[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17311589#comment-17311589 ] ASF GitHub Bot commented on PARQUET-1659: - shangxinli closed pull request #153: URL: https://github.com/apache/parquet-format/pull/153 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17311590#comment-17311590 ] ASF GitHub Bot commented on PARQUET-1659: - shangxinli commented on pull request #153: URL: https://github.com/apache/parquet-format/pull/153#issuecomment-810364717 I just closed this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17311390#comment-17311390 ] ASF GitHub Bot commented on PARQUET-1659: - pitrou commented on pull request #153: URL: https://github.com/apache/parquet-format/pull/153#issuecomment-810115525 There doesn't seem to have been any activity around this (or the attached JIRA) since September 2019. @ggershinsky Do you think it is worthwhile keeping this open? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935626#comment-16935626 ] Gidon Gershinsky commented on PARQUET-1659: --- lets discuss these numbers via mail, or google doc, etc, to spare the dev mailing list subscribers. > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935610#comment-16935610 ] Gidon Gershinsky commented on PARQUET-1659: --- Sounds good, we are basically in sync on this. Lets understand the technical details behind the observed difference. For each encrypted module type (pages, page headers, columnmetadata, etc) could you find the number of modules and the total size of each type in your files (by simply adding a debug code in the right places). > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935553#comment-16935553 ] Xinli Shang commented on PARQUET-1659: -- Yes, I understood the philosophy of designing GCM_CTR. The page size is default 1M. The footer size shouldn't matter because I commented out the code to generate the signature for the footer. What I suspect is that there could be some *base* overhead for invoking GCM even you have very few data(metadata in this case) to generate the signature. Many companies are still using Java 8 I think. Introducing *CTR only* doesn't mean rule out *GCM/GCM_CTR*. It just adds one more option for people to choose as a trade-off between performance and security. Unless *CTR only* itself has a security hole, which I don't think so, it would be nice to let people choose. Yes, that would require to change the spec. But this is a very lightweight change and it doesn't change any direction of the original encryption design. I am not sure it still require PMC votes(any spec change need PMC vote?), but I think once we have agreement on the technical part, we can bring to PMCs to ask. > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934945#comment-16934945 ] Gidon Gershinsky commented on PARQUET-1659: --- A number of comments # The idea behind AES_GCM_CTR is that in Parquet files the metada size is negligible compared to the data size. E.g., the default page size is around megabyte, and the page header is say a hundred bytes- meaning the metadata is around 0.01% of data. When running with old Java (with AES-NI acceleration), GCM is indeed slower than CTR, but applying it on 0.01% of the file shouldn't be noticeable. # Basic math shows that getting 10% speed up means that in your files the metadata part is around a few percents, instead of 0.01%. Would be good to analyze the reasons (small pages? or small files where the footer size becomes a considerable part of the file size? anything else?) - this is easy to measure. # Java 9 and later run AES in hardware, so its possible to get full data protection (encryption and integrity guarantees) via GCM without noticeable change in throughput. # Introduction of a third algorithm means additions in the spec and in the thrift and could require another round of PMC vote. We might want to proceed with the parquet-2.7.0 release as is, and in parallel investigate the reasons you get 10% speed up (item 2). If we decide to add a pure CTR algo, it can be a part of say parquet-2.7.1. > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (PARQUET-1659) Add AES-CTR to Parquet Encryption
[ https://issues.apache.org/jira/browse/PARQUET-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934758#comment-16934758 ] ASF GitHub Bot commented on PARQUET-1659: - shangxinli commented on pull request #153: PARQUET-1659: Add AES-CTR to Parquet Encryption URL: https://github.com/apache/parquet-format/pull/153 Make sure you have checked _all_ steps below. ### Jira - [ ] My PR addresses the following [Parquet Jira](https://issues.apache.org/jira/browse/PARQUET/) issues and references them in the PR title. For example, "PARQUET-1234: My Parquet PR" - https://issues.apache.org/jira/browse/PARQUET-XXX - In case you are adding a dependency, check if the license complies with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). ### Commits - [ ] My commits all reference Jira issues in their subject lines. In addition, my commits follow the guidelines from "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)": 1. Subject is separated from body by a blank line 1. Subject is limited to 50 characters (not including Jira issue reference) 1. Subject does not end with a period 1. Subject uses the imperative mood ("add", not "adding") 1. Body wraps at 72 characters 1. Body explains "what" and "why", not "how" ### Documentation - [ ] In case of new functionality, my PR adds documentation that describes how to use it. - All the public functions and the classes in the PR contain Javadoc that explain what it does This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Add AES-CTR to Parquet Encryption > -- > > Key: PARQUET-1659 > URL: https://issues.apache.org/jira/browse/PARQUET-1659 > Project: Parquet > Issue Type: Improvement > Components: parquet-cpp, parquet-format, parquet-mr >Affects Versions: format-2.6.0 >Reporter: Xinli Shang >Priority: Minor > Labels: pull-request-available > > AES-GCM-CTR perform GCM encryption on metadata and CTR encryption on data. > AES-CTR would perform CTR encryption on both. > During Perf testing, we found AES-CTR can improve read/write performance by > ~10% comparing with AES-GCM-CTR. > > I checked with Gidon and the initial assumption was that AES-GCM-CTR would > have similar performance as AES-CTR. But with recent performance > benchmarking, we found it is worthy to introduce AES-CTR. Since many > companies strive for parquet performance improvement. > -- This message was sent by Atlassian Jira (v8.3.4#803005)