I don't think people are quite picking up the point here or maybe I didn't put it across correctly but we are not talking about
encrypting small amounts of data like a 2k whats-app message but something more like 100k needed for the HTML on a web-page
and then six javascript files within the page followed up by say ten 2mb .PNG/Gif images files and a CSS file
Performance is critical here because if these requests are not serviced within 2-5 seconds then the browser will try sending the request again
using multi threaded requests so both the client and server nodes need to also be multithreaded also and the exit nodes need to start pumping the data
back across the network even before they have the whole reply from the web-site.
Things are made worse because often data is chunked which more or less means streamed and you have relay nodes possibly in the middle
plus having to service 100 requests all at the same time so buffering up the data to be encrypted in memory and keeping much state information
simply is not an option.
Data can be sent over TCP/IP as a 30K message but can be received as three 10k sections with a second delay between them all
but you still have to start feeding the web-browser as soon as you receive the first 10k or else it might timeout so I have no option
but to use on-the-fly stream encryption and it must perform like Greece lightning.
What i do know is that Microsoft AES encryption works nearly as fast as I can iterate over a byte array
using un-safe code from C# with C++ style pointers so I don't know if specialist hardware is being used to
get the performance for AES encryption but that's the type of speed that I need and using Maths.Mod or BigINT's just won't
give it to me
Microsoft's AES encryption memory leaks and I am not trusting back-door bill gates with any keys or data given that
I don't know whats being copied and uploaded back to the NSA/CIA servers all night long.
To send encrypted data over a vulnerable protocol (like the internet) you need:
1) key exchange (diffie-hellman usually)
2) a cipher (like salsa20 + initialization vector per chunk)
3) data integrity checks/authentication (hmac / poly1305)
Yes got safe key exchange using Bitcoins Secp256k1 on a control channel and the data-streams have good encryption
on the HTTP Requests send to the server nodes but these requests are only between 400-2000 bytes in size so no trouble to encrypt.
You generally need to use TCP and you need a small maximum message size (chunk) - around 8kb
8K chunks are no use when
sending 2mb images over the internet and often using relays, not going to work that's not.
You can use UDP which it sounds like you want, but then you need to reinvent a lot of TCP on top of UDP.
Google is trying to use UDP instead of TCP/IP for web-pages with the Chrome browser but I am not doing anything apart from
DNS using UDP:53
I keep the control channel and a number (Six just now) of these bi-directional streams open per client so that a node sitting behind a firewall
can still act as a server but in general the number of streams needed to service a web-browser can reach as high as 30 steams at a time
