Mathematics and development of fast TLS handshakes
- Track: Web Performance devroom
- Room: D.web.performance
- Day: Sunday
- Start: 17:25
- End: 18:00
- Video with Q&A: D.webperformance
- Video only: D.webperformance
- Chat: Join the conversation!
Tempesta TLS is an implementation of TLS handshakes for the Linux kernel. Since the kernel already provides symmetric ciphers, we focus on asymmetric cryptography only, elliptic curves in particular.
Use used the mbed TLS library as the foundation and almost fully rewrote it to make is x40 faster. During our development we also use parts of WolfSSL library. While WolfSSL outperforms OpenSSL, it uses the same algorithms, which are 5-7 years of old. Tempesta TLS uses newer and more efficient algorithms from the modern cryptography research.
While we still improving performance of Tempesta TLS, the implementation already establishes 40-80% more TLS handshakes per second than OpenSSL/Nginx and provides up to x4 lower latency in several tests.
This talk covers following topics with plenty of benchmarks:
The fundamentals of elliptic curve computations and the most "hot spots"
Side channel attacks (SCA) and methods to prevent them
How the recent CPU vulnerabilities impact TLS handshakes
Basics of the new fast algorithms used in the Tempesta TLS
The design trade offs in OpenSSL, WolfSSL, mbed TLS, and Tempesta TLS
The funny assembly code with is more straightforward than C
Speakers
Alexander Krizhanovsky |