End-To-End Encrypted Kafka with Proxy Re-Encryption

End-To-End Encrypted Kafka with Proxy Re-Encryption(nucypher.com)

3 points by mwilkison 8 years ago | 4 comments

hultner 8 years ago |

Awesome! Any idea of which latency impact one would see on a fairly modern system by using this?

michwill 8 years ago | |

I think, the biggest latency hit will be from re-encrypting a symmetric key which encrypts messages, once in a while. This will result in occasional delays of ~0.25 ms (that's how much one operation with elliptic curve crypto takes).

The other bottleneck will be from the block cipher, when you actually encrypt/decrypt messages. Our open source version currently doesn't use AES-NI for that, so limited by performance of unaccelerated AES256 (few hundred k messages per second). This impact can be made negligible when using AES-NI (will come soon).

When using granular encryption, the performance bottleneck will shift to parsing messages (avro, for example), and will be limited by the performance of the parser.

hultner 8 years ago | | |

Excellent answer, do you have a timeline for the AES-NI support?

I was previously really impressed by how it improved my IPSec performance.