The proliferation of nosy and evil people has made internet security increasingly important. I know… that sounds harsh, but it’s true… Why else would we keep hearing about data debacles? And this means that we’ve got to scramble all of our data before sending it so that someone can’t read or hijack it.
Which means encrypting and decrypting all data. And that’s compute-intensive. Which is why it’s almost always hardware-accelerated.
But there’s still effort involved in managing the security engine that does the encryption and decryption. Done at its simplest, a host receives a packet and sends it for decryption; when complete, the host can continue. The host is idle during that time, except for any other tasks the OS might toss in.
Elliptic has released a multi-packet manager that frees the host up from its need to micro-manage the security engine. Instead of working with one packet at a time, the host builds a linked list of packets to be encrypted or decrypted. When it gets a packet that needs security engine attention, it builds a packet descriptor including things like data and key location; that descriptor is attached to the list.
Instead of feeding the security engine each packet, the host now just points the security engine manager to the start of the list, and it can work all the way through to the end. The host can keep adding new packet descriptors to the end of the list while the engine works further up the list. Keys are cached to reduce fetch times.
The intent is that, by abstracting what the host has to worry about up one level, the host can get more done and let the security engine manager worry about the details that it used to have to handle.
More information in their release…