In order to follow a standardized hybrid encryption format approach, support for IAIK CMS is available as alternative to the hybrid approach provided by PCL. To be more accurate, the CMS content type AuthEnvelopedData can be used together with the KeyTransRecipientInfo type for all available proxy re-enryption schemes.
The following measurements were performed on an Intel® Core™ i7-6700 CPU @ 3.40GHz × 8 processor. If using IAIK CMS, the following time periods are approximately the same. Note: The larger the data to be processed, the more the processing time is dominated by the symmetric encryption scheme, hence AES128. The Re-Encrypt performance is nearly constant as it is only applied to the symmetric key instead of the bulk data.
Hybrid AFGH:
| Encrypt | Re-Encrypt | Decrypt 1 | Decrypt 2 | |
|---|---|---|---|---|
| 1 B | 35 ms | 38 ms | 33 ms | 65 ms |
| 1 KiB | 33 ms | 38 ms | 31 ms | 63 ms |
| 1 MiB | 48 ms | 38 ms | 45 ms | 80 ms |
| 10 MiB | 160 ms | 28 ms | 162 ms | 188 ms |
| 100MiB | 1329 ms | 37 ms | 1289 ms | 1427 ms |
Hybrid LV:
| Encrypt | Re-Encrypt | Decrypt 1 | Decrypt 2 | |
|---|---|---|---|---|
| 1 B | 329 ms | 130 ms | 273 ms | 178 ms |
| 1 KiB | 430 ms | 131 ms | 255 ms | 176 ms |
| 1 MiB | 637 ms | 130 ms | 268 ms | 189 ms |
| 10 MiB | 510 ms | 129 ms | 380 ms | 299 ms |
| 100 MiB | 1839 ms | 128 ms | 1485 ms | 1433 ms |
Hybrid CDL:
| Encrypt | Re-Encrypt | Decrypt 1 | Decrypt 2 | |
|---|---|---|---|---|
| 1 B | 116 ms | 30 ms | 9 ms | 25 ms |
| 1 KiB | 127 ms | 28 ms | 8 ms | 26 ms |
| 1 MiB | 142 ms | 28 ms | 22 ms | 38 ms |
| 10 MiB | 277 ms | 28 ms | 137 ms | 154 ms |
| 100 MiB | 1386 ms | 29 ms | 1291 ms | 1314 ms |
Compared to the plain-text, each scheme adds some overhead to the cipher-text, depending on the cipher-text level:
| Level 1 CT | Level 2 CT | |
|---|---|---|
| AFGH | 1640 Bytes | 1000 Bytes |
| LV | 2260 Bytes | 1866 Bytes |
| CDL | 1462 Bytes | 8778 Bytes |