Join Log in
Score:1
avatar Crypto

How to compute a ciphertext length from a cryptographic scheme?

va flag
Alia

I am trying to understand how this ciphertext length is calculated from a signcryption scheme to analyze the communication cost. I understand, we consider the key length and the message length to calculate the ciphertext length. But don't understand at what step and what parameters we actually consider. For example, in the given paper "A secure and lightweight certificateless hybrid signcryption scheme for Internet of Things", the authors consider |P|, |q| and |m| to stand for the size of one of the elements in G1, one of the elements in the finite field Zq*, and the message m respectively, for communication cost. How exactly, and why only G1 and Zq*?

Also, in the given paper, the ciphertext is composed of σ = (c, R, s), where c is the encryption of the message, s is the signature, and R is computed as R=rP. Have they considered this σ to compute the ciphertext length? My main objective is to analyze the communication cost of my signcryption scheme by computing the ciphertext length and compare it with other schemes for efficiency.

Please correct me if the question is wrong or it doesn't make sense. For the reference, I have attached the protocol diagram from the given citation: Signcryption scheme

81
1 + 2
Maarten Bodewes avatar
in flag
Maarten Bodewes
The linked to article is behind a paywall, and that there are statements like "the ciphertext is composed of the ciphertext ..." in the question, which does make it hard to answer the question. Strangely enough the question itself doesn't even seem to be about the linked to protocol.
0
Reply
va flag
Alia
Thank you for your reply. I have corrected a few things.
0
Reply
Score:1
Maarten Bodewes avatar Crypto
in flag
Maarten Bodewes

For communication overhead you have to consider which elements are present at each participant, and what is required at which time to perform the required operations. This is generally performed using a sequence diagram, where you note down which elements are communicated at specific steps of the protocol. For instance here is a simplified diagram for the Signal protocol.

The sequence diagram will show you the messages required and the elements together with their size indicate the communication overhead. Unless the protected messages are expanded the messages themself are of course not considered overhead, although they very much count towards the total bytes that need to be transmitted within a protocol. Very often the number of required messages is considered just as important, as that will also influence the latency for specific operations like connection setup.

Some elements like named parameter sets can be considered known within a protocol, or they take few bytes to communicate (just by indicating a version or an ID for the named parameter set). For instance, commonly DH and ECDH use a set of known parameters; if not those parameters need to be transmitted or at least reproduced at the receiver. Elements like private keys are of course never transmitted.

The word "ciphertext" is usually defined as the output of a cipher. Sometimes this includes an IV if that is prefixed. Sometimes it also includes an authentication tag if it is the output of an authenticated cipher. In the end it is up to the protocol to create a well defined definition. I'd however exclude things like a signature over the message; I'd use a term like "protected message" in case all the security overhead is included.

+ 3
va flag
Alia
Thank you. I understand what you described. I have an additional query regarding this. In communication overhead, if I just want to show the ciphertext size, do I only have to note down the elements present within the ciphertext? For example, if ciphertext contains an encrypted message with AES and a signature, I would only consider the output length of encryption and signature or I would need to count the public, private key and additional parameter sizes as well that are used for encryption and signature? - Sorry for the long post.
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
To be honest, that depends on context. Normally we'd consider the *ciphertext size* just to be the direct encryption of the plaintext message, sometimes including some direct overhead such as attached IV and /or authentication tag. Then you've got the size of the entire protected message which definitely includes things like a signature directly over the message. And then there is the overhead of the handshake and updates of the protocol itself. Hey, as long as you clearly define what you are measuring and make a 1:1 comparison....
0
Reply
va flag
Alia
That means I need to define what I consider as a communication overhead and then compute it accordingly whether it is a ciphertext, signature, etc..
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.