saving 1 bit will squeeze numsp512t1 into 64 bytes; any method of saving 4 bits will squeeze E-521 into 65 bytes; any method of saving 9 bits will squeeze numsp512t1 into 63 bytes; etc.
>
> ---Dan
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email