[OTR-users] mpOTR Scalability

Ian Goldberg ian at cypherpunks.ca
Wed Sep 8 08:08:09 EDT 2010


On Tue, Sep 07, 2010 at 04:24:03PM +0200, Christoph A. wrote:
> Hi,
> 
> do you have some raw figures how well mpOTR will scale?
> 
> As the setup phase contains steps that need to be done in a pairwise
> fashion I'm focusing on the scalability of this phase and the DSKE().
> 
> Given n participants the total amount of AuthUser() executions for all
> users together is n*(n-1)/2
> (Depending on your view and definition of AutUser() "/2" is discussable.)
> 
> An important property is that AuthUser() is non-blocking and Alice can
> execute multiple instances of them in parallel to reduce total amount of
> time spent for DSKE().
> 
> Alice doesn't need to wait until AuthUser(Bob) is finished before she
> can start AuthUser(Charlie).
> 
> Did you make some raw estimates (or requirements) when designing mpOTR?
> 
> For example something like: "The Setup-Phase in a room with 10
> participants will take ~22 seconds, given recent notebooks and an
> average network latency of 60 miliseconds".

No, the design didn't have requirements like that.

> The time spent for the generation of the ephemeral signing key might
> also be a considerable part of the setup-phase.

I don't know why this would necessarily be.  For any DL-based signature
scheme, for example, key generation is one modexp.  (Current OTR uses
DSS, which has this property.)  Only for RSA-based schemes is key
generation slow.

> It would be interesting to hear from you (mpOTR designers).
> 
> kind regards,
> Christoph
> --
> example for 10 participants:
> 10*9/2 = 45 AuthUser() instances
> AuthUser() generates 4 packets (without denAKE())
> 45x4=180 packets in total
> 36packets per participant (18 sending + 18 receiving)
> ...but I don't know the size of such packets.

In practice, the size of the packets will be less of a problem than the
rate-limiting that some IM networks impose.  On those networks, one will
have to be very careful about how fast the messages are sent.

Also important is the number of rounds of communication: being able to
blast out 18 messages and wait for their responses is different from
exchanging 18 messages and responses one at a time.

   - Ian



More information about the OTR-users mailing list