-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Unknown
-
None
-
Component/s: Client Side Encryption, Performance
-
None
Summary
Reduce overhead of encryption callbacks by providing bulk-oriented encryption and decryption callbacks
Motivation
HELP-27047 identified a slow workload with In-Use Encryption: decrypting documents with many encrypted fields. The crypto callbacks in libmongocrypt were identified as a possible cause.
Driver bindings optionally set crypto callbacks to provide the crypto functions (HMAC, AES, SHA). Setting the callback enables using libmongocrypt without taking a dependency on OpenSSL or a system native crypto library. On last survey, Java, Python, C#, Ruby, Node, and Rust implement the crypto callbacks.
The crypto callbacks showed in profiling HELP-27047. MONGOCRYPT-589 exports the fields of mongocrypt_binary_t. This allows bindings to use fields of mongocrypt_binary_t in callbacks directly and avoid calls to mongocrypt_binary_data and mongocrypt_binary_len.
Who is the affected end user?
Applications using implicit encryption where a single command requires many encryption/decryption operations
How does this affect the end user?
They are annoyed because implicit encryption/decryption is slower than they expect
How likely is it that this problem or use case will occur?
Fairly likely for users of implicit encryption.
If the problem does occur, what are the consequences and how severe are they?
It's a performance concern.
Is this issue urgent?
No
Is this ticket required by a downstream team?
No
Is this ticket only for tests?
No
Acceptance Criteria
Implicit decryption is benchmarked. Implicit decryption performance is improved.
- is related to
-
DRIVERS-2669 Add performance benchmarks for FLE/QE
- Backlog
- related to
-
DRIVERS-2718 Enable use of native crypto in libmongocrypt bindings
- Implementing
-
MONGOCRYPT-589 Export mongocrypt_binary_t
- Closed
-
MONGOCRYPT-595 Pool Cipher instances
- Closed
- split to
-
NODE-5455 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
CDRIVER-4685 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
CSHARP-4719 Benchmark use of `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
CXX-2716 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
GODRIVER-2907 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
JAVA-5073 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
MOTOR-1155 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
PHPC-2304 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
PYTHON-3838 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
RUBY-3299 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed
-
RUST-1704 Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption
- Closed