[CGA-EXT] FYI - an article on improving performances of CGA and SEND

Tony Cheneau <tony.cheneau@it-sudparis.eu> Thu, 28 January 2010 12:55 UTC

Return-Path: <tony.cheneau@it-sudparis.eu>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 00C263A6A3A for <cga-ext@core3.amsl.com>; Thu, 28 Jan 2010 04:55:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id TSp8KuJVxvjK for <cga-ext@core3.amsl.com>; Thu, 28 Jan 2010 04:55:51 -0800 (PST)
Received: from smtp4.int-evry.fr (smtp4.int-evry.fr []) by core3.amsl.com (Postfix) with ESMTP id 9D4213A689D for <cga-ext@ietf.org>; Thu, 28 Jan 2010 04:55:49 -0800 (PST)
Received: from smtp2.int-evry.fr (smtp2.int-evry.fr []) by smtp4.int-evry.fr (Postfix) with ESMTP id 19BBAFE440F for <cga-ext@ietf.org>; Thu, 28 Jan 2010 13:56:07 +0100 (CET)
Received: from smtp-ext.int-evry.fr (smtp-ext.int-evry.fr []) by smtp2.int-evry.fr (Postfix) with ESMTP id 753BB404FBC for <cga-ext@ietf.org>; Thu, 28 Jan 2010 13:56:02 +0100 (CET)
Received: from [] (unknown []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-ext.int-evry.fr (Postfix) with ESMTP id 509E4900AF for <cga-ext@ietf.org>; Thu, 28 Jan 2010 13:56:02 +0100 (CET)
Date: Thu, 28 Jan 2010 13:55:58 +0100 (CET)
From: Tony Cheneau <tony.cheneau@it-sudparis.eu>
X-X-Sender: shad@whitebox
To: cga-ext@ietf.org
Message-ID: <alpine.LNX.2.00.1001281337520.6953@whitebox>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-713604212-1264683359=:6953"
X-INT-MailScanner-Information: Please contact the ISP for more information
X-INT-MailScanner-ID: 753BB404FBC.AB4CE
X-INT-MailScanner: Found to be clean
X-INT-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached, score=-4.399, requis 6.01, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60)
X-INT-MailScanner-From: tony.cheneau@it-sudparis.eu
Subject: [CGA-EXT] FYI - an article on improving performances of CGA and SEND
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2010 12:55:52 -0000


FYI, we released a paper that presents performance enhancement in CGA
and SEND using ECC and GPGPU. I would like to emphasis that using GPGPU
(with a very cheap graphic card), we were able to generate CGA with a
SEC=2 on an average below 10 minutes.

Here is the abstract:
Cryptographically Generated Addresses (CGA) are today mainly used with
the Secure Neighbor Discovery Protocol (SEND). Despite CGA
generalization, current standards only show how to construct CGA with
the RSA algorithm and SHA-1 hash function. This limitation may prevent
new usages of CGA and SEND in mobile environments where nodes are energy
and storage limited.

In this paper, we present the results of a performance and security
study of the CGA and SEND. To significantly improve the performances of
the CGA, we investigate first replacing RSA with ECC (Elliptic Curve
Cryptography) and ECDSA (Elliptic Curve DSA), and second using the
General-Purpose computing on Graphical Processing Units (GPGPU).
Finally, a performance comparison between different hash algorithms
(SHA-256, WHIRLPOOL,…) allows to prepare a better transition for the CGA
when SHA-1 will be deprecated.

This is sadly, I think, behind a paywall: