ElGamal Encryption Algorithm

By →
Name :- Arvind Bishnoi
Roll no :- 19107
Branch :- CSE ( VIIth SEM )
Introduction of ElGamal Encryption Algo.
1. ElGamal encryption is a public-key cryptosystem

2. ElGamal Algo. uses asymmetric key encryption for

communicating between two parties and encrypting the
message.

3. This cryptosystem is based on the difficulty of finding

discrete logarithm in a cyclic group

4. It is based on the Diffie–Hellman key exchange And It

was described by Taher Elgamal in 1985.
Components of ElGamal Encryption Algo.
ElGamal encryption consists of three components

1. Key Generation
2. Encryption
3. Decryption
 Step 1 : Key Generation

Receiver Generates public and private keys.

● Select Large Prime No. (P)
● Select Decryption key/ private Key (D)
gcd(D,P)=1
● Select Second part of Encryption key or public
key (E1) & gcd(E1,P)=1
● Third part of the encryption key or public key
(E2)
E2 = E1D mod P
● Public Key=(E1, E2, P) & Private key=D

Suppose :
1. P=11 , D=3, E1=2
2. Then E2= 23 mod 11=8
3. Public key=( 2, 8, 11) & Private key= 3.
 Step 2 : Encryption

Sender Encrypts Data (PT) Using Receiver’s

Public Key

● Select Random Integer ( R )

● C1= E1R mod P
● C2 =(PT X E2R) mod P
● C. T. =(C1,C2)

Continuous :-
1. R=4, C1=24 mod 11=5, PT=7
2. C2=( 7 x 84) mod 11=6
3. C.T. = (5,6)
 Step 3 : Decryption

Receiver End Decrypts the Message

● PT=[C2 X (C1D)-1] mod P

Continuous :-

● PT= (6 x ( 53 ) -1 ) mod 11
= 18 mod 11 = 7
Example of ElGamal Algo
Case Study :- Maersk Not petya Ransomware attack
 Introduction
● In 2017 Maersk was impacted by Not-Petya ransomware attack
and their network was down for a whole 9 days.

● A total of 49,000 PCs and 7,000 servers were encrypted by Not-

petya. Other companies that were impacted by the same attack
are Merck, TNT express etc.

● The tools used in Notpetya were EternalBlue and Mimikatz and

hence the attack was very fast and devastating for victims.

● It was The Most Devastating Cyber attack in History that’s

How a single piece of code crashed the world.
 How did it happened ?

● A.P. Miller-Maersk, a Danish shipping company, was hit by

NotPetya on June 27, 2017, in an attack carried out by
Kremlin-backed hackers.

● As part of a well-planned operation, attackers took control of

the software update mechanism of M.E.Doc, the de facto
standard accounting package for firms doing business in
Ukraine.

● The damage was mostly done within an hour, and Maersk's

network was destroyed completely within seven minutes.

● But, it took nine days to fully restore the Active Directory

system.
 Not-Petya Ransomware And It’s components
● The most damaging vulnerability created for Russia's cyberwar against Ukraine to far, Not-
Petya, destroyed roughly 50,000 business PCs and turned its whole VoIP phone network
inaccessible.

● Not-Petya was propelled by two powerful penetration tools.

● First penetration tool known as EternalBlue:- It is takes advantage of a vulnerability in a

particular Windows protocol, allowing hackers free rein to remotely run their own code on any
unpatched machine.

● Second penetration tool known as Mimikatz :- In 2011 French security researcher Benjamin
Delpy developed it as a proof of concept. Delpy originally released Mimikatz to demonstrate
how Windows stored users' passwords in computer memory. Mimikatz could pull passwords
from RAM after hackers gained initial access to a computer and use them to hack into other
machines accessible with the same credentials. It could even allow an automated attack to
hopscotch from one machine to the next on networks with multi user computers.
 Recovery of Systems
● An incident response team was assembled, and an
emergency recovery center was put together in Great
Britain to mitigate and recover from the NotPetya attack.

● The company quickly produced 2,000 laptops, while

WhatsApp groups became an essential communication
lifeline for them.

● All computer equipment was surrendered and new

computers were purchased and distributed to recovery
workers. Staff started from scratch rebuilding servers. This
effort, however, came to a halt when it was discovered that
there was no clean backup of the company's domain
controllers.
 The Cost of NotPetya
● In 2017, the malware NotPetya spread from the servers of a small Ukrainian software
company to some of the world's largest corporations, paralysing their operations.
● Here is a list of the estimated damages reported by some of the worm's most prominent
victims.

Company Cost

Pharmaceutical company Merck $870,000,000

Delivery company FedEx (through European subsidiary TNT Express) $400,000,000

French construction company Saint-Gobain $384,000,000

Danish shipping company Maersk $300,000,000

Snack company Mondelēz (parent company of Nabisco and Cadbury) $188,000,000

British manufacturer Reckitt Benckiser $129,000,000

Total damages from Not-Petya, as estimated by the White House $10B

Thank You