
End-To-End Encrypted Kafka with Proxy Re-Encryption - mwilkison
https://nucypher.com/2017/06/13/nucypher-kafka-open-source/
======
hultner
Awesome! Any idea of which latency impact one would see on a fairly modern
system by using this?

~~~
michwill
I think, the biggest latency hit will be from re-encrypting a symmetric key
which encrypts messages, once in a while. This will result in occasional
delays of ~0.25 ms (that's how much one operation with elliptic curve crypto
takes).

The other bottleneck will be from the block cipher, when you actually
encrypt/decrypt messages. Our open source version currently doesn't use AES-NI
for that, so limited by performance of unaccelerated AES256 (few hundred k
messages per second). This impact can be made negligible when using AES-NI
(will come soon).

When using granular encryption, the performance bottleneck will shift to
parsing messages (avro, for example), and will be limited by the performance
of the parser.

~~~
hultner
Excellent answer, do you have a timeline for the AES-NI support?

I was previously really impressed by how it improved my IPSec performance.

~~~
mwilkison
We'll likely ship AES-NI support this quarter!

