> On Jan 31, 2015, at 12:35 AM, Yoav Nir <ynir.i...@gmail.com> wrote: > > >> On Jan 30, 2015, at 3:37 PM, Yaron Sheffer <yaronf.i...@gmail.com> wrote: >> >> What I would suggest is: we give the client a single puzzle, and ask it to >> return 16 different solutions. Indeed each puzzle then should be 16X easier. >> The nice thing is, the server should only check *one* of them, at random. >> The client would still need to solve all of them because it doesn't want to >> risk the exchange being rejected because some solutions are invalid (the >> game theory is probably more complex than that, but I think what I'm saying >> is still close to the truth). >> >> So: the client does the same amount of work, the server does the same amount >> of work, but the client run-time is still much more deterministic.
<snip /> > Note that these are still single core results, and most laptops can do twice > or four times as much. Now, I know that what I SHOULD be doing is to randomly > generate 100 “cookies” and then calculate the times for different bit lengths > for each of them, and then calculate mean and standard deviation. But just by > looking, it looks like it’s much closer to what we want. 16 bits would be a > fine puzzle level for my laptop. No idea about a phone, although I could try > to compile this and run it on an ARM-based appliance, which should match > phones. OK. Now I have done it right. See attached. The data suggests that 15 or 16 bits is the level of puzzle that for this kind of hardware is challenging but not too onerous. Add another bit if we assume (probably correctly) that the vast majority of laptops have dual cores at least. I would like to run a similar test on an ARM processor, though. The capabilities of phones and tablets are all over the place, what with different versions of ARM processors and devices having anything from dual to octo-core, but it would be nice to get ballpark figures. Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
