If I have 4 kilobytes of Paillier encrypted data, how can I know the time needed to decrypt it?
Asked
Active
Viewed 125 times
1 Answers
2
You need to know
- The size $s$ of the public modulus $n$ in bits.
- The number $c$ of cryptograms.
- If the code uses the CRT, or not; and in the affirmative, the number $k$ of prime factors in $n$ (usually $k=2$ for $n=p\,q$, with $p$ and $q$ distinct primes).
- And of course, some benchmark of the code and hardware!
Each cryptogram is $2s$-bit, thus for 4kbyte ciphertext (at most 2kbyte plaintext) $c\,s\le2^{14}$. The largest range/safer/slower for 4kbyte ciphertext is $c=1$, $s=2^{14}$ (that is 16384-bit $n$, which is rather large).
As a rough approximation, using the same computation means and $k=2$, Paillier decryption with CRT for $s$-bit public modulus $n$ ($2s$-bit cryptogram) is about as fast as RSA decryption with CRT for $2s$-bit modulus. Using CRT in Paillier decryption gives a speedup comparable to RSA (a factor like 3). Time is proportional to $c$, and often normalized for $c=1$ in RSA benchmarks.
Extremely roughly, Paillier decryption for $c=1$ is like 5 times slower than RSA decryption at equal size of $n$ and other stuff.
Large savings are possible by increasing $k$, like in multiprime-RSA.
fgrieu
- 149,326
- 13
- 324
- 622