[Semi-]off-line encryption

Andrew Haley aph at redhat.com
Thu Sep 29 15:28:49 UTC 2016


GCM allows most of the work in an encryption to be done offline (and
ahead of time) by other processors, reducing latency and increasing
throughput.  It'd be lovely if we could do this in Java, but I can't
really see a way to fit this in to the platform security framework.
We don't want to do this eagerly, because we don't know that more data
will be encrypted and we don't want to speculate.

However, if we had a hint that (say) a large stream would need to
encrypt a megabyte of data at some time in the future we could
precompute a megabyte of keystream.  Has anyone considered this?

Andrew.


More information about the security-dev mailing list