Contiguous Zero-Copy for Encrypted Transport Protocols

TL;DR

This work tackles the CPU inefficiency of encrypted transport protocols by introducing Reverso, a wire-format design that reorders fields to permit contiguous zero-copy on the receiver. The authors formalize two principles for backward data processing, instantiate them in QUIC as QUIC VReverso, and implement quiceh, a portable QUIC VReverso fork with a zero-copy API that preserves QUIC V1 features and security. Empirical results show around $30\%$ improvements in QUIC packet processing and up to $38\%$ gains for HTTP/3 data transfer, with additional gains when compiled with aggressive optimizations; real-world tests also reveal some hardware- and workload-dependent variations. The approach generalizes to other encrypted protocols and motivates rethinking wire formats to unlock efficient, zero-copy data paths while maintaining atomic cryptographic interfaces and security guarantees.

Abstract

We propose in this paper to revisit the design of existing encrypted transport protocols to improve their efficiency. We call the methodology ``Reverso'' from reversing the order of field elements within a protocol specification. We detail how such a benign-looking change within the specifications may unlock contiguous zero-copy for encrypted protocols during data transport. To demonstrate our findings, we release \texttt{quiceh}, a QUIC implementation of QUIC VReverso, an extension of the QUIC V1 standard (RFC9000). Our methodology applied to the QUIC protocol reports $\approx 30\%$ of CPU efficiency improvement for processing packets at no added cost on the sender side and without relaxing any security guarantee from QUIC V1. We also implement a fork of Cloudflare's HTTP/3 module and client/server demonstrator using \texttt{quiceh} and show our optimizations to directly transfer to HTTP/3 as well, resulting in our new HTTP/3 to be $\approx 38\%$ more efficient than the baseline implementation using QUIC V1. We argue that Reverso applies to any modern encrypted protocol and its implementations and that similar efficiency improvement can also be unlocked for them, independently of the layer in which they operate. Indeed, this research shows that the ability to implement contiguous zero-copy on the receiver side inherently depends on the specified encrypted protocol wire image, and that we may need to reverse how we are used to write them.

Figures (4)

• Figure 1: Typical QUIC short header packet, exchanged after the session is established
• Figure 2: Data moving up the stack while applying Reverso. A copy of the whole data is prevented in between the secure transport and the upper layer. Made possible by reversing control information ordering, and by reading the decrypted information from right to left instead of the usual reading from left to right thanks to the reversed control. Red borders refer to the AEAD encryption of $P_C$.
• Figure 3: Microbenchmarks comparing QUIC to QUIC VReverso on a Module architecture implementation design. Results averaging 5000 runs with C.I. of 95% (interval too small to appear).
• Figure 4: HTTP/3 download CPU utilization with $95\%$ C.I. monitored on a receiver using a i7-1165G72.8GHz with frequency scaling disabled and maxing out 1 Gbps link on a process using a single core and single thread, pinned to a single CPU.