Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption
Outline Background and uses of Elgamal Primitive roots Public and private key generation in Elgamal Elgamal encryption and decryption Mathematical justification Implementation as a block cipher
Elgamal Public Key Encryption Concepts similar to RSA – Prime numbers – Discrete logarithm problem Component of many secure systems – Digital Signature Standard (DSS) – S/MIME ( )
Components of Elgamal Components: – Large prime q – = some primitive root of q is primitive root of q if – For all integers p 0 < p < q there exists some integer n < q such that n mod q = p That is, powers of “generate” all integers mod q – Necessary to make sure encryption has unique inverse, as this insures that ( n mod q) ≠ ( m mod q) for n ≠ m
Primitive Roots Example: q = 19
Public and Private Keys Example: q = 19, = 10 Generate random integer X A – 1 < X A < q-1 X A = 5 Compute Y A = X A mod q Y A = 3 Public key: {q, , Y A } {19, 10, 3} Private key: {X A } {5} Security similar to RSA – Must be able to solve modular logarithm X A = log α Y A to crack
Encryption Overview Sender creates “one time key” for encryption – Message encrypted using modular exponentiation on one time key and public keys – Key “encrypted” using modular exponentiation and public keys – Recipient “decrypts” one time key using their private key – Recipient then decrypts message using that key 7
Encryption Process Sender generates random integer k < q Sender computes one-time key K = (Y A ) k mod q Message M encrypted as two integers (C 1, C 2 ) C 1 = α k mod q C 2 = KM mod q Example: Plaintext message M = 17 Choose random k = 6 K = 3 6 mod 19 = 7 C 1 = 10 6 mod 19 = 11 C 2 = 7 x 17 mod 19 = 5 8
Decryption Recipient recovers K = C 1 X A mod q Example: K = 11 5 mod 19 = 7 Recipient then recovers M = (C 2 K -1 ) mod q – K -1 is inverse of K mod q Example: 7 -1 mod 19 = 11 (77 = 4 x ) M = 5 x 11 mod 19 = 17 9
Why Does This Work? (Key Retrieval) K = (Y A ) k mod q Definition of K = ( X A mod q) k mod q Definition of Y A = ( X A k ) mod q Rules of modular exponentiation = ( k X A ) mod q = ( k mod q) X A mod q = (C 1 X A ) mod q Definition of C 1 10
Why Does This Work? (Message Retrieval) M = (C 2 K -1 ) mod q = ( (KM mod q) K -1 ) mod q Definition of C 2 = (M K K -1 ) mod q Rules of modular exponentiation = (M) mod q = M If M < q 11
Using Elgamal as a Block Cipher If M > q must break into smaller blocks M 1, M 2, M 3 … < q Must use different k for each block – Otherwise single known M i allows all blocks to be decrypted by factoring out K C 21 = KM 1 mod q = M 1 mod q = M 1 C 22 KM 2 mod q M 2 mod q M 2 If M 1 known then M 2 = C C 22 M 1 mod q 12
What’s Next Let me know if you have any questions Continue on to the next lecture on Diffie- Hellman Key Exchange