This page describes how to reproduce the measurements from our paper introducing the DAKEZ, Spawn+, ZDH, and XZDH deniable key exchange protocols.
Note that the measurements presented in the paper were gathered from a single pinned core on an Intel Core i7-6700K processor with Turbo Boost disabled. Measurements on different systems will vary with the performance of the hardware.
This guide assumes that you are familiar with basic Linux use.
This is prototype software. It contains known security weaknesses (that are irrelevant for performance evaluation purposes). It has not been thoroughly tested. It has not been audited. Do not use this code in production.
Our prototype software works only on Linux and has been tested only with Debian. We require features of OpenSSL and LLVM that are not available in the stable distribution (jessie), so you will need to install at least some packages from the testing (stretch) or unstable (sid) distributions. Note that the packages in jessie-backports are not new enough.
Some virtual machine managers and cloud infrastructure control panels may allow you to install stretch or sid directly. If you are installing Debian manually, then the recommended technique is to install the stable version first, and then upgrade the necessary packages. Begin by installing a 64-bit version of Debian stable from an installation image. Any such image, like the 64-bit PC netinst iso, is acceptable. Using a network mirror during the installation simplifies later steps.
Throughout this guide, you will need to run several commands as root. If you kept the root account enabled during installation (Debian's default), then you will need to use su - to become root (otherwise, you can use sudo -i or enter root commands through sudo). The default Debian installation comes with the vi and nano CLI editors.
Once Debian stable is installed, you will need to install some packages from the newer distributions. See the Debian wiki page for more details about installing the unstable distribution. Given an installation of the stable distribution, you will need to edit /etc/apt/sources.list as root to add references to sid. If you used a network mirror during the installation, you should see lines related to the mirror. Replace each occurence jessie with sid on these lines. Refer to the Debian wiki pages if there is an unexpected complication.
Update the package repositories by running apt-get update as root. If you want to update the entire system to the unstable distribution, you can now run apt-get dist-upgrade as root, but this requires a reboot, takes a lot of time, and is not technically required.
Install the dependencies for our prototype as root by running apt-get install git build-essential xsltproc libssl-dev clang php-cli and following the prompts to restart services.
If you are reading this, then you have already downloaded the code archive. Extract the archive within your Debian installation.
The libraries used by our prototype include processor-specific optimizations for Intel chips with the Haswell architecture or newer (specifically, support for AVX2 instructions). To see if your processor supports these, check the output of grep avx2 /proc/cpuinfo. If the output is blank, then you will need to use x64 whenever we write ARCH. If output lines appear, then you should use Haswell whenever we write ARCH in order to get improved performance.
First, compile the SHA-3 library. Enter the impl/vendor/KeccakCodePackage directory. If you are using Haswell extensions, then run make Haswell/libkeccak.a. If you are not using Haswell extensions, then run make asmX86-64/libkeccak.a instead. The compilation should succeed.
Next, enter the impl/Release_ARCH directory. Run make dakes to compile the test suite.
Finally, enter the impl/Benchmark_ARCH directory. Run make dakes-benchmark to compile the benchmarking suite.
To ensure that the library is working properly, you should run the test suite. This program performs all of the key exchanges and low-level operations, and performs extremely basic fuzz testing. Run impl/Release_ARCH/dakes. This program will run until you stop it with Ctrl+C, or until a bug is found. Each . that is written to the screen represents hundreds of tests, so any problems should appear quickly.
To perform the experiments reported in the paper, you can run the included measurement script. This Bash+PHP script runs the benchmark program with all of the new and well-known protocols reported in the paper. If you would like to perform custom measurements, instructions for the low-level benchmark program are given in the next section.
Before evaluating benchmarks, it is important to disable Turbo Boost on modern Intel processors. If your processor supports Turbo Boost, you can do this as root by executing echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo (no restart is needed). The benchmarks in our prototype are single-threaded, so you should also pin the measurement script to a single processor core using taskset to reduce measurement noise (see the man page for details).
Run the experiments by entering the measure directory and executing ./paper-times.sh. If you are not using Haswell extensions, then you will need to alter the constant definition in time-sim.php first. Results are written to the measure/logs directory. Each line in the logs is the time to perform a single public key generation or key exchange operation, measured in seconds.
Our prototype benchmark program offers more features than are available through the time-sim.php script. To see a complete list of options, run impl/Benchmark_ARCH/dakes-benchmark. The size option can be used to print the size of keys and network transmissions for a given protocol combination (i.e., a DAKE and quantum-resistant exchange selection). The keygen and kex options benchmark public key generation and DAKE executions, respectively—these are the options used by the measurement script. Finally, the init and resp options run networked client and server programs to perform a given key exchange. These can be used to investigate performance over real or emulated network connections.