Question

In: Accounting

What common elements do the ElGamal cryptosystem and Diffie-Hellman key exchange share?

What common elements do the ElGamal cryptosystem and Diffie-Hellman key exchange share?

Solutions

Expert Solution

Diffie Hellman is a key exchange protocol. It is an interactive protocol with the aim that two parties can compute a common secret which can then be used to derive a secret key typically used for some symmetric encryption scheme.

We have a group Z∗p for prime p generated by g. Party A chooses random a∈Z∗p and sends ga to B and B chooses random b∈Z∗p and sends gb to A and both compute gab as their common DH key.

Plain (unauthenticated) Diffie Hellman is known to be susceptible to person-in-the-middle attacks and this can be circumvented (as for instance done in TLS) by authenticating Diffie Hellman either

  • by including the static Diffie Hellman paramters (p,g,gb) of one party (the server in TLS) into a certificate which is signed by a trusted authority (where the static parameters stay the same for all key exchanges) or
  • by requiring the server to sign the ephemeral Diffie-Hellman key, i.e., gb where b is chosen randomly for every new interaction, sent to the other party (the client). Thereby, the public verification key corresponding to the signing key is put into a certificate which is signed by a trusted authority.
  • Using a static DH key is in principle very similar to how ElGamal works, but ElGamal encryption is non-interactive.

ElGamal encryption in contrast to DH is a public key encryption scheme and may be seen as a non-interactive DH key exchange where the public key of B is gb and the computed DH key gab is used as a one-time-pad to encrypt a message m∈Z∗p which is a group element of the respective group used, typically the encryption operation is defined as multiplying the message with the DH key, or xoring the message with a hash of the DH key.

The ciphertext is then a tuple (c1,c2) consisiting of the message encrypted with the DH key mgab and the part ga of the DH key computed by the encrypting party. But the entire process is conducted by one party, i.e., the party encrypting the message. This party then sends the tuple (c1,c2)=(ga,mgab) to the receiver B

.In a practical setting, ElGamal encryption does not really give a benefit when using it as an encryption scheme as it is, since it does only support message of size of elements of the group being used and parameters must be chosen carefully in order to obtain IND-CPA security (holds always in elliptic curves but you have to choose a suitable subgroup of Z∗p to obtain it). However, it can be turned into a hybrid encryption scheme. But when one wants to use such a hybrid encryption scheme IES/ECIES is a better choice. ElGamal encryption, when the paramters are chosen in the right way achieves the weaker notion of indistinguishability under chosen plaintext attacks (IND-CPA), where IES/ECIES achieves stronger security, namely indistinguishability under chosen ciphertext attacks (IND-CCA).

ElGamal still has some benefits, which however, are more interesting when using ElGamal encryption as a building block for "larger" cryptographic protocols. For instance:of the group allows to publicly re-randomize ElGamal ciphertexts, i.e., obtain new ciphertexts for the same message which are unlinkable to the original ciphertexts. Using exponential ElGamal obtained from ElGamal by encoding the message m as gm, i.e., as exponent of the generator g

DH or ElGamal

That heavily depends on your application scenario. For instance, are sender and receiver on line or not? Do you want to simply encrypt data for confidential storage or communicate with some other guy? One feature that can be achieved for confidential communication when exchanging keys using a key exchange protocol such as DH is forward secrecy, which you will not have when using asymmetric encryption and sending encrypted messages under a fixed ElGamal/IES/ECIES public key to a receiver.

  • It is a homomorphic encryption scheme which allows multiplying plaintext hidden inside of ciphertexts and when using the homomorphic property with an encryption of the identity element 1 of the group allows to publicly re-randomize ElGamal ciphertexts, i.e., obtain new ciphertexts for the same message which are unlinkable to the original ciphertexts. Using exponential ElGamal obtained from ElGamal by encoding the message m as gm, i.e., as exponent of the generator g,

  • , ElGamal can also be made additively homomorphic for polynomial sized message spaces (since decrypting involves computing discrete logarithms).

  • There are efficient honest-verifier zero-knowledge proofs of knowledge to prove properties of ElGamal ciphertexts without revealing the plaintext, e.g., equality of plaintexts.

  • ElGamal can be used to construct a threshold cryptosystem, i.e., there are n parties holding shares of the secret decryption key and a ciphertext can only be decrypted if at least k of these n parties are involved in the decryption process but fewer then t parties will fail in decrypting.


Related Solutions

Let’s assume A and B are creating a secret key using Diffie Hellman key exchange. Assume...
Let’s assume A and B are creating a secret key using Diffie Hellman key exchange. Assume q = 13 and A’s secret is 10 and B’s secret is 5. ⦁   Find all primitive roots of q = 13. (Show the table) ⦁   Find the secret key generated when the primitive root 6 is used. ⦁   Let’s say there is C, that uses a secret AC = 8 with A and secret BC = 12 with B. Find the shared keys...
Alice and Bob setup an elliptic curve Diffie-Hellman key exchange protocol with thesame field, curveEand pointPas...
Alice and Bob setup an elliptic curve Diffie-Hellman key exchange protocol with thesame field, curveEand pointPas given in Problem 1.Suppose that Alice selected random numbera= 3and Bob selectedb= 4, show the stepsperformed by Alice and Bob to obtain their shared key. What isthe key?
In the Diffie-Hellman key exchange, Alice sends g^x mod p to Bob, and Bob sends g^y...
In the Diffie-Hellman key exchange, Alice sends g^x mod p to Bob, and Bob sends g^y mod p to Alice. (1) How do they get a common secret? (2) Suppose an attacker is intercepting their communication, and gets to know g, p, and g^x mod p. Why can’t the attacker figure out x from these data?
PLEASE GIVE BRIEF DEFINITIONS OF: ElGamal Asymetric algorithm symmetric algorithm Diffe-Hellman key aggrement How they are...
PLEASE GIVE BRIEF DEFINITIONS OF: ElGamal Asymetric algorithm symmetric algorithm Diffe-Hellman key aggrement How they are related each other and how it is encrypted in bit wise explanations (with the octect rule and ip addresses, and how it was encrypted using those) and how it would be coded as an example. PLEASE GIVE FULL DEFINITIONS AND EQUATIONS INVOLVED AND GIVE SOME EXPLANATIONS HOW IT IS RELATED IN BIT WISE 2^n
Briefly describe the idea behind the ElGamal cryptosystem. (a) What is the one‐way function in this...
Briefly describe the idea behind the ElGamal cryptosystem. (a) What is the one‐way function in this system, if any? (b) What is the trap door in this system? (c) Define the public and private keys in this system. (d) What are the drawbacks, if any?
What is the main difference between the Symmetric-Key Cryptosystem and the Public-key cryptosystem? Please give the...
What is the main difference between the Symmetric-Key Cryptosystem and the Public-key cryptosystem? Please give the main differences of the following different encryption cryptosystems: the Block Ciphers DES and AES, Hash functions and the RSA cryptosystem and the EIGamal cryptosystem.
Question 1: What are the three key elements of motivation? How do you apply these elements...
Question 1: What are the three key elements of motivation? How do you apply these elements to your motion during the online education period? How do the contemporary theories of motivation compare to one another? Question 2: What are groups? What are the major strengths and weaknesses of groups? When is group decision making superior to individual decision making? Summarize using at least two different examples. What are some potential problems associated with group decision making in the virtual context?...
NC3A - 3.6 What are the principal ingredients of a public-key cryptosystem? 3.7 List and briefly...
NC3A - 3.6 What are the principal ingredients of a public-key cryptosystem? 3.7 List and briefly define three uses of a public-key cryptosystem. 3.8 What is the difference between a private key and a secret key? 3.9 What is a digital signature?
Share your views on what you consider are the" key elements" when a company enters global...
Share your views on what you consider are the" key elements" when a company enters global market through (i) Licensing, (ii) franchising, and (iii) full ownership. - list at least 5 points in Bullet points format and cover all three forms of entry
What do Marketers Do? 1.Analyse how the key elements of the marketing mix contribute to an...
What do Marketers Do? 1.Analyse how the key elements of the marketing mix contribute to an organisation's marketing strategy 2. Compare alternative theories of consumer behaviour and contrast how they influence marketing activities
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT