Performance Comparison Clause Samples

Performance Comparison. This section shows a comparison of the proposed protocol with some other existing Group Key Agreement protocols on the basis of its performance in terms of communication and computation costs. The result is shown in Table I (where n is the total number of participants). The following notations are used for comparison.  PM: number of Scalar point multiplications.  Message: Total number of message overheads during group key generation process (including unicast and broadcast).  n: Total number of participants.  Pairings: number of bilinear pairing computations needed in the key agreement process (zero in case of our proposal)  h=log3n : The height of the original key tree in proposed technique TGECDH [12] h=log2n 2*(n-1) n*(n-1)+n*h ▇▇▇▇▇ et al. [13] h=log2n 2*(n-1) n*(n-1)+n*h GDH.2[14] n n n*(n+3)/2-1 GDH.3 n+1 2n-1 5n-6 BD[14] n 2n n*(n+1) Proposed protocol h=log3n Floor[3*(n-1)/2] 5*(n-1)/2+h*n

Performance Comparison. Since ▇▇-▇▇▇▇▇’▇ protocol [29], ▇▇▇▇ et al.’s protocol [30], Hwang et al.’s protocol [31] are more efficient and more secure than other existing DBAKA protocols [4, 21-22, 24, 28, 31], we only compare our scheme with three schemes [29-30, 32] in term of storage cost, computational cost and communication cost. To measure the message size, we assume that each identity is 32 bits long. The output size of hash function is 160 bits (if we use MD5 hash function) and the block size of symmetric encryption/decryption (for example, AES) is 128 bits. The order q of the generator Q in the elliptic curve group G is a 160-bit prime and p is a 163-bit prime. Such choice of q, p delivers a comparable level of security to 1024-bit ElGamal encryption over general field. Since one element of G is a point on the group E(Fp), there are two affine coordinates. By using the point compression method, one can bring two elements of Fp down to one element of Fp, i.e., the y-coordinate of each point in the group

Performance Comparison. We analyze both communication and computation costs for join, leave, merge and partition proto- cols. In doing so, we focus on the number of: rounds, messages, serial exponentiations, signature generations, and signature verifications. Note that we use RSA signatures for message authenti- cation since RSA is particularly efficient in verification. We distinguish among serial and total measures. The serial measure assumes parallelization within each protocol round and represents the greatest cost incurred by any participant in a given round. The total measure is the sum of all participants’ costs in a given round. We compare STR protocols to TGDH that has been known to be most efficient in both com- munication and computation. For detailed comparison with other group key agreement protocols such as GDH.3 [27], BD (▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇) [11] can be found at [2]. Table 6.1 summarizes the communication and computation costs of both protocols. The num- bers of current group members, merging members, merging groups, and leaving members are denoted as: n, m, k and p, respectively. The height of the key tree constructed by the TGDH protocol is h. The overhead of the TGDH protocol depends on the tree height, the balancedness of the key tree, the location of the joining tree, and the leaving nodes. In our analysis, we assume the worst-case configuration and list the worst-case cost for TGDH. The number of modular exponentiations for a leave event in STR depends on the location of the deepest leaving node. We thus compute the average cost, i.e., the case when the n -th node leaves the group. For all other events and protocols, exact costs are shown. In the current implementations of TGDH and STR, all group members recompute bkeys that have already been computed by the sponsors. This provides a weak form of key confirmation, since a user who receives a token from another member can check whether his bkey computation is correct. This computation, however, can be removed for better efficiency, and we consider this optimization when counting the number of exponentiations. It is clear that computation cost of STR is fairly high: O(m) for merge and O(n) for subtractive events. However, as mentioned in Section 1, this high cost becomes negligible when STR is used in a high-delay wide-area network. Evidence to support this claim can be found in [2]. Communication Computation Round Message Exponentiation Signature Verification TGDH Join 2 3 3h − 3 2 3 Leave 1 1 3h − 3 1 1 merge ...