[tor-relays] hardware accelerated crypto
Andy Isaacson
adi at hexapodia.org
Tue Oct 1 18:39:56 UTC 2013
On Fri, Sep 13, 2013 at 12:25:47AM +0200, Sarah Vigote wrote:
> I would like to run a 100Mb/s tor exit node, but I have issues wrt
> power consumption.
>
> reading
> http://ortizaudio.blogspot.fr/2011/10/using-dreamplugs-crypto-chip.html
> it seems dreamplugs has *fast* aes-128-ecb.
>
> Does anyone have any experience running a node based on cheap crypto
> chip (dreamplug, marvell 88F6282, sheeva-core, padlock, ...) ? What
> performance can I expect out of these ?
Unfortunately AES is not the primary CPU consumer on Tor nodes right
now; we spend a lot more time doing bignum computation for TAP
circuits. Crypto accelerators don't work very well for bignums.
It's not a perfect equivalence, but "openssl speed rsa" should give a
reasonable estimate of how well your chip will do for TAP circuit
creation. Here's a dual-core Westmere at 2.1 GHz (should be fairly
close to a modern Xeon core):
sign verify sign/s verify/s
rsa 512 bits 0.000105s 0.000007s 9548.7 137778.7
rsa 1024 bits 0.000340s 0.000021s 2941.1 48539.0
rsa 2048 bits 0.002205s 0.000070s 453.4 14362.8
rsa 4096 bits 0.016398s 0.000260s 61.0 3840.3
A single Xeon core can currently handle most of a 100 Mbps exit node's
traffic, so you should look for a dual-core chip that delivers at least
1500 sign/s on rsa-1024. Unfortunately I doubt there are any ARM chips
that can compete.
-andy
More information about the tor-relays
mailing list