Replying to Avatar Alex Gleason

nip04 encrypt: 5,000 iter/s

aes-cbc without a shared secret encrypt: 40,000 iter/s

aes-gcm and nip44 basically the same.

The point is if you're encrypting a message to only yourself, it's 10x faster to not do this diffie-hellman thing and just BYO secret.

Please note that I don't actually understand all these words, I just ran a few benchmarks, and decided to encrypt secrets in my database with aes-gcm and just one key instead of nip44/nip04.
Avatar
ChipTuner 1y ago

If you are just speaking about symmetric encryption yes of course it's going to be much faster. The same reason most of the world (TLS) uses it after doing a key exchange. The goal of nip04 and 44 was to bring "asymmetric" encryption using ECDH. The key derivation part is expensive. EC is typically far more computationally expensive than most other forms of asymmetric encryption, obviously depending on the data size. Large blocks can have better performance over RSA because you're using a symmetric cipher.

You're still generally going to want to generate IV's and store them with your data.

Finally, unfamiliar with Postgress, but it's generally bad practice to use your own encryption functions if the DB offers encrypted columns. Most SQL implementations do.

https://www.vaughnnugent.com/public//resources/downloads/cms/c/6jzklj4a2ku5cdzyfkl64pgciy.webp

Reply to this note

Please Login to reply.

Discussion

Avatar
frphank 1y ago

> EC is typically far more computationally expensive than most other forms of asymmetric encryption

There is no EC encryption.

Avatar
ChipTuner 1y ago

No kidding? The following comment

> The goal of nip04 and 44 was to bring "asymmetric" encryption using ECDH

Avatar
frphank 1y ago

Yes. The goal of nip04 and 44 was to bring symmetric encryption using AES derived from a key exchange using ECDH. It's the AES doing the encryption.

If you're using RSA at all, usually by RNGing an AES key and using RSA to encrypt the AES key. And then use that to encrypt the clear text. So in both cases it's AES doing the encryption.

If you're comparing performance, the computational cost of encryption part using AES depends on the size of the clear text and is the same in both cases whereas the ECDH key exchange or the RSA encryption of the AES key are a once off.

Avatar
ChipTuner 1y ago

You're right. I was being rude for no reason. I'm sorry. I'm assuming you only saw the shared context, not my reply? If it helps, I'm the author of the nip44 C reference implementation.

https://github.com/paulmillr/nip44/tree/main/c