<head> <meta http-equiv="Content-Type" content="text/html "> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>'High-speed cryptography' - MARC</title> <link rel="stylesheet" type="text/css" href="/style.css"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000C0" vlink="#800080"> <pre><b>[<a href="?l=djbdns&m=121983922614669&w=2">prev in list</a>] [<a href="?l=djbdns&m=122013198205141&w=2">next in list</a>] [<font color="#c0c0c0">prev in thread</font>] [<a href="?l=djbdns&m=122013198205141&w=2">next in thread</a>] </b> <b><font size=+1> List: <a href="?l=djbdns&r=1&w=2">djbdns</a> Subject: <a href="?t=122011955200001&r=1&w=2">High-speed cryptography</a> From: <a href="?a=90366931100012&r=1&w=2">"D. J. Bernstein" &lt;djb () cr ! yp ! to&gt;</a> Date: <a href="?l=djbdns&r=1&w=2&b=200808">2008-08-30 18:04:06</a> Message-ID: <a href="?i=20080830180406.87178.qmail%20()%20cr%20!%20yp%20!%20to">20080830180406.87178.qmail () cr ! yp ! to</a></font> [Download RAW <a href="?l=djbdns&m=122011940521548&q=mbox">message</a> or <a href="?l=djbdns&m=122011940521548&q=raw">body</a>]</b> Tobias Reckhard writes: &gt; Note that we haven't even begun to touch on the performance issues. &gt; Publishing a thousand precomputed signatures a second is much less work &gt; than having to set up a thousand RSA-and-Diffie-Hellman-secured network &gt; connections in the same time.. On the other hand, those precomputed signatures have to be separately verified by each recipient. State-of-the-art protocols to encrypt _and_ authenticate packets take more work for the first packet but allow very low-cost handling of subsequent packets between the same parties. More importantly, the work for the first packet has been dramatically reduced in recent years. High-security 255-bit elliptic curves, billions of times more difficult to break than 1024-bit RSA by current attacks, can handle 1000 new communication partners in just 40 milliseconds on a Core 2 Quad with state-of-the-art software. <a href="http://dnscurve.org" rel="nofollow">http://dnscurve.org</a> describes a new link-level DNS security protocol that takes advantage of these advances in cryptographic speed. The protocol provides integrity (recognizing and discarding forged packets) _and_ some confidentiality, while drastically simplifying implementation and administration compared to DNSSEC. ---D. J. Bernstein Research Professor, Computer Science, University of Illinois at Chicago <b>[<a href="?l=djbdns&m=121983922614669&w=2">prev in list</a>] [<a href="?l=djbdns&m=122013198205141&w=2">next in list</a>] [<font color="#c0c0c0">prev in thread</font>] [<a href="?l=djbdns&m=122013198205141&w=2">next in thread</a>] </b> </pre> </pre><br><center> <a href="?q=configure">Configure</a> | <a href="?q=about">About</a> | <a href="?q=news">News</a> | <a href="mailto:webguy@marc.info?subject=Add%20a%20list%20to%20MARC">Add&nbsp;a&nbsp;list</a> | Sponsored&nbsp;by&nbsp;<a href="http://www.korelogic.com/">KoreLogic</a> </center> </body> </html>