DAKEZ, Spawn+, and (X)ZDH

This page describes how to reproduce the measurements from our paper introducing the DAKEZ, Spawn+, ZDH, and XZDH strongly deniable authenticated key exchange protocols.

Note that the measurements presented in the paper were gathered from a single pinned core on an Intel Core i7-6700K processor with Turbo Boost disabled. Measurements on different systems will vary with the performance of the hardware.

This guide assumes that you are familiar with basic Linux use.

This is prototype software. It contains known security weaknesses (that are irrelevant for performance evaluation purposes). It has not been thoroughly tested. It has not been audited. Do not use this code in production.

1. Install Debian

Our prototype software works only on Linux and has been tested only with Debian. We require features of OpenSSL and LLVM that require stretch or later. Note that the packages in jessie-backports are not new enough. The code may work with other distributions if their packages are new enough.

2. Install Dependencies

Throughout this guide, you will need to run several commands as root. If you kept the root account enabled during installation (Debian's default), then you will need to use su - to become root (otherwise, you can use sudo -i or enter root commands through sudo). The default Debian installation comes with the vi and nano CLI editors.

Install the dependencies for our prototype as root by running apt-get install git build-essential xsltproc libssl-dev clang php-cli and following the prompts to restart services.

3. Get the Code

Download and extract the code.

4. Compile

The libraries used by our prototype include processor-specific optimizations for Intel chips with the Haswell architecture or newer (specifically, support for AVX2 instructions). To see if your processor supports these, check the output of grep avx2 /proc/cpuinfo. If the output is blank, then you will need to use x64 whenever we write ARCH. If output lines appear, then you should use Haswell whenever we write ARCH in order to get improved performance.

First, compile the SHA-3 library. Enter the impl/vendor/KeccakCodePackage directory. If you are using Haswell extensions, then run make Haswell/libkeccak.a. If you are not using Haswell extensions, then run make asmX86-64/libkeccak.a instead. The compilation should succeed.

Next, enter the impl/Release_ARCH directory. Run make dakes to compile the test suite.

Finally, enter the impl/Benchmark_ARCH directory. Run make dakes-benchmark to compile the benchmarking suite.

5. Test

To ensure that the library is working properly, you should run the test suite. This program performs all of the key exchanges and low-level operations, and performs extremely basic fuzz testing. Run impl/Release_ARCH/dakes. This program will run until you stop it with Ctrl+C, or until a bug is found. Each . that is written to the screen represents hundreds of tests, so any problems should appear quickly.

6. Benchmark

To perform the experiments reported in the paper, you can run the included measurement script. This Bash+PHP script runs the benchmark program with all of the new and well-known protocols reported in the paper. If you would like to perform custom measurements, instructions for the low-level benchmark program are given in the next section.

Before evaluating benchmarks, it is important to disable Turbo Boost on modern Intel processors. If your processor supports Turbo Boost, you can do this as root by executing echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo (no restart is needed). The benchmarks in our prototype are single-threaded, so you should also pin the measurement script to a single processor core using taskset to reduce measurement noise (see the man page for details).

Run the experiments by entering the measure directory and executing ./paper-times.sh. If you are not using Haswell extensions, then you will need to alter the constant definition in time-sim.php first. Results are written to the measure/logs directory. Each line in the logs is the time to perform a single public key generation or key exchange operation, measured in seconds.

7. Custom Benchmarking

Our prototype benchmark program offers more features than are available through the time-sim.php script. To see a complete list of options, run impl/Benchmark_ARCH/dakes-benchmark. The size option can be used to print the size of keys and network transmissions for a given protocol combination (i.e., a DAKE and quantum-resistant exchange selection). The keygen and kex options benchmark public key generation and DAKE executions, respectively—these are the options used by the measurement script. Finally, the init and resp options run networked client and server programs to perform a given key exchange. These can be used to investigate performance over real or emulated network connections.