On Sun, 17 Sep 2017 21:04:28 -0400 Nick Mathewson nickm@alum.mit.edu wrote:
I think the first step here is to instrument relays to figure out what fraction of their cryptography is relay cell cryptography: this could tells us what slowdown we should expect. (It _should_ be about a third of our current cell crypto load, but surprises have certainly been known to happen!)
I'd also argue that instrumenting an high traffic client is important (if only so that there aren't unpleasant surprises later in the form of the clients hosting spacebookgopheri.onion or whatever exploding).
There was some discussion about obtaining profiler output for this particular case, but AFAIK nothing really happened[0].
The current performance we have is much faster than 13 cpb -- we're at approximately one AES, plus one third of a SHA1. (The "one third" is because only clients and exits do the SHA1 step.)
I wonder how many of the relays have support for hardware assisted SHA. (nb: I don't have access to ARMv8, Ryzen or a sufficiently new Intel system, so I don't know how good the implementations are)
Regards,