Purpose:
--------

This experiment is to benchmark the encryption speed of the
BSAFE library. The library was tested using the same modes  
as that of the onion routing system.

Test Description:
------------------

The test is composed of two basic parts. The first part
was to measuring how fast the BSAFE library could generate
raw "keystream" of data by requesting a block of keystream
data in varying sizes. The second part was to measure the 
combined speed of generating keystream and encrypting a input stream
for varying keystream sizes. The input stream was encrypted
with two methods: a byte by byte exclusive OR'ing and a
four byte by four byte exclusive OR'ing. 

Test Procedure:
--------------

A keystream size was established at the start of a test
and the BSAFE B_EncryptUpdate routine was called to return a 
stream of that size while a buffer of 4 Megabytes was processed.  
Thus for a keystream size of 4 Megabytes, the library was called
once to produce a 4 Megabyte stream. For a keystream size of
2 Megabytes, the library was twice and so on. For the encryption
portion of the test, in addition to calling B_EncryptUpdate,
the returned output from this call was exclusive OR'ed to the
input data to produce encrypted output.    

Test Results:
-------------

The tables below summarize the experimental results. The
KeyStream Size column shows the keystream size in bytes,
the # KeyStreams is the number of times the library was
called, the Elapsed Time is time it took in seconds, and
the Rate column is the computed throughput in Megabytes/second.


	NO ENCRYPTION

KeyStream Size   # KeyStreams     Elapsed Time     Rate 
--------------   ------------     ------------     ----
  4194304             1             2.796063     1.430583
  2097152             2             2.722654     1.469155
  1048576             4             2.719394     1.470916
   524288             8             2.727252     1.466678
   262144            16             2.706241     1.478065
   131072            32             2.714714     1.473452
    65536            64             2.705040     1.478721
    32768           128             2.716875     1.472280
    16384           256             2.713856     1.473918
     8192           512             2.700363     1.481282
     4096          1024             2.679344     1.492903
     2048          2048             2.671870     1.497079
     1024          4096             2.733672     1.463233
      512          8192             2.729531     1.465453
      256         16384             2.698740     1.482173
      128         32768             2.766674     1.445779
       64         65536             2.781470     1.438088
       32        131072             2.889570     1.384289
       16        262144             3.095712     1.292110
        8        524288             3.495186     1.144431

	BYTE ENCRYPTION

KeyStream Size   # KeyStreams     Elapsed Time     Rate 
--------------   ------------     ------------     ----
  4194304             1             4.701224     0.850842
  2097152             2             4.512575     0.886412
  1048576             4             4.510319     0.886855
   524288             8             4.506593     0.887588
   262144            16             4.496009     0.889678
   131072            32             4.504642     0.887973
    65536            64             4.490744     0.890721
    32768           128             4.476574     0.893541
    16384           256             4.511265     0.886669
     8192           512             4.477194     0.893417
     4096          1024             4.453639     0.898142
     2048          2048             4.450588     0.898758
     1024          4096             4.493324     0.890210
      512          8192             4.497604     0.889362
      256         16384             4.461411     0.896577
      128         32768             4.490300     0.890809
       64         65536             4.532696     0.882477
       32        131072             4.631605     0.863631
       16        262144             4.817307     0.830339
        8        524288             5.173531     0.773166

	4 BYTE ENCRYPTION (using unsigned longs)

KeyStream Size   # KeyStreams     Elapsed Time     Rate 
--------------   ------------     ------------     ----
  4194304             1             3.380829     1.183142
  2097152             2             3.219642     1.242374
  1048576             4             3.220647     1.241986
   524288             8             3.218402     1.242853
   262144            16             3.209256     1.246395
   131072            32             3.211484     1.245530
    65536            64             3.203575     1.248605
    32768           128             3.203103     1.248789
    16384           256             3.225337     1.240180
     8192           512             3.189157     1.254250
     4096          1024             3.165560     1.263600
     2048          2048             3.167549     1.262806
     1024          4096             3.209301     1.246377
      512          8192             3.211076     1.245688
      256         16384             3.179174     1.258188
      128         32768             3.229588     1.238548
       64         65536             3.251569     1.230175
       32        131072             3.349923     1.194057
       16        262144             3.537529     1.130733
        8        524288             3.900172     1.025596


Conclusions:
-----------

The output keystream rate of the BSAFE library appears to be largely
constant as a function of the amount data to return. The degradation that
appears for requests of 128 bytes sizes and less is probably due to the
large number of library calls involved. Probably the current strategy
the onion system uses of 4K bytes of key at a time is sufficent. Clearly 
a significant performance increase is realized by encrypting the data 
four bytes at a time rather than one byte at a time, so the onion system
should probably be modified to do the same.