Performance Evaluation of Multicrypt Encryption Mechanism

Multicast communication allows a single message packet to be routed to multiple nodes simultaneously. Membership in a multicast group is dynamic, allowing nodes to enter and leave the multicast session. Besides the benefits, multicast communication presents the challenge of securing the communication. In order to preserve confidentiality the general encryption mechanism used for point to point communications are used. A specific encryption mechanism rather a general one is needed to suit the multicast communication requirements wherein the life time of a secret key is very short and requires a frequent change. Moreover, the next generation wireless networks have very limited resources and need a light weight security mechanism. The proposed cipher, Multicrypt, is similar to the One Time Pad and Hill cipher based on a sub band coding scheme using the principle of Orthogonal Vectors. The proposed cipher is based on the assumption of Computational Diffie Hellman problem and insolvability of Hadamard conjecture. It is designed to have multiple keys to decrypt the message like asymmetric cryptosystem so that a (key) compromise of a member would not lead to compromise of the entire system, less computational and communicational overheads, less storage complexity and there is no need for state-full members. This study also presents an extensive security analysis and the performance analysis with RSA, a public key encryption mechanism used to establish session keys. With the help of security analysis the study proves that brute force attack does not compromise the system. Multicrypt cryptosystem has the capability of dynamically adding and revoking members. The performance of Multicrypt is relatively better in terms of key setup time, encryption time, decryption time, encryption throughput and decryption throughput than RSA in the simulated setup. The proposed cipher is also proved to be secure against IND-CPA and IND-CCA attacks.


INTRODUCTION
A multicast encryption scheme provides confidentiality for multicast data-ensuring that any parties other than the intended recipients should not be able to access the message. The basic security requirements are guaranteed by using cryptographic mechanism. As group members move in and out of the group, in order to preserve confidentiality, cryptographic keys are used. The cryptographic methods designed for point-to-point communication are been tailored to cater to the requirements of multicast communication. But unlike point-to-point communication, multicast communication environment is very dynamic in nature. In such an environment, the secret key used to preserve forward and backward secrecy (Canetti et al., 1999) of the data has to be renewed each time a member either leaves or joins the group.
Most of the existing work use one of two approaches (Rafaeli and Hutchinson, 2003;Steiner et al., 1996;Manz et al., 2010;Begum, 2011). In the first kind of approach, symmetric key encryption is used and the data is encrypted with a Traffic Encryption Key (TEK) that is known only to the multicast group members. Managing the keys is a problem in this approach. The TEK is changed when members join or leave the group to provide forward and backward secrecy. This process is known as re-keying. Among the efficient solutions, the Logical Key Hierarchy (LKH) (or Key Graph) (Wong et al., 2000) has individual and auxiliary keys organized into a hierarchy and each group member is assigned to a leaf and holds all the keys from its leaf to the root. The root key is shared by all group members and used as the TEK. New TEK is distributed by encrypting it with keys that deleted members do not have.

AJAS
So O(logn) is the best known storage (for both centre and members) and communication complexity the LKH based schemes achieved, where is the size of the multicast group. The problem with this approach is that revoking a single user involves changing the keys for all others and the receivers must be state-full to receive the latest TEK.
The second approach uses asymmetric key cryptosystem (Boneh and Franklin,1999;Boneh et al., 2005) and allows the receivers to be stateless. This includes the work in cryptography such as traitor tracing broadcast encryption, initiated by Fiat and Naor (1994). It's based on encryption schemes where a cipher text can be decrypted by multiple parties with different keys. The scheme requires O(tlogt tlogn) keys per user and the transmission of O(t 2 log 2 t logn) messages where t is the number of revoked users. Boneh and Franklin (1999) proposed a scheme based on Reed-Solomon codes and the representation problem for discrete logs. There is a line of work (Tzeng and Tzeng, 2001;Kim et al., 2003) classified as Asymmetric Threshold Decryption-based (ATD-based) multicast encryption in which a private key is shared using a (t+1, n+t)-threshold scheme and the shares are distributed asymmetrically. Namely the centre is given shares and each user is given one share. The centre broadcasts a cipher text together with partial decryptions. Any member with a valid share of the private key can produce another decryption share and recover the message. With such schemes, user only has to store a key of constant length. Both the message complexity and sender storage is O(t), independent of the group size. The Encryption scheme described by Harkins et al. (2005) using finite frames and Hadamard arrays is a cipher similar to one-time pad and McEliece cipher based on sub band coding scheme. The encryption mechanism is an approximation to the one-time pad encryption scheme. The cipher is for a general communication security. The cipher uses finite frames and Hadamard arrays as key. The linearity exhibited by the cipher enables a chosen plain text attack.
This study proposes a cryptosystem, namely, Multicrypt, which is close in algebraic structure to Harkins et al. (2005) encryption scheme, extending our earlier work (Prakash and Uthariaraj, 2008;2009). The Multicrypt presented here has a modified Authentication, Encryption, Decryption algorithms such it is more efficient in terms of computational complexity and security than our earlier work. Unlike our previous work, in this study each encryption does not require exponentiation, decryption makes use of the multiplicative inverse which can be computed prior, authentication procedure is simplified and security analysis are more rigorous. The proposed Multicrypt operates with multiple keys like asymmetric cryptosystems but provides mechanism for member revocation and addition without rekeying. This property of Multicrypt will help any key management protocol to reduce the overheads involved in rekeying dramatically in terms of computation and communication.
The motivation of Multicrypt Cryptosystem is that in symmetric schemes, more nodes hold the same (group) key increasing the risk of being compromised. Furthermore, the symmetric schemes expect state-full members. If a member misses a rekey message then it will be excluded from the service eventually. The asymmetric key cryptosystem overcomes these disadvantages but with increased computational and communicational complexities. Moreover, the decoupling of the group dynamics and overheads through rekeying is necessary.
A lot of work has been done to modify the cryptographic methods designed for point-to-point communication systems with sole aim of reducing the overheads involved during rekeying. But hardly, any work on designing a cryptographic method for multicast communication without re-keying has been done.
The objective behind the construction of a provably secure multicast cryptosystem is the following: • A provably secure encryption mechanism robust against brute force, IND-CPA and IND-CCA attacks • Multiple keys to decrypt the message like asymmetric cryptosystem so that a (key) compromise of a member would not lead to compromise of the entire system • Less computational and communicational overheads during dynamic user revocation and addition • Less storage complexity • No need for state-full members The definitions and nomenclature used in this study are presented next, followed by description of the proposed Multicrypt Cryptosystem with the security analysis, then the performance analysis of the proposed mechanism is presented and conclusion summarises the principle, contributions and performance of the proposed mechanism.

Procedure R
A probabilistic algorithm to compute the secret initialization data for a new user subscribing to the system. The procedure, R, gets m i as input associated with the user and returns the user's secret key Γ i where, Γ = {Γ 1 , Γ 2 ,…,Γ n } and Γ i ∈ Γ.

Key Generation K
A probabilistic polynomial-time (in k) algorithm which takes a security parameter 1 k , (initial) the number

Science Publications
AJAS of group members n, users to be revoked as input and generates the encryption key K. The execution of the algorithm K to obtain a K is denoted as K ← K.

Encryption ε
A probabilistic polynomial-time algorithm that, on inputs K, the encryption key and a string msg ∈ {0, 1} k produces an output c∈ {0,1}' U {⊥} called the cipher text. c←ε k (msg) is denoted for the operation of executing ε on K and msg while c denote the cipher text returned.

Decryption D
A deterministic polynomial-time algorithm D takes a key Γ i ∈ Γ and a cipher text c ∈ {0, 1}* to return the msg∈ {0, 1} k U {⊥}. The operation of executing D on Γ i and c is denoted as msg ←D Γi (c).
Key Generation K and Authentication Procedure R should be executed together by the Core (an entity which controls the generation and distribution of cryptographic keys to the members in a multicast session) of with a set of n members for initial group setup. Addition of members is done by the R while revocation of the members which is a trivial operation (as explained later) is performed by the K algorithm itself. The Multicrypt algorithm is based on the Principle of Orthogonality defined as:

Definition 2 [Principle of Orthogonality]
Two vectors X, Y∈R n are orthogonal or perpendicular if X,Y = 0. Moreover X 1 , …, X p ∈R n are mutually orthogonal if X i X j = 0 whenever i ≠ j. A set of mutually orthogonal vectors is called an orthogonal set. Mutually orthogonal unit vectors {v 1 ,..v p ∈ R n } are said to be orthonormal. Alternatively, {v 1 , v 2 …,v p } is called an orthonormal set.

Definition 3 [Hadamard Matrices]
A square n×n matrix H with elements ±1 that satisfies H×H T = nl n is called a Hadamard matrix of order n.
The nomenclature used in this chapter to describe Multicrypt Cryptosystem is described in Table 1.

Key Generation K
The key generation process is an important process in the Multicrypt encryption scheme. The Hadamard matrices are used as one of the components of the key. These matrices exhibit good orthogonal properties. The Principle of Orthogonality enables cross correlation values to be zero which is exploited in the Multicrypt encryption scheme. Three potential schemes for key generation are presented here.

Scheme 1
The Hadamard matrices defined in Definition 3 can be easily constructed from PN sequences. PN sequences are sequence of 1's and 0's where the numbers look like statistically independent and uniformly distributed.

Construction of Hadamard Matrices
If an (N+1)×(N+1) array is formed whose rows are each of the PN sequences, formed by same primitive polynomial, by replacing 1's with -1's and 0's with 1's of each sequence along with adding an initial row of length N and an initial column of length (N+1) with all 1's, the resultant array is a 2n×2n Hadamard matrix:

Scheme 2
The Hadamard matrix can be generated by choosing p hadamard arrays HA 1 , HA 2 ,…,HA p each of size, say, e i ×e i for 1≤i≤p, where each e i is either 2,4, or 8. Then constructing e 1 e 2 …e p -sized matrix HA M by the tensor product of these matrices p Equation 1 (Steiner et al., 1996;Harkins et al., 2005):

Scheme 3
The Gram-Schmidt Orthogonalization is a procedure for replacing linearly independent vectors X 1 ,…X p , with mutually orthogonal vectors Y 1 ….Y p such that Span In all of the above schemes, V is the set containing vectors which satisfy the Principles of Orthogonality.
The key generation algorithm generates two keys,

Science Publications
AJAS namely master key and sub-keys. The master key denoted by K is computed and used by the Core and subkeys denoted by Γ i are computed mutually between Core and the user through the authentication procedure. The master key is the sum of the sub-keys given by: The set of subkeys (Γ) is computed by the authentication procedure given below.

Authentication Procedure R
It is a probabilistic algorithm to compute the secret initialization of data for a new user subscribing to the system. The authentication procedure R receives as input N i and N c , which are random nonce associated with the user and Core respectively. The authentication procedure returns the user's secret key Γ i where, Γ = {Γ 1 , Γ 2 ,…Γ n } and Γ i ∈ Γ. Let V = {v 1 , v 2 ,…v n } be the set of orthogonal vectors generated from key generation process. Let q be a large prime number and g be the primitive root of q and N i , N c <q.
Throughout this study, g N mod 9 is denoted as g N for simplicity. Let G = {0,1,…9-1}. Then each multicast subscriber registers with the multicast service provider as given in Algorithm 1.
This algorithm is a modified key establishment protocol described by Boyd et al. (2006). The authentication process uses random oracles which can be instantiated by any proved agreed upon candidate one way function like MD5.

Encryption ε K
A probabilistic polynomial-time algorithm that on input, the encryption key and a string msg ∈{0, 1} k produces an output c ∈{0,1}' U {⊥} called the cipher text. c←ε K [msg], is denoted for the operation of executing on K and msg while c denotes the cipher text returned. The encryption mechanism is described in Algorithm 2.
The following steps describe the encryption function ε K to encrypt msg: • The message is encoded with Optimal Asymmetric Encryption Padding (OAEP+) described by Shoup (2001) is used to obtain w. Given a plain text msg, the padding algorithm (OAEP) randomly chooses and then computes: The scalar multiplication of w and vector K gives A where, K is the key • r ∈ G is chosen randomly and v i ×r is computed. The resultant is then scalar multiplied with v j to obtain B • The cipher text c is obtained by the vector addition of A and B

Decryption D
and a cipher text c ∈ = {0,1}' to return some msg ∈{0,1} k U {⊥}. The operation of executing D on Γ i and c is denoted as msg ← D Γi (c). To decrypt c, with decryption function D Γi the algorithm is as described in Algorithm 3.
The following steps describe the decryption procedure: • To recover the message from w, the decryption algorithm uses the decoding or reverse pad of OAEP+ scheme. • Compute u, t, r' as follows: , then the algorithm outputs the clear text msg. Otherwise, the algorithm rejects the cipher text and does not output a cipher text The following theorem proves that the decryption algorithm described above provide correct decryption.

Theorem 1
The scheme is said to provide correct decryption if for any key Γ i ∈Γ and any message msg

Proof
Consider the user and Core common secret derived during authentication procedure given by Expanding the above equation: By the definition of Principle of Orthogonality the above equation can be simplified as: The decryption algorithm uses the reverse padding procedure then to recover the message msg from the given cipher text. Thus, for any msg∈G and valid user secret key Γ i , the decryption algorithm will output msg with probability equal to 1.

Dynamic Key Addition and Revocation
Any member can be dynamically revoked and added with trivial computations. Members have to be revoked during multicast communication session in the event of a voluntary member leave or compelled member leave. In that case, the leaving member's key should be revoked without affecting the state of the other active user secret keys. Let l be the leaving member whose membership has to be revoked. The member revocation is done as follows Equation 2: Similarly, dynamically adding a member (Γ n+1 ) during a transaction can be done without affecting the functioning of the other active members as Equation 3: Science Publications AJAS 3.12. Property 1 A traitor t that redistributes his user secret key Γ t to unauthorized members can be traced.

Proof
Assume that the user t is a traitor, re-distributing his secret key for unauthorized access. Then the pirated decoder's would be Γ t = v t .g ts the t's user secret key. Given the pirated decoder, the identity of the traitor can be traced as follows: • The Core knows the public key of every user i x g which was obtained and verified during the process of authentication procedure execution.
Hence the traitor can be traced.

Property 2
Any member can be dynamically revoked with trivial computations.

Proof
Members have to be revoked in the event of a voluntary member leave or compelled member leave (traitor). In that case, the leaving member's key should be revoked without affecting the state of the other active user secret keys. Let l be the leaving member whose membership has to be revoked. The member revocation is done as follows: • K is giver by 1 i n K ... = Γ + + Γ + + Γ ⋯… • To revoke a member l, delete I's secret key Γ i from K. The process is given by: Any revoked member cannot decrypt the message subsequently maintaining forward secrecy. Assume Γ i is the user secret key that was revoked and c = K. m + v j . g sy the cipher text obtained after revocation. Then process of decryption using the revoked key Γ l is given by: Then by the principle of Orthogonality the above equation can be simplified as:

SECURITY AND PERFORMANCE ANALYSIS
The security analysis proves that Multicrypt is secure against IND-CPA and IND-CCA with the help of standard formal security models.

Theorem 2
Multicrypt encryption function is a one-way function and the following hold: • The function is easy to compute. Namely, there exists a PPT algorithm A which on input msg returns c←ε K (msg) in time polynomial in |msg| • The function is hard to invert. Namely, for all PPT algorithms there exists a negligible function ∈ (.) such that Equation 4:

Proof
The Multicrypt encryption scheme given by c = K*w + v j *r consists of scalar multiplication, vector addition and one exponentiation which could be done in polynomial time with an algorithm which on input msg returns c = f (msg). To prove the sec case, consider a polynomially bounded adversary A having access Pr[h = g | (q,g,g ,g ,c)] be the probability that A finds h∈Γ. Therefore, Equation (4) can be written as Equation 5: Multicrypt is similar to a sub band coding scheme. As in sub-band coding scheme, encoding a message twice results in two different cipher texts, encrypting a message twice results in two different cipher texts. The numerical experiment carried out by Harkins et al. (2005) shows that Science Publications AJAS a brute force attacks on is infeasible. Moreover, the experiments and mathematical proofs by Harkins et al. (2005) show that the garbage or random value r added during the encryption process can control the accuracy an adversary would need to make a guess of V.
Further, two Hadamard matrices are considered equivalent if one can be obtained from the other by negating rows or columns, or by interchanging rows or columns. Up to equivalence, there is a unique Hadamard matrix of orders 1, 2, 4, 8 and 12. There are 5 in equivalent matrices of order 16, 3 of order 20, 60 of order 24 and 487 of order 28. Millions of in equivalent matrices are known for orders 32, 36 and 40. Using a coarser notion of equivalence that also allows transposition, there are 4 in equivalent matrices of order 16, 3 of order 20, 36 of order 24 and 294 of order 28. Therefore, if the orthogonal matrix (V) is carefully chosen as proposed by Koukouvinos and Simos (2011) then the attacker needs to try all possible key values to find the matrix. Due to the randomness introduced in the encryption process, an exhaustive key search does not give all possible plain text messages. The same plaintext message when encrypted twice will result in two different cipher texts.
Therefore, it becomes hard to perform an exhaustive key search. Assuming the key is carefully chosen and the key space is sufficiently large then it can be written that Equation 6: The problem of finding N N (q,g,g ,g ,c) is equivalent to the problem of Computational Diffie-Hellman (CDH). Assuming, CDH problem is intractable and oneway. The adversary has negligible probability of finding h' =h. Therefore, the probability can be written as Equation 7: Hence, we get Equation 8:

Corollary 1
If ε k is a one way function, then with OAEP+ the encryption scheme is IND-CCA and IND-CCA2 secure (Shoup, 2001) Then from Theorem 2 and Corollary 1, Multicrypt is IND-CCA and IND-CCA2 secure. Bellare and Rogaway (1994) gave the first formal model of security for the analysis of authentication and key agreement protocols. It is a game-based definition, in which the adversary is allowed to interact with a set of oracles that model communicating parties in a network and where the adversary's goal is to distinguish whether the challenge it is given is a correctly shared key or is a randomly generated value. This study also provided the first computational proof of security for a cryptographic protocol. By following this approach namely, the Bellare and Rogaway or BR models, another formal security proof is presented here to prove that the proposed cryptosystem is IND-CPA and IND-CCA secure.

Proof
Indistinguishability under chosen plain text attack or left-right indistinguishability under chosen plain text attack is to consider an adversary not in possession of the secret key, chooses two messages of same length. Then one of the messages is encrypted and the cipher text is given to the adversary. The working of the left-right encryption oracle is as given in Algorithm 4. The scheme is considered secure if the adversary has negligible advantage in guessing which one of the two messages was encrypted.
The problem for the adversary is to find to which oracle it is interacting. The adversary can make polynomial queries to the oracle as the adversary is polynomial bounded. An adversary, is constructed which is given a left-right encryption oracle ε k (LR(m o ,m 1 ,b)) that takes as input two messages and return the encryption of either the left or the right message in the pair, depending on the value of the bit b. The bit b∈{0,1} is chosen random. The adversary construction is shown in Algorithm 5.

Exper m ent Exp
3. if A querid D Γ (.) on a ciphertext previously retuned by ε K (LR(....b))? 0:b when, b = 1, the oracle returns c 1 c 2 = ε K (0 n )||ε K (0 n ). that c 1 = c 2 due to the randomness introduced in the algorithm. Moreover, ε K is a random permutation and the adversary algorithm would return 0 similarly, when b = 0, the oracle returns c 1 c 2 = ε K (0 n )||ε K (1 n ). From the description of the same multicrypt encryption algorithm it can be observed that c 1 = c 2 due to the randomness in the algorithm. The adversary algorithm would return 0. Therefore: Therefore, the adversary making a guess b r of the value b becomes hard as it can be observed that adversary algorithm will return 0 for both left and right oracle functioning. In other words, ( ) r s 1 Pr b b 2 = = Therefore: Hence, A's IND-CPA advantage is zero. Indistinguishability under chosen cipher text attack is a stronger type of attack. In this type of attack, an adversary has access to decryption oracle as well. A decryption oracle can be assumed as any user with valid key offering decryption service. As in the case of chosen plain text attacks, the adversary is given the left or right encryption oracle described Algorithm 4. The experiment is as given in Algorithm 6. The adversary goal is to guess the value of b correctly. The adversary construction for indistinguishability under chosen cipher text attack is as given in Algorithm 7.

Algorithm 7 Adversary
The adversary queries with the message (msg 0 , msg 1 ) each one block long and it's returned a cipher text c. It flips the bits of c to get c' and then submits the cipher text c' to the decryption oracle. When b = 1, let c be the cipher text that was returned from the encryption oracle. Then, ε k (msg 1 ) =K×w 1 +v j ×r⊕1 l . Now the decryption part, msg = Dr i (c') ≠ msg 0 or msg 1 . A close observation of the encryption and decryption process would confirm the claim that in any case msg ≠ msg 1 . It can thus be written that:

Performance Analysis
In this subsection, the performance of Multicrypt is analyzed. Table 2 gives the time complexity of Multicrypt. Simulations were carried out in which the average time taken by Multicrypt for key setup, encryption and decryption were calculated. The results obtained by varying key size and data size are plotted in Fig. 1-6 respectively. Also, the simulation compares Multicrypt with RSA, a standard public key encryption mechanism.
The operating characteristics are:

Key Length
The length of the two keys, the master key and the sub-keys are the same. Therefore, the length of the key is equal to the dimension of the vector v i . Therefore, the length of the key is denoted as l k bits.

Plain Text Length
The plain text or the message m can take values from the group setup (G.×.g.q). Therefore, the range of message is g<msg<q. If the size of q is n q bits then the size of msg would also be n q bits long and it's of O(n p ).

Cipher Text Length
Cipher text c is given by c = K*msg + v j *r. As msg and r are scalars, the length of the cipher text is equal to the dimension of K. If the vector K is of dimension l k , the cipher text is of O(l k ).

Encryption Complexity
The encryption complexity is determined by counting the number of operations performed during the process. The encryption process consists of two scalar multiplication and one vector addition. Therefore, one scalar multiplication involves multiplying, vector dimension times the scalar. The number of multiplication is equal to the dimension of the vector, say l k , then scalar multiplications constitutes to 2l k multiplications. The number of additions performed in adding two vectors is equal to the dimension of the vector. Therefore, the complexity is given by O(2l k ) assuming addition as trivial operation.

Decryption Complexity
The decryption complexity is determined by counting the number of operations performed during the process.
In the decryption process, one vector dot product and scalar multiplication is performed. The complexity then from the above discussions is shown to be of O(l k +1) .

Simulation
The performance of the Multicrypt cryptosystem was simulated using Java programming language in Intel Core Pentium i5 machine. The average key setup time, encryption time and decryption time were analysed.

Average Key Setup Time
The average key setup time is the time taken in milliseconds to set up the key for a given key size. The Multicrypt cryptosystem needs to set up the keys as described in the key generation procedure. In the simulation carried out, it's the time taken to generate the sub-keys (Γ i = v i ×g sy |∀i∈Γ) and master key (K =Γ 1 +…+Γ n ).

Average Encryption \ Decryption Time
The average encryption\decryption time is the time taken in milliseconds to encrypt \decrypt a given message with the master key.

Average Throughput
Average throughput is the number of plaintexts encrypted and decrypted in bits per sec. In other words, it is the ratio of size of message in bits to the sum of average key setup time, encryption time and decryption time in sec.

Multicrypt Performance-Varied Data Sizes
The performance of Multicrypt for the parameters indicated above for different data sizes for a fixed key size of 1024 were analyzed and are plotted in Fig. 1. The analysis was carried out for varied data sizes ranging from 2048 bits (2 MB) to 10240 bits (10 MB) in steps of 2048 bits (2 MB). The key size is fixed at 1024 bits (the secure standard size for Diffie Hellman Key Exchange setup).   Fig. 1 it can be observed that average encryption and decryption time increases with increase in data size. This is due to the fact that message range is between g<m<q.q is the modulus in the group setup and g is the primitive element or the generator. Larger the number of bits for q, larger would be the magnitude of the number that can be represented and larger would be the cardinality of the group.
Therefore, a larger the number of bits for q, a bigger message can be encrypted in one encryption whereas for q with less number of bits (a small value) will require multiple encryptions and decryptions. Moreover, the throughput ratio defined as the ratio between average encryption throughput and average decryption throughput remains constant as shown in Fig. 2. Even from Fig. 1, it can be observed that the average encryption throughput and average decryption throughput remains constant across varied data sizes.

Multicrypt Performance-Varied Key Sizes
The analysis were carried out for varied key sizes in bits like 1024, 2048, 3072 and 4096 though the secure recommended standard key size for Diffie Hellman Key Exchange's (DHKE), Computational Diffie Hellman (CDH) assumption to hold is 1024.   Fig. 3 it can be seen that the key setup time increases with increase in key size which is the inherent property of DHKE set ups. The average encryption time is relatively less. An important observation would be the decrease in average encryption as the size of key increases. This is due to the fact that not every encryption needs exponentiation. A closer analysis of the encryption algorithm will reveal that they are one time setup and subsequently they are used with trivial and few non-trivial operations. Another reason for this decline of average encryption time with increase of key size is the DHKE group set up. In this kind of setup, as explained before, message can take values only between g<m<q. Therefore, the choice of number of bits for q affects the number of encryptions or the size of message that can be accommodated in one encryption. But larger the size of q, larger would be the key setup time. Since, q being a large prime, the time taken to test a large n-bit number to be a prime or not increases with the number of bits n. That is the reason why the key setup time increases with the number of bits.

Benchmark Tests
To benchmark the performance of Multicrypt cryptosystem with a standard cryptosystem, RSA was chosen for comparison. The architecture of Multicrypt encryption mechanism is so comprising that it could not be possibly clearly fitted into any of the classification of cryptosystems like symmetric, asymmetric, broadcast and threshold. Elgammal encryption mechanism which could be arguably close to the working of Multicrypt will definitely perform below Multicrypt, since it requires a new key to be generated for every encryption. RSA being an asymmetric cryptosystem was chosen to only benchmark the performance of Multicrypt key setup time, average encryption and decryption throughput. The result of the simulation were analyzed and plotted as given in Fig. 4-6 respectively.
From Fig. 4, it can be observed that the key set up time increases with increase in key size for both RSA and Multicrypt. But relatively, it can be observed that Multicrypt average key set up time is significantly less than RSA. RSA's average key set up time is on the higher side due to its heavy dependence on exponentiation over large numbers. As the key size increases these operations gets costlier in RSA. Figure 5 and 6 shows the average encryption time and throughput comparison between Multicrypt and RSA respectively. It can be seen from Fig. 5 that average encryption time decreases with key size for Multicrypt while the same increases for RSA. This is due to fact that an Science Publications AJAS encryption in RSA involves exponentiation and as the key size increases, time taken for exponentiation operations increases. This increases the average encryption time of RSA and thereby decreasing the average throughput as well which is evident in Fig. 6. Average throughput of Multicrypt is significantly larger due to the increase in the size of message that can be accommodated in one encryption as described in previous subsections.

CONCLUSION
Multicast Security is very difficult to achieve in real-life and more so in the presence of adversaries in the system. In this study, the design of Multicrypt, a multicast cryptosystem which would secure multicast communication is presented. The key management protocol using Multicrypt will be a future work. The Multicrypt reduces the overhead involved in key establishment process when incorporated into a key management protocol. Support for dynamic key revocation reduces the overheads of rekeying. This enables decoupling of network dynamics from the rekeying. Table 2 shows that Multicrypt requires less storage space per user and controller. Multicrypt cryptosystem's security was analyzed and was shown to be resilient against IND-CPA and IND-CCA attacks. Multicrypt performance through benchmark tests showed that Multicrypt cryptosystem's average key setup time, average encryption throughput and average decryption throughput are efficient. Therefore, from the results and analysis, the Multicrypt cryptosystem when applied to dynamic environments like ad hoc network, cloud computing environment would provide significant improvement in the reduction of communicational and computational overheads.