Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Speed up AEAD on wrong prekey #1369

Merged
merged 1 commit into from
Dec 21, 2023
Merged

Speed up AEAD on wrong prekey #1369

merged 1 commit into from
Dec 21, 2023

Conversation

AaronFeickert
Copy link
Contributor

PR intention

Speeds up AEAD authenticated decryption failure when the wrong prekey is used, which can speed up scanning operations.

Code changes brief

Currently, AEAD authenticated decryption derives both the key and key commitment before checking if the key commitment is correct. This is wasteful; when scanning outputs, the vast majority will produce the wrong key commitment, so the key is never used.

This PR allows authenticated decryption to fail before deriving the key. This cuts the overall operation time by half.

Note that both the current and proposed designs are not constant-time operations! This means that an adversary with access to a timing side channel can use this information to determine which outputs a user controls.

@levonpetrosyan93 levonpetrosyan93 merged commit 4f68008 into firoorg:master Dec 21, 2023
5 checks passed
@AaronFeickert AaronFeickert deleted the aead-speedup branch December 21, 2023 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psolstice psolstice psolstice approved these changes

@levonpetrosyan93 levonpetrosyan93 levonpetrosyan93 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AaronFeickert @psolstice @levonpetrosyan93