Hi, Looking at the performance figures for the X2 and X4 variant of AEGIS on AMD Zen 4 and Apple M1, I started thinking if adding parallelism at the algorithm level is the right solution. An alternative is to add parallelism at the protocol level similar to IPsec, something DTLS 1.3 and QUIC do not currently support. In QUIC and DTLS 1.3 you could for example add an extension to include the Connection ID in the derivation of traffic secrets (lets ignore key updates for now) and use several Connection IDs in parallel over a single connection.
Would 2 or 4 parallel AEGIS-128L have better performance than AEGIS-128X2 and AEGIS-128X4? https://github.com/jedisct1/aegis-X Cheers, John On 2024-12-01, 14:23, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote: Internet-Draft draft-denis-tls-aegis-03.txt is now available. Title: AEGIS-based Cipher Suites for TLS 1.3, DTLS 1.3 and QUIC Authors: Frank Denis Samuel Lucas Name: draft-denis-tls-aegis-03.txt Pages: 9 Dates: 2024-12-01 Abstract: This document proposes new cipher suites based on the AEGIS family of authenticated encryption algorithms for integration into the TLS 1.3, DTLS 1.3, and QUIC protocols. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-denis-tls-aegis/. Source for this draft and an issue tracker can be found at https://github.com/jedisct1/draft-denis-tls-aegis. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-denis-tls-aegis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-denis-tls-aegis-03.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-denis-tls-aegis-03 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
