ElGamal Encryption System

The ElGamal encryption system is a public key encryption algorithm by Taher Elgamal in 1985
that is based on the Diffie-Hellman key exchange.
This encryption system use both symmetric and asymmetric cryptographic techniques
We assume that the message M that Bob encrypts and sends to Alice is an integer. A sending
message is encoded into integers.
We describe the three components of ElGamal encryption, namely
key generation,
Encryption of message using public key, and shared secret key
Decryption of message using private key

04/29/2025 COMPUTER AND NETWORK SECURITY 1

 The ElGamal Crypto System
Objective: generate pub/priv keys & then generates a secret key for encryption
Key Generation – each user (eg. A, B) generates their key, suppose q is a prime number, a is the shared secret
key and YA is the generated Public key
• chooses a secret key xA (number): 1 < xA< q-1
x
• compute their public key: yA= a A mod q
• A’s private key = xA public key = {q, a, yA}
• Any user (B) having access to A’s public key (YA) and shared secret key (a) can encrypt M as follows:
• chose random integer k with 1 <= k <= q-1
k
• compute one-time key K = yA mod q
• encrypt M as a pair of integers (C1,C2) where
k
• C1 = a mod q ; C2 = KM mod q
• We need to compute C1 to extract the secret key (K)on the receiving side
• A then recovers (Decrypts) message by
• recovering key K as K = C1xA mod q
• computing M as M = C2 K-1 mod q

2
 Why ElGamal Works
k
As K = yA mod q
x
• yA= a A mod q
x k
• K = a A mod q
k
• C1 = a mod q
xA
• K = (C1) mod q
• Next, C2 = KM mod q
• OR, C2K-1= M mod q = M
• If we calculate K-1, we can recover the M

3
 ElGamal Encryption/Decryption Example 1
 The modular inverse of A mod C is
the B value that makes A * B mod C =
Let q=19 and a=10
1
Alice computes her key:  Only the numbers coprime to C

A chooses xA=5 & computes yA= a A mod q
x (numbers that share no prime factors
5
with C) have a modular inverse (mod

yA=10 mod 19 = 3 C)
Example: A=3, C=7
Bob send message M=17 as (C1, C2::11,5) by Step 1. Calculate A * B mod C for B

chosing random k=6 values 0 through C-1
 k 6
computing K = yA mod q = 3 mod 19 = 7 3 * 0 ≡ 0 (mod 7)
k 6 3 * 1 ≡ 3 (mod 7)

computing C1 = a mod q = 10 mod 19 = 11;
3 * 2 ≡ 6 (mod 7)
C2 = KM mod q = 7*17 mod 19 = 5 3 * 3 ≡ 9 ≡ 2 (mod 7)
3 * 4 ≡ 12 ≡ 5 (mod 7)
Alice recovers original message by computing: 3 * 5 ≡ 15 (mod 7) ≡ 1 (mod 7) <------ ​
 5
recover K = C1xA mod q = 11 mod 19 = 7
FOUND INVERSE!
3 * 6 ≡ 18 (mod 7) ≡ 4 (mod 7)

Modular Multiplicative Inverse K-1 = 7-1 = 11

recover M = C2 K-1 mod q = 5*11 mod 19 = 17
4
 ElGamal Encryption/Decryption Example2

Let q=19 and a=10

Alice computes her key:
x

A chooses xA=5 & computes yA= a A mod q
5

yA=10 mod 19 = 3

Bob send message m=16 as (C1, C2::11,17) by


chosing random k=6
k 6

computing K = yA mod q = 3 mod 19 = 7
k 6

computing C1 = a mod q = 10 mod 19 = 11;
C2 = KM mod q = 7*17 mod 19 = 17

Alice recovers original message by computing:

5

recover K = C1xA mod q = 11 mod 19 = 7

Modular Multiplicative Inverse K-1 = 7-1 = 11

recover M = C2 K-1 mod q = 17*11 mod 19 = 16
5
 ElGamal Encryption/Decryption Example3

Let q=19 and a=10

Alice computes her key:
x

A chooses xA=7 & computes yA= a A mod q
7

yA=10 mod 19 = 15

Bob send message m=17 as (C1, C2::18,2) by


chosing random k=9
k 9

computing K = yA mod q = 15 mod 19 = 18
k 9

computing C1 = a mod q = 10 mod 19 = 18;
C2 = KM mod q = 18*17 mod 19 = 2
Alice recovers original message by computing:
7

recover K = C1xA mod q = 18 mod 19 = 18

Modular Multiplicative Inverse K-1 =18-1 = 18

recover M = C2 K-1 mod q = 2*18 mod 19 = 17

6
 ElGamal Digital Signature Scheme
Key Generation – each user (eg. A) generates their key
• chooses a secret key (number): 1 < xA< q-1
x
• compute their public key: yA= a A mod q
• A’s private key = xA public key = {q, a, yA}

• Signing
• To sign a message m, first its hash m = H(m) is computed, such that 1<=m<=q-1
• chose random integer K with 1<=K<=q-1 & gcd(K, q-1) = 1
• Compute the signature pair (S1, S2) as follow:
k
• S1 = a mod q (same as computing C1)
• Also, Compute K-1 mod(q-1), such that K.K-1 mod q-1 = 1
• S2 = K-1(m- XAS1) mod (q-1)
• Send (m, S1, S2)

• Verification
m
• Compute V1 = a mod q
S1 S2
• Compute V2 = (yA) (S1) mod q
• The signature is valid if V1 = V2
7
ElGamal Digital Signature Scheme – How it works
• Lets assume that V1 = V2
m S1 S2
• a mod q = (yA) (S1) mod q

xA k
• Substitute YA = a mod q & S1 = a mod q

m xA S1 K S2
• a mod q = (a ) (a ) mod q
m - XAS1 KS2
• a mod q = a mod q

• m - XAS1 = KS2

• m - XAS1 = KK-1(m- XAS1) [sub S2]

• m - XAS1 = m- XAS1

8
ElGamal Digital Signature Scheme – Example
Let q=19 and a=10

Alice computes her key:

16
A chooses xA=16 & computes yA=10 mod 19 = 4 • Signing
• To sign a message m, first its hash m = H(m) is computed, such
that 1<=m<=q-1
Alice signs message with hash m=14 as: • chose random integer K with 1<=K<=q-1 & gcd(K, q-1)
• choosing random K=5 which has gcd(18,5)=1 = 1
5
• computing S1 = 10 mod 19 = 3 • Compute the signature pair (S1, S2) as follow:
k
• S1 = a mod q (same as computing C1)
• finding K-1 mod (q-1) = 5-1 mod 18 = 11 • Also, Compute K-1 mod(q-1), such that K.K-1 mod
• computing S2 = 11*(14-16*3) mod 18 = 4 q-1 = 1
• • S2 = K-1(m- XAS1) mod (q-1)
Sends (S1=3,S2=4) • Send (S1, S2)

Bob can verify the signature by computing • Verification

m
14 • Compute V1 = a mod q
V1 = 10 mod 19 = 16 •
S1 S2
Compute V2 = (yA) (S1) mod q
V2 = 43*34 = 5184 = 16 mod 19 • The signature is valid if V1 = V2
since 16 = 16 signature is valid