ElGamal encryption

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

The ElGamal algorithm is an asymmetric-key encryption algorithm for public-key Cryptography which is based on Diffie-Hellman key agreement. It was described by Taher Elgamal in 1984. The ElGamal algorithm is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with the ElGamal algorithm.

ElGamal can be defined over any cyclic group G. Its security depends upon the difficulty of a certain problem in G related to computing discrete logarithms.

1 Algorithm
2 External Links

Algorithm

ElGamal consists of three components:

Key generator,
Encryption algorithm, and
Decryption algorithm.

Key Generator

Alice generates an efficient description of a cyclic group $G$ of order $q$ with generator $g$ . See below for specific examples of how this can be done.
Alice chooses a random $x$ from $\{0, \ldots, q-1\}$ .
Alice computes $h = g x$ .
Alice publishes $h$ , along with the description of $G, q, g$ , as her public key. Alice retains $x$ as her secret key.

Encryption Algorithm

The encryption algorithm works as follows: to encrypt a message $m$ to Alice under her public key $(G, q, g, h)$ ,

Bob converts $m$ into an element of $G$ .
Bob chooses a random $y$ from $\{0, \ldots, q-1\}$ , then calculates $c 1 = g y$ and $c_2=m\cdot h^y$ .
Bob sends the ciphertext $(c 1, c 2)$ to Alice.

Decryption Algorithm

The decryption algorithm works as follows: to decrypt a ciphertext $(c 1, c 2)$ with her secret key $x$ ,

Alice computes $\frac{c_2}{c_1^x}$ as the plaintext message.

The decryption algorithm produces the intended message, since $\frac{c_2}{c_1^x} = \frac{m\cdot h^y}{g^{xy}} = \frac{m\cdot g^{xy}}{g^{xy}} = m$

If the space of possible messages is larger than the size of $G$ , then the message can be split into several pieces and each piece can be encrypted independently. Typically, however, a short key to a symmetric-key cipher is first encrypted under ElGamal, and the (much longer) intended message is encrypted more efficiently using the symmetric-key cipher — this is termed hybrid encryption.

External Links

Retrieved from "http://cryptodox.com/ElGamal_encryption"

Category: Asymmetric Key Cryptography

Navigation