On Wed, Mar 07, 2007 at 09:29:43AM -0500, Paul Syverson wrote:
[...]
My kneejerk response is
that (a) the overhead from this vs. everything else in Tor is very
small,
This was one of the major reasons for not doing it at the same time as
CREATE_FAST. Assuming that TLS conns are mostly longer-lived than
circuits, then circuit PK should strongly dominate link PK. The same
amount of data, however, goes over TLS as over circuits.
Given those (fuzzy, inaccurate) assumptions, it follows using
CREATE_FAST should have been sufficient to get rid of 33% of the
server-side PK. Dumping the first circuit hop's AES, however, would
only get rid (at best) of 12.5% of server-side AES, so it wasn't as
immediately clear of a win. (There are 8 server-side AES operations
on all the data now: the first two servers in the circuit need to a
TLS decrypt, a circuit decrypt, and a TLS encrypt; the third server
does a TLS decrypt and a circuit decrypt.)
AES was between 8 and 20% of server CPU time the last time I looked;
this change would save at most 2.5% of server CPU, which doesn't
really make it seem like low-hanging fruit to me.