Cryptography

ELGAMAL CRYPTOSYSTEM
Besides RSA, another public-key cryptosystem is
ElGamal. ElGamal is based on the discrete logarithm
problem.

for every integer a coprime to p, there is an integer k such that gk ≡ a (mod p).
Such k is called the discrete logarithm of a to the base g modulo p. g is the
primitive root.

Intuitively means that it’s hard to take logarithms

base g because there are many candidates.

12/25/2023 2
• We will rely on the formula below being an
easy problem one direction and hard in
reverse.
• a = gk mod p
– Easy: given g, k, & p, solve for a
– Hard: given a, g, & p, solve for k
Pick g < p
• g must be a primitive root of p. (g <p)
• A primitive root generates the finite field p.
• Every n in {1, 2, …, p-1} can be written as gk mod p
• Example: 2 is a primitive root of 5
20 = 1 21 = 2 22 = 4 23 = 3 (mod 5)
Definition : A field is a nonempty set F of elements with two operations
“+” and “‧” satisfying the following axioms.
– (i) F is closed under + and ‧; i.e., a+b and a‧b are in F.
– (ii) Commutative laws: a+b=b+a, a‧b=b‧a
– (iii) Associative laws: (a+b)+c=a+(b+c) , (a‧b)‧c=a‧(b‧c)
– (iv) Distributive law: a‧(b+c) = a‧b + a‧c
– (v) (vi) Identity: a+0 = a , a‧1 = a for all a F. 0 ‧a = 0.
– (vii) Additive inverse (viii) Multiplicative inverse

12/25/2023 4
 Setting up ElGamal
• Let p be a large prime
– By “large” we mean here a prime rather typical in length to that of
an RSA modulus
• Select a special number g
– The number g must be a primitive element modulo p.
• Choose a private key x
– This can be any number bigger than 1 and smaller than p-1
• Compute public key y from x, p and g
– The public key y is g raised to the power of the private key x
modulo p. In other words:

y = gx mod p

12/25/2023 5
 ElGamal encryption
1. Generate a random number k
2. Compute two values C1 and C2, where
C1 = gk mod p and C2 = Myk mod p
3. Send the ciphertext C, which consists of the two separate values
C1 and C2.

12/25/2023 6
 ElGamal decryption
C1 = gk mod p C2 = Myk mod p

1 - The receiver begins by using their private key x to transform C1 into

something more useful:
C1x = (gk)x mod p
NOTE: C1x = (gk)x = (gx)k = (y)k = yk mod p
2 - This is a very useful quantity because if you divide C2 by it you get M. In
other words:
C2 / yk = (Myk) / yk = M mod p

12/25/2023 7
 Setting up ElGamal: example
Step 1: Let p = 23

Step 2: Select a primitive element g = 11

Step 3: Choose a private key x = 6

Step 4: Compute y = 116 (mod 23)

=9

Public key is 9
Private key is 6

12/25/2023 8
 ElGamal encryption: example

To encrypt M = 10 using Public key 9

1 - Generate a random number k = 3

2 - Compute C1= 113 mod 23 = 20

C2= 10 x 93 mod 23
= 10 x 16 = 160 mod 23 = 22

3 - Ciphertext C = (20 , 22 )

12/25/2023 9
 Example

Given p=17,g=3 and you want to encrypt message M=8 with a

random key k=15.
Calculate c1 and c2 for the ciphertext (c1,c2). Using ElGamal
public key encryption algorithm.

12/25/2023 10
 Exercise
1. Suppose Host A and Host B are using a platform to setup
secure session between them, and they apply the Diffie-
Hellman key exchange protocol with the following parameters:
Public parameters: modulus p = 19, base g = 10 (primitive root
modulo p) Private key of A: 3, Private key of B: 7 Generate the
shared secret key between Host A and Host B.

2. Calculate the following big moduli:

i. 13503 𝑚𝑜𝑑 15
ii. 5425 𝑚𝑜𝑑 11

12/25/2023 11
 Exercise

1. Let p = 13; q = 7; e = 9; m = 10 be the values for RSA

encryption/decryption algorithm. Show the Key generation
and Encryption steps, i.e., generate the keys and encrypt the
message m = 10 with the keys to create a ciphertext. Also,
show the steps to demonstrate that you can successfully
decrypt the ciphertext.

12/25/2023 12
Diffie-Hellman Key Exchange
Color Mixing Example
 Security of ElGamal
Recall the two different strategies for trying
to “break” RSA:

1. Trying to decrypt a ciphertext without

knowledge of the private key
2. Trying to determine the private key

What hard problems do you come across if you try to follow

these two different strategies to break ElGamal?

12/25/2023 14
 The Problem of Key Exchange
• One of the main problems of symmetric key
encryption is it requires a secure & reliable
channel for the shared key exchange.

• The Diffie-Hellman Key Exchange protocol

offers a way in which a public channel can be
used to create a confidential shared key.
 A Difficult One-Way Problem
• The first thing we require is a simple real-
world operation that is easy to Do but hard to
Undo.
– You can ring a bell but not unring one.
– Toothpaste is easy to squeeze out of a tube but
famously hard to put back in.

• In our example we will use Mixing Colors.

– Easy to mix 2 colors, hard to unmix
Alice & Bob with Eve listening wish to make
a secret shared color
Step 1 - Both publicly agree to a shared
color
Step 2 - Each picks a secret color
Step 3 - Each adds their secret color to the
shared color
Step 4 - Each sends the other their new
mixed color
Each combines the shared color from the other
with their own secret color
Diffie-Hellman Key Exchange
Adding Mathematics
 Diffie-Hellman Setup
• all users agree on global parameters:
– large prime integer or polynomial q
– α a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
xA
– compute their public key: yA = α mod q
• each user makes public that key yA
 Diffie-Hellman Calculation

• shared session key for users A & B is KAB:

xA.xB
KAB = α mod q
xB
= yA mod q (which B can compute)
xA
= yB mod q (which A can compute)
• KAB is used as session key in private-key encryption scheme
between Alice and Bob
• if Alice and Bob subsequently communicate, they will have
the same key as before, unless they choose new public-
keys
• attacker know q and public key YA, not possible to
calculate private key XA, nor shared session key
 Alice & Bob have a shared encryption key,
unknown to Eve
• Alice & Bob have created a shared secret key,
s, unknown to Eve
• The shared secret key can now be used to
encrypt & decrypt messages by both parties.