Encrypting the internet

End-to-end communication encryption is considered necessary for protecting the privacy of user data in the Internet. Only a small fraction of all Internet traffic, however, is protected today. The primary reason for this neglect is economic, mainly security protocol speed and cost. In this paper we argue that recent advances in the implementation of cryptographic algorithms can make general purpose processors capable of encrypting packets at line rates. This implies that the Internet can be gradually transformed to an information delivery infrastructure where all traffic is encrypted and authenticated. We justify our claim by presenting technologies that accelerate end-to-end encryption and authentication by a factor of 6 and a high performance TLS 1.2 protocol implementation that takes advantage of these innovations. Our implementation is available in the public domain for experimentation.

[1]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[2]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[3]  Kimberly Peretti Data Breaches: What the Underground World of Carding Reveals , 2009 .

[4]  Ruby B. Lee,et al.  On-chip lookup tables for fast symmetric-key encryption , 2005, 2005 IEEE International Conference on Application-Specific Systems, Architecture Processors (ASAP'05).

[5]  Adam J. Elbirt Fast and Efficient Implementation of AES via Instruction Set Extensions , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[6]  Brian A. Carter,et al.  Advanced Encryption Standard , 2007 .

[7]  Peter L. Montgomery,et al.  Five, six, and seven-term Karatsuba-like formulae , 2005, IEEE Transactions on Computers.

[8]  Shay Gueron,et al.  Intel's New AES Instructions for Enhanced Performance and Security , 2009, FSE.

[9]  J. Wrench Table errata: The art of computer programming, Vol. 2: Seminumerical algorithms (Addison-Wesley, Reading, Mass., 1969) by Donald E. Knuth , 1970 .

[10]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[11]  Patrick Schaumont,et al.  Design and performance testing of a 2.29-GB/s Rijndael processor , 2003, IEEE J. Solid State Circuits.

[12]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[13]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[14]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[15]  Vijay Kumar,et al.  Efficient Rijndael Encryption Implementation with Composite Field Arithmetic , 2001, CHES.

[16]  D.C. Feldmeier,et al.  Fast software implementation of error detection codes , 1995, TNET.

[17]  Ç. Koç Analysis of sliding window techniques for exponentiation , 1995 .

[18]  Chester Rebeiro,et al.  Bitslice Implementation of AES , 2006, CANS.

[19]  Joos Vandewalle,et al.  Comparison of Three Modular Reduction Functions , 1993, CRYPTO.

[20]  Ingrid Verbauwhede,et al.  A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box , 2005, CT-RSA.

[21]  Christof Paar,et al.  Generalizations of the Karatsuba Algorithm for Efficient Implementations , 2006, IACR Cryptol. ePrint Arch..

[22]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[23]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[24]  Paul Barrett,et al.  Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[25]  David A. McGrew,et al.  An Interface and Algorithms for Authenticated Encryption , 2008, RFC.

[26]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[27]  Ingrid Verbauwhede,et al.  A 3.84 gbits/s AES crypto coprocessor with modes of operation in a 0.18-μm CMOS technology , 2005, ACM Great Lakes Symposium on VLSI.

[28]  Ingrid Verbauwhede,et al.  A 21.54 Gbits/s fully pipelined AES processor on FPGA , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[29]  Akashi Satoh,et al.  An Optimized S-Box Circuit Architecture for Low Power AES Design , 2002, CHES.