[tor-bugs] #29023 [Core Tor/Tor]: prop289: Implement a fast PRNG

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 7 03:14:28 UTC 2019 

#29023: prop289: Implement a fast PRNG
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  nickm
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.1.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  prop289, tor-relay, 041-proposed-    |  Actual Points:  3
  on-roadmap                                     |
Parent ID:  #26871                               |         Points:  3
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorV
-------------------------------------------------+-------------------------
Changes (by nickm):

 * status:  assigned => needs_review
 * points:   => 3
 * actualpoints:   => 3


Comment:

 See my branch `fast_rng` with PR at
 https://github.com/torproject/tor/pull/685

 The code uses a AES256-CTR, with a much more efficient construction than
 CTR-DBRG.  The construction is the same one used in libottery, libottery-
 lite, and the BSDs' replacements for arc4random() -- except that it uses
 AES instead of ChaCha.  I'm using AES here because performance matters
 most here on relays, and relays all ought to have cpu support for AES.

 Performance here is much better than the alternatives, even with openssl
 1.1.1a:
 {{{
 ===== rand =====
 crypto_rand(4): 999.539250 nsec.
 crypto_fast_rng_getbytes(4): 9.474050 nsec.
 crypto_strongest_rand(4): 2306.595720 nsec.
 weak_rand(4): 2.113900 nsec.
 crypto_rand(16): 948.858240 nsec.
 crypto_fast_rng_getbytes(16): 13.679440 nsec.
 crypto_strongest_rand(16): 2319.716010 nsec.
 crypto_rand(128): 1110.183610 nsec.
 crypto_fast_rng_getbytes(128): 56.717480 nsec.
 }}}

 I am *not* using this branch by default anywhere yet, but I think we
 should probably remove our weak_rng uses and use this instead.

 No changes file here, since the code isn't actually used yet.

 Please remember that one can bikeshed a rng forever.  Let's not do that in
 this case?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29023#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list