Menu
▾
▴
Re: [OpenCoin-devel] Fwd: [GSoC-2015] OpenCoin Digital Cash App
|
From: Stefan X. <ste...@gm...> - 2015-04-02 07:55:52
|
Hi Guys, if I remember correctly, the performance bottle neck was the RSA blindung and unblinding. We can't use WebCrypto for this purpose because it only offers RSA operations with padding while we would need raw RSA operation. Maybe, as you highlighted, these days the browsers with ASM would be fast enough for this purpose; it would be good to do another round of performance tests. Regards Am 01.04.2015 um 23:25 schrieb Nils Toedtmann: > To see phone speedups, try our old script: > > http://nils.toedtmann.net/pub/BigInt-blinding.html > > Mind you it's 2.5y old, and the BigInt.js is not based on asm.js, and it > might not have been the fastest BigInt implementation in the first > place. BTW it's one of my few code contributions ;-) > > > Obviously I am not a coder, so i can easily be wrong here. But BigInt in > C can be pretty darn fast. If you only have fast Int operations and you > have to build BigInt yourself on top of those, you will be slower. > > But i admit that this is academic without having benchmarked it. So > let's do that! > > > If i find the time (not likely in the coming weeks) i might try to > re-factor above test-script to use a decent asm.js-based BigInt lib. > > /n > > > > > On 01.04.2015 20:08, Tom Salfield wrote: >> What do you mean by 'native' bigint? >> >> Asm.js code should run at a speed in the same order of magnitude as >> equivalent c/c++ code. Obviously we would have to benchmark specific >> bigint implementations to be sure of this. It's also possible to compile >> existing c/c++ libraries to asm.js - as mentioned in my previous posts. >> >> Also, browsers have become a lot faster in general in the last 2 years. >> >> Would be interesting to run Joerg's benchmark script again on new >> browsers and on a decent laptop as phone browsers will of course be much >> slower. I'd also like to see comparison with the opencoin reference >> implementation. >> >> On 01.04.2015 17:08, Tom Salfield wrote: >>> Happy to be the messenger of good news for OpenCoin. So, why don't we >>> encourage these GSOC students to try to build a browser wallet? >> >> +1! >> >> >>> I'd assume that the only thing holding this back was the lack of a >>> proper RNG >> >> That, and access to fast BigInt for blinding. >> >> >>> - I think that is the conclusion we came to a couple of years >>> ago. Possibly the speed of browsers a few years ago may have also been >>> prohibitive. >>> >>> I'm not sure about the exact consistency of WebCryto API implementations >>> of higher level protocols (RSA, AES etc). >>> >>> I'm currently using standard javascript implementations of AES, ChaCha, >>> SHA512, SHA256 implementations without any real speed issues. I'm sure >>> asymmetric algorithms pose much greater performance issues. >> >> They usually do. See this thread for some benchmark results on phones >> where the blinding BigInt is done in standard java script: >> >> http://sourceforge.net/p/opencoin/mailman/message/30169063/ >> >> Now that might not have been the most efficient BigInt lib available, >> and phone CPUs got faster since then, but i still expect 2048bit >> blinding to be laggy without native BigInt support. >> >> >>> However, I >>> believe this can be much faster when leveraging asm.js - though I >>> haven't used the library I referenced earlier. >>> >>> In that case, I'm not convinced that there is too much value in using >>> the web-crypto versions of RSA/AES etc, seems likely that it won't be >>> much more efficient - and you have to trust ALL the browser vendors to >>> implement it securely, rather than a single implementation across all >>> browsers. >> >> It's probably up to the developers which library they prefers to use. >> >> >>>> So use BigInt from ASM, the RNG from WebCrypto, RSA and other primitives >>>> from either and bang there you have all you need! :-) >>>> >>>> Nice to learn that the stuff we've been waiting for for many years have >>>> *finally* made it into the release-version of all major browsers. *phew* >>> >>> Just to be clear, afaik there is no BigInt in asm.js, it is just >>> implemented in the library using asm.js >> >> Oh. Does that mean that there is still no accelerated BigInt in >> browsers? That would throw us back again :-( >> >> >>> - nothing stopped anyone from >>> implementing such a library without asm.js in plain javascript - and >>> such libraries have long existed. >> >> In know, we use(d) them. They are slow. >> >> >>>>> No support in less than IE11, though you could seed a pseudo-random >>>>> number generator with a random seed from a server request - I think - >>>>> but feels riskier. >>>> That would mean to trust the server, which is (trust-wise) equivalent to >>>> doing all crypto server-side in the first place. Not really an option. >>>> >>> Right, I guess that is true in the OpenCoin case - since the blinding is >>> dependent on the RNG. Its not the case for all crypto purposes, for >>> example when generating a nonce for AES, we are able to encrypt data in >>> the browser without ever sending the key to the server. If the nonce >>> were compromised it wouldn't be good - but it isn't equivalent to doing >>> all the crypto server-side. >> >> Agreed. I was only referring to OpenCoin, i should have made that clear. >> >> /n >> >> >>>>> Give me a call if you are ever in London >>>> Will do! >>>> >>>> x/n >>>> >>>> >>>> >>>>> Tom x >>>>> >>>>> >>>>> >>>>> On 01/04/15 14:41, Nils Toedtmann wrote: >>>>>> Re-reading http://sourceforge.net/p/opencoin/mailman/message/31090382/ >>>>>> it looks like the issue was not lack of BigInt support (that was an >>>>>> issue with WebCrypto, not ASM), but crypto-grade randomness. >>>>>> >>>>>> That was almost 2 years ago. Has that improved? Or is there some other >>>>>> source for quality randomness in modern browsers? >>>>>> >>>>>> /n >>>>>> >>>>>> >>>>>> On 01.04.2015 14:31, Nils Toedtmann wrote: >>>>>>> On 01.04.2015 14:28, Nils Toedtmann wrote: >>>>>>>> Hi Tom! >>>>>>>> >>>>>>>> I vaguely remember - but i might be wrong - that there is an >> important >>>>>>>> crypto primitive missing, and that is blinding/unblinding. And >>>>>>>> unfortunatly the API is only exposing crypto primitives, but not the >>>>>>>> underlying BigInt library, so you have to do it outside JS - which is >>>>>>> ^^^^^^^^^^^^^ >>>>>>> Typo. I meant outside ASM >>>>>>> >>>>>>>> pretty slow. >>>>>>>> >>>>>>>> I think i even had conversations with the webcrypto gang about this. >>>>>>>> Will try to find it when i have more time. >>>>>>>> >>>>>>>> /n >>>>>>>> >>>>>>>> >>>>>>>> On 01.04.2015 13:15, Tom Salfield wrote: >>>>>>>>> Hi Stefan, >>>>>>>>> >>>>>>>>> On 15/03/15 21:41, Stefan Xenon wrote: >>>>>>>>>> A while ago we did some tests and found that native JS may be >>>>>>>>>> problematic because it is very slow for some of our crypto >> operations. >>>>>>>>>> We concluded that a native "module" would be a good choice when >> using >>>>>>>>>> Phonegap. This module would be native platform code (e.g. Java for >>>>>>>>>> Android) and perform the crypto calculation. Do you have >> experience in >>>>>>>>>> using such? >>>>>>>>> Out of interest what were the performance problems in doing this >> using >>>>>>>>> browser crypto? I'd have thought that with faster browsers, and >> built in >>>>>>>>> random number generation this should perform quite well by now. In >>>>>>>>> firefox and chrome and probably IE12 there is asm.js support - >> making >>>>>>>>> implementations potentially significantly faster: >>>>>>>>> >>>>>>>>> https://github.com/vibornoff/asmcrypto.js/tree/master/src >>>>>>>>> >>>>>>>>> Anyway, just interested to know where the bottleneck would be? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Tom >>>>>>>>> >>>>>>>>> >> ------------------------------------------------------------------------------ >>>>>>>>> Dive into the World of Parallel Programming The Go Parallel >> Website, sponsored >>>>>>>>> by Intel and developed in partnership with Slashdot Media, is >> your hub for all >>>>>>>>> things parallel software development, from weekly thought >> leadership blogs to >>>>>>>>> news, videos, case studies, tutorials and more. Take a look and >> join the >>>>>>>>> conversation now. http://goparallel.sourceforge.net/ >>>>>>>>> _______________________________________________ >>>>>>>>> OpenCoin-devel mailing list >>>>>>>>> Ope...@li... >> <mailto:Ope...@li...> >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/opencoin-devel >>>>>>>>> >>> >> > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > OpenCoin-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencoin-devel > |
