Comparison of one hash function and RSA

Question

I want to compare a hash function and a RSA encryption with another parameter. I have an algorithm with some hash function and I want to claim that computation load of these hashes is less than one RSA.

Can I say compare them with multiplication parameter, for example how many multiplication each of them has?

How can I compare them in communication load? How can I say that what the length of output in RSA is?

Answer 1

It sounds like you're trying to compare apples and oranges.

A hash function is generally expected to accept arbitrarily long inputs, and the time needed to compute it should generally scale linearly with the length of the input. Thus, a useful measure of hash function performance would be, say, "megabytes per second".

(Specifically, that would be a measure of throughput , which is the relevant measure when hashing long inputs. For short messages, a more relevant measure is the latency , which is basically the minimum time needed to hash zero-length input. Given the throughput and the latency, one can generally calculate a fairly good approximation of the time needed to hash an input of any given length as time = latency + length / throughput .)

RSA , on the other hand, can only encrypt messages shorter than the modulus, which is chosen at the time the key is generated. ( Typical modulus sizes might be, say, from 1024 to 4096 bits.) To "encrypt a long message with RSA" one would normally use hybrid encryption : first encrypt the message using a symmetric cipher like AES , using a suitable mode of operation and a randomly chosen key, and then encrypt the AES key with RSA.

The same length limits apply to signing messages with RSA — by itself, RSA can only sign messages shorter than the modulus. The standard workaround in this case is to first hash the message, and then sign the hash value. (There's also a lot of important details like padding involved that I'm not going to go into here, since we're not on crypto.SE , but which are absolutely crucial for security.)

The point is that, in both cases, the RSA operation itself takes a fixed amount of time regardless of the message length, and thus, for sufficiently long messages, most of the time will be consumed by AES or the hash function, not by RSA itself. So when you say you want to "claim that computation load of these hashes is less than one RSA", I would say that's meaningless, at least unless you fixed a specific input length for your hash. (And if you did, my next question would be "what's so special about that particular input length?")