Contiguous Zero-Copy for Encrypted Transport Protocols

TL;DR

This paper introduces Reverso, a methodology that reverses protocol field order to enable contiguous zero-copy in encrypted transport protocols, significantly improving efficiency without compromising security.

Contribution

Reverso is a novel approach that modifies protocol specifications to unlock zero-copy capabilities, demonstrated through a QUIC extension and HTTP/3 implementation with substantial efficiency gains.

Findings

Approximately 30% CPU efficiency improvement in QUIC processing.

About 38% efficiency increase in HTTP/3 using Reverso.

Reverso applies broadly to modern encrypted protocols.

Abstract

We propose in this paper to revisit the design of existing encrypted transport protocols to improve their efficiency. We call the methodology ``Reverso'' from reversing the order of field elements within a protocol specification. We detail how such a benign-looking change within the specifications may unlock contiguous zero-copy for encrypted protocols during data transport. To demonstrate our findings, we release \texttt{quiceh}, a QUIC implementation of QUIC VReverso, an extension of the QUIC V1 standard (RFC9000). Our methodology applied to the QUIC protocol reports $\approx 30\%$ of CPU efficiency improvement for processing packets at no added cost on the sender side and without relaxing any security guarantee from QUIC V1. We also implement a fork of Cloudflare's HTTP/3 module and client/server demonstrator using \texttt{quiceh} and show our optimizations to directly transfer to HTTP/3 as well, resulting in our new HTTP/3 to be $\approx 38\%$ more efficient than the baseline implementation using QUIC V1. We argue that Reverso applies to any modern encrypted protocol and its implementations and that similar efficiency improvement can also be unlocked for them, independently of the layer in which they operate. Indeed, this research shows that the ability to implement contiguous zero-copy on the receiver side inherently depends on the specified encrypted protocol wire image, and that we may need to reverse how we are used to write them.