The more complex portion (from my perspective, at any rate) is a modification of the standard TCP/IP protocol, requiring that each packet be signed by its originating user.
That's the killer. Signatures take a huge amount of CPU time. Signing each packet is not going to be cost effective. However, they could have an authenticated key exchange and then symmetric- encrypt each TCP/IP connection. That can perform -- and has the nice side effect [from the Chinese POV] of depriving the NSA of Chinese civilian net intelligence. As long as the key exchange is signed, everything travelling using that key is authenticated implicitly. +--------------------------------------------------------------------------+ |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc., Suite 430 http://www.cybercash.com/ | |2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Reston, VA 22091 Tel: (703) 620-4200 | +--------------------------------------------------------------------------+