In section 4 we have shown that the group key management is scalable because it requires only logarithmic overhead for each join and leave. All the new keys can be encrypted and concatenated in one message which is sent to the multicast group. The new member gets a short unicast message from the server. If we have members we have seen that we only need 30 keys. We know that symmetric keys are very short, the longest ones today use 20 bytes. Symmetric encryption does not make the message longer than one block-size, which is usually 8 bytes. Therefore the message to the new user will be at most 24 bytes * 30 which is only 720 bytes. The message which is multicasted carries each new key encrypted twice. Therefore this message is only 1440 bytes long. Considering that these calculations are for one billion subscribers, we can see that the key management overhead on the network is negligible.
Further we can argue that we can also cluster joins and leaves. This will make the overhead much smaller when we cluster simultaneous joins in one subtree since only one update message needs to be sent to the multicast group. In case leaving members are also localized in the tree, the key update can also get combined and the update only needs to start from the tree node that the leaving members have in common. The requirement for atomic expellation of subsets of members is therefore also satisfied since no expelled member stays ``longer'' in the group than any other.
We have shown that the performance overhead for key management
functions is small. Next we investigate how much overhead the
encryption and decryption yields. It is widely known that symmetric
encryption algorithms are very fast to compute. On a Pentium-II based
machine we can encrypt and decrypt at 10 Mbit/s in software. Since the
ciphertext is not longer than the plaintext, security adds no network
overhead
. Because a digital
signature is also very short (on the order of 20 bytes) this also does
not add any considerable or unscalable overhead either.