[tahoe-dev] 100-year cryptography

Jack Lloyd lloyd at randombit.net
Wed Mar 10 18:39:33 UTC 2010


On Wed, Mar 10, 2010 at 10:04:54AM -0800, Chris Palmer wrote:
> Jack Lloyd writes:
> 
> > two of the biggest CPU drains for normal user desktop machines are
> > video and SSL,
> 
> Where is the proof that SSL even rates as a blip? I wonder because

No proof, simply an inference from these assumptions:

VIA is a commercial company, wishing to make as much profit as
possible

VIA choose an additional expense both at R&D time and in ongoing
manufacturing costs in developing and including hardware accel for
crypto

Assuming VIA is a rational decision making entity, they took the cost
of adding the hardware with the expectation that increased sales would
more than make up for the costs.

The added hardware would only increase sales if customers believe that
a VIA chip with crypto was better than a VIA chip without. Since the
only advantage the hardware offers is in terms of speed and power
consumption [1], that presumably is the advantage (real or imagined)
that increases its value to customers.

From this, we can assume that customers believe that crypto is slow
and power-hungry, which is a somewhat tautalogical result since we
already know that there is a wide (mis-)perception that crypto is a
bottleneck.

Obviously there are numerous plausible scenarios where any or all of
my assumptions might be false.

So, I suppose, two corrections to my statement are in order:

1) I used SSL as a standine for SSL/hard drive encryption/PGP/whatever
as a convenience. (And because SSL is probably the area that most
average humans encounter crypto)

2) Prefix my statement with "VIA believes that its probable customer
market believes that two of the biggest drains ..."

Keep in mind though - the mere _perception_ that crypto is a
bottleneck may be entirely sufficient to encourage CPU manufactuers to
make it faster. Since this often gets us crypto hardware 'for free'
[2] that is not only faster/more power efficient but safer (in terms
of preventing timing and cache attacks, potentially also some fault
attacks, etc): epic win, IMO.

-Jack

[1] Ignoring things like avoiding timing attacks, which is another
advantage but a sufficiently esoteric one that an average computer
buyer, even a somewhat techie one who had a vague notion what AES and
SSL are, probably has not heard of it.

[2] 'Free', as always, meaning 'something that's already been paid
for'. In this case, it was paid for by a small increase in purchase
price across all buyers of Intel CPUs, which is a sufficiently large #
of people that probably it only increased the unit price by pennies.
No matter what the actual price increase, compared to even the
cheapest crypto accelerator add-ins, it's certainly hella cheap.



More information about the tahoe-dev mailing list