Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption

Outline Background and uses of Elgamal Primitive roots Public and private key generation in Elgamal Elgamal encryption and decryption Mathematical justification Implementation as a block cipher

Elgamal Public Key Encryption Concepts similar to RSA – Prime numbers – Discrete logarithm problem Component of many secure systems – Digital Signature Standard (DSS) – S/MIME ( )

Components of Elgamal Components: – Large prime q –  = some primitive root of q  is primitive root of q if – For all integers p 0 < p < q there exists some integer n < q such that  n mod q = p That is, powers of  “generate” all integers mod q – Necessary to make sure encryption has unique inverse, as this insures that (  n mod q) ≠ (  m mod q) for n ≠ m

Primitive Roots Example: q = 19

Public and Private Keys Example: q = 19,  = 10 Generate random integer X A – 1 < X A < q-1 X A = 5 Compute Y A =  X A mod q Y A = 3 Public key: {q, , Y A } {19, 10, 3} Private key: {X A } {5} Security similar to RSA – Must be able to solve modular logarithm X A = log α Y A to crack

Encryption Overview Sender creates “one time key” for encryption – Message encrypted using modular exponentiation on one time key and public keys – Key “encrypted” using modular exponentiation and public keys – Recipient “decrypts” one time key using their private key – Recipient then decrypts message using that key 7

Encryption Process Sender generates random integer k < q Sender computes one-time key K = (Y A ) k mod q Message M encrypted as two integers (C 1, C 2 ) C 1 = α k mod q C 2 = KM mod q Example: Plaintext message M = 17 Choose random k = 6 K = 3 6 mod 19 = 7 C 1 = 10 6 mod 19 = 11 C 2 = 7 x 17 mod 19 = 5 8

Decryption Recipient recovers K = C 1 X A mod q Example: K = 11 5 mod 19 = 7 Recipient then recovers M = (C 2 K -1 ) mod q – K -1 is inverse of K mod q Example: 7 -1 mod 19 = 11 (77 = 4 x ) M = 5 x 11 mod 19 = 17 9

Why Does This Work? (Key Retrieval) K = (Y A ) k mod q Definition of K = (  X A mod q) k mod q Definition of Y A = (  X A k ) mod q Rules of modular exponentiation = (  k X A ) mod q = (  k mod q) X A mod q = (C 1 X A ) mod q Definition of C 1 10

Why Does This Work? (Message Retrieval) M = (C 2 K -1 ) mod q = ( (KM mod q) K -1 ) mod q Definition of C 2 = (M K K -1 ) mod q Rules of modular exponentiation = (M) mod q = M If M < q 11

Using Elgamal as a Block Cipher If M > q must break into smaller blocks M 1, M 2, M 3 … < q Must use different k for each block – Otherwise single known M i allows all blocks to be decrypted by factoring out K C 21 = KM 1 mod q = M 1 mod q = M 1 C 22 KM 2 mod q M 2 mod q M 2 If M 1 known then M 2 = C C 22 M 1 mod q 12

What’s Next Let me know if you have any questions Continue on to the next lecture on Diffie- Hellman Key Exchange