what is encrypted file size using elgamal cryptosystem?

Question

What is the elgamal encrypted file size after encrypting, say, a 1mb file of normal text using elliptical curves?

I'm getting a 250mb encrypted file size? How much off is it from normal standards?

Answer 1

You should not only use asymmetric encryption for any amount of bytes that can go over the size of the key, minus a certain minimum overhead. This overhead depends on the algorithm used, for instance RSA PKCS#1 padding overhead takes 11 bytes minimum and OAEP takes about 42 bytes minimum. If you directly use an asymmetric primitive you will get this overhead for each block of keylength - overhead of data.

Basically, to be safe, you should always encrypt a small amount of bytes. In general this means that a hybrid cryptosystem is deployed for any non-trivial amount of bytes (and, just to remain compatible, often for trivial amounts of bytes as well).

A hybrid cryptosystem randomly generates a symmetric session or data key for each message to encrypt. This symmetric key encrypts the data. The symmetric key itself is also encrypted (or, for a better term, wrapped) using the asymmetric algorithm. Then both elements are send, making for a small overhead of 0 to 32 bytes for the symmetric encryption and the output size (usually the key size) of the asymmetric algorithm. To decrypt unwrap the symmetric key and then decrypt the ciphertext.

As you can see the hybrid cryptosystem is much more efficient both with regards to ciphertext size and CPU time. Asymmetric cryptography is much less efficient than symmetric encryption.

As for the algorithms used, ElGamal is a pretty old scheme. I'd suggest RSA OAEP as asymmetric primitive with a key size of 4096 bits and AES-GCM as symmetric primitive. Due to the differences between asymmetric and symmetric, this scheme will still be faster than just ElGamal.