I need to provide confidentiality for a protocol. The protocol message size is between 100 bytes to 500 bytes. Do I need to use asymmetric encryption or hybrid cryptography?
Asked
Active
Viewed 346 times
1 Answers
3
The protocol message size is between 100 bytes to 500 bytes. Do I need to use asymmetric encryption or hybrid cryptography?
To support 500 byte messages, you need about your (direct) encryption scheme to work on about 5000 bits (e.g. for RSA, Paillier, ElGamal) to provide room for the padding to gain CCA2 security. At 5000 bits, these schemes become somewhat slow, so you should definitely make a measurement in either case between a hybrid and a direct solution (using e.g. RSA-5000 with OAEP and maybe the exponents 3, 17 and 65537).
What about Curve25519?
If you could reversible encode your message onto an elliptic curve point (not easy), you could use ElGamal or Cramer-Shoup on Curve25519 to encrypt messages of up to 32 bytes. Of course 32 bytes is much less than you want to encrypt so direct encryption is out.
Normally with Curve25519 and the other schemes you will do hybrid encryption, either as ECIES or directly by encrypting a symmetric key (using a CCA2 secure or specialized scheme like RSA-KEM) and AE encrypting the message. As an additional bonus you can then potentially re-use this shared key for multiple messages if you can do the neccessary nonce / IV management, i.e. you can guarantee that you can come up with a unique nonce for each message.
SEJPM
- 46,697
- 9
- 103
- 214