IETF Logo Mail Archive

Re: [openpgp] AEAD Chunk Size - Performance

"Neal H. Walfield" <neal@walfield.org> Fri, 01 March 2019 08:58 UTC

Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8095512E7C1 for <openpgp@ietfa.amsl.com>; Fri, 1 Mar 2019 00:58:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EnR3DuPmFH0x for <openpgp@ietfa.amsl.com>; Fri, 1 Mar 2019 00:58:32 -0800 (PST)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E54112D84D for <openpgp@ietf.org>; Fri, 1 Mar 2019 00:58:32 -0800 (PST)
Received: from [46.183.103.8] (helo=chu.huenfield.org.walfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from <neal@walfield.org>) id 1gzdzy-00059y-0H; Fri, 01 Mar 2019 08:58:30 +0000
Date: Fri, 01 Mar 2019 09:58:28 +0100
Message-ID: <87o96vezt7.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: Bart Butler <bartbutler@protonmail.com>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Vincent Breitmoser <look@my.amazin.horse>
In-Reply-To: <C6Yk1rFFoqbz_qGTLC6hMtmhMtRifnQp_-iuICEa_uXIK4BSuKVZt9OId8oTvfV4SYAGr-Syo7lqdHgBgzEHvU7-BFN8KgGCEn766SargwQ=@protonmail.com>
References: <87mumh33nc.wl-neal@walfield.org> <F9VLV9HZWH.3RYL3UM3BN873@my.amazin.horse> <3WZ7-hy9V7TOy53p1gP5EXELzHJIqjouV9x0YTN3PWsBZedKkqvVCRm-2XzGZy-FYAYdTqP1-7YV4wbTWMWAYhSujQA6NmrnIuXfZLRHkdQ=@protonmail.com> <87k1hk2tpv.wl-neal@walfield.org> <C6Yk1rFFoqbz_qGTLC6hMtmhMtRifnQp_-iuICEa_uXIK4BSuKVZt9OId8oTvfV4SYAGr-Syo7lqdHgBgzEHvU7-BFN8KgGCEn766SargwQ=@protonmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/JukTMAMY-RUoHsHxVxyZNht96R4>
Subject: Re: [openpgp] AEAD Chunk Size - Performance
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2019 08:58:35 -0000

At Thu, 28 Feb 2019 19:11:06 +0000,
Bart Butler wrote:
> "Re. Neal's request, I didn't have the numbers anymore, so I unscientifically created some new ones
> 
> It looks like either Chrome or we have actually fixed the performance issues there with c=8 since the last time I tested it, as for most message sizes the performance is the same as c=12 or even a bit faster, except 128KB-256KB, which fits in one chunk with c=12 and there c=8 is about 1.1x - 1.5x slower.
> 
> In Firefox, for >=64KB messages, c=8 is still about 1.5x - 2.5x slower than c=12, however, it looks like most of the overhead of smaller chunks comes from the streams polyfill, not the web crypto API. So that should probably be possible for us to fix."

Thanks for providing these numbers!  It's particularly interesting to
hear how the performance has changed over time.

> I see your logic on 16 kiB but in particular for file encryption I think there's some value to being able to go bigger in the future (L2 cache sizes have changed in the last 20 years as well and will probably change in the next two decades), and to keep the size byte to be able to configure this rather than have an entirely new packet. I think a SHOULD for 16 kiB though is totally appropriate now though for the reasons you mentioned.

Although I have a slight preference for 16 kiB due to performance
concerns, my first priority is security.  I'd like, at the minimum, a
hard ceiling, but I'd prefer no chunk size parameter at all.  I
appreciate backwards compatibility, and I'm willing to go with
renaming "chunk size" to "magic value" and fixing that to the C
corresponding to 256 kiB chunks.

v2.23.0 | Report a Bug | By Email