AES-GCM-SIV

在「AES-GCM-SIV: Specification and Analysis」這邊看到 AES-GCM-SIV 的作者自己投稿上去的資料,是個已經被放進 BoringSSL 並且在 QUIC 上使用的演算法:

We remark that AES-GCM-SIV is already integrated into Google's BoringSSL library \cite{BoringSSL}, and its deployment for ticket encryption in QUIC \cite{QUIC} is underway.

在 RFC 上的說明解釋了這個演算法的目的是希望當 nonce 沒有被正確實作時仍然可以有比 AES-GCM 強的保護:

This memo specifies two authenticated encryption algorithms that are nonce misuse-resistant - that is that they do not fail catastrophically if a nonce is repeated.

在 128 bits 的情況下,加密的速度大約是 AES-GCM 的 2/3 (在都有硬體加速的情況下),但解密的速度則與 AES-GCM 相當:

For encryption, it is slower than AES-GCM, because achieving nonce-misuse resistance requires, by definition, two (serialized) passes over the data. Nevertheless, optimized implementations run GCM-SIV (for 128-bit keys) at less than one cycle per byte on modern processors (roughly 2/3 of the speed of nonce-respecting AES-GCM). On the other hand, GCM-SIV decryption runs at almost the same speed as AES-GCM.

不過這就是 trade-off 了,如果 nonce 有正確被實作的話,其實不需要這個...

QUIC 的進展

在「New Work in Seoul」這邊看到 QUIC 的消息:

The QUIC working group has just been chartered, and will meet for the first time in Seoul. This working group is taking Google’s pre-standardization QUIC protocol that has been deployed in production for several years, and will use it as a starting point to develop a UDP-based, stream-multiplexing, encrypted transport protocol with standardized congestion control, TLS 1.3 by default, a mapping for HTTP/2 semantics over QUIC, and multipath extensions. This is the IETF’s first standardized always-encrypted transport protocol, so careful consideration of applicability and operational capabilities will be key for success.

IETFDatatracker 上也可以看到記錄了:「QUIC (quic)」,最下面的 Milestones 可以看到第一階段的目標是在明年二月把基本的協定都定下來,之後再加東西上去。

Google 研發出的 BBR: Congestion-Based Congestion Control

Google 針對 TCP 的 congestion control 研究出了新的方法,是個純 sender-side 的演匴法,可以讓現有的 internet 直接換上去使用:「[net-next,14/14] tcp_bbr: add BBR congestion control」。

在 long-lived TCP connection 愈來愈普及後 (像是 HTTP/2),TCP 連線的最佳化可以用統計模型來計算,這也就是 BBR 的想法:

In a nutshell, BBR creates an explicit model of the network pipe by sequentially probing the bottleneck bandwidth and RTT. On the arrival of each ACK, BBR derives the current delivery rate of the last round trip, and feeds it through a windowed max-filter to estimate the bottleneck bandwidth. Conversely it uses a windowed min-filter to estimate the round trip propagation delay. The max-filtered bandwidth and min-filtered RTT estimates form BBR's model of the network pipe.

不過 QUIC 不是也開始有進展了嗎?(參考「Google Chrome 52 預設開啟了更快的 QUIC (被戲稱為 TCP/2)」這篇)

感覺 QUIC 解決的比較徹底,不過 443/udp 的 firewall 問題的確也是個需要時間解決的課題...

Google Chrome 52 預設開啟了更快的 QUIC (被戲稱為 TCP/2)

在「Google’s QUIC protocol: moving the web from TCP to UDP」這篇前半部在介紹 QUIC (走 UDP 的 TLS),後半部則提到了幾個重點。

首先是 Google Chrome 從 52 開始 (也就是現在的 stable 版) 預設會開啟 QUIC (以前是只有 Google 自家的 domain),這讓採用的價值變高:

Since no one has QUIC support enabled by default in the client, you're probably still safe to run it and enable QUIC in your own browser(s). (Update: since Chrome 52, everyone has QUIC enabled by default, even to non-whitelisted domains)

再來是 QUIC 走 UDP/443:

Well, if we want to allow the QUIC protocol, we will need to allow 443/UDP too.

同時因為走的 Protocol 跟以前不同,所以我可以跑另外一隻 Server 服務使用者,目前只有 Caddy 有支援,雖然是實驗性質:

Right now, the only webserver that can get you QUIC is Caddy since version 0.9.

Both client-side and server-side support is considered experimental, so it's up to you to run it.

至少可以先把 firewall 打開了...

Google 的 QUIC 擴大實驗

QUIC (Quick UDP Internet Connections) 是 Google 發明的協定,主要是希望改善 TCP + TLS 的反應速度,目前是用來加速 Google Chrome 與 Google server 之間的連線。

與 SPDY 或 HTTP/2 不同的地方在於使用了 UDP,這降低了 TCP packet loss 造成的壅塞現象,以及 TCP 3-way handshake 的成本,而這兩點在行動平台上都特別明顯。

依照最新的說法,目前 Google Chrome 連到 Google server 大約有一半的連線會走 QUIC:「A QUIC update on Google’s experimental transport」。

Today, roughly half of all requests from Chrome to Google servers are served over QUIC and we’re continuing to ramp up QUIC traffic, eventually making it the default transport from Google clients — both Chrome and mobile apps — to Google servers.

而在 YouTube 的改善也很大:

These benefits are even more apparent for video services like YouTube. Users report 30% fewer rebuffers when watching videos over QUIC. This means less time spent staring at the spinner and more time watching videos.

由於效果不錯,他們打算要換更多...