1. Overview
In this tutorial, we present the Elgamal cryptographic algorithm. It uses asymmetric cryptography to encrypt messages.
2. Symmetric Cryptography
In symmetric cryptography, we use a secret key to apply an encryption algorithm to a message . Consequently, the algorithm’s output is cipher text .
Then, can be sent to any recipient while remains secret from anyone who doesn’t know ‘s value. However, knowing , we can apply the decryption algorithm to the cipher text. Since decryption is the inverse of encryption, we have .
2.1. Applying Encryption and Decryption Algorithms
Let’s assume that Alice would like to send a secret message to her friend Bob. Therefore, Alice encrypts with , using some encryption algorithm . She thus obtains a cipher text and sends it to Bob via email, for instance.
Also, in the email, Alice mentions the name of the algorithm she used (Advanced Encryption Standard, for instance). Then, after receiving , Bob needs to know ‘s value to apply the AES decryption algorithm. But, the problem now is that needs to remain secret.
2.2. Key Distribution
As we’ve seen in the case of Alice and Bob, the distribution of secret keys is a challenge. In fact, it is one of the main difficulties in implementing a symmetric encryption algorithm in a network environment. Researchers have therefore developed key distribution algorithms tailored for different applications. Nevertheless, the key distribution problem was one of the main drives behind the development of asymmetric cryptography.
3. Asymmetric Cryptography
In asymmetric cryptography, keys come in pairs: a public key and its corresponding private key . Each communicating party/agent owns a pair. Then, an agent, say Bob, shares the value of his public key with all other agents. This possibility of sharing public keys eliminates the problem of having to distribute secret keys over public communication channels. On the other hand, Bob is the only one who knows the value of his private key .
If Alice wants to send a secret message to Bob, she encrypts it with Bob’s public key to obtain cipher text . In contrast, decryption uses private keys. So, Bob is the only one who can decrypt and get .
3.1. Algorithms of Asymmetric Cryptography
An algorithm that implements the general idea of asymmetric cryptography usually provides the following:
- a method for generating a public/private key pair
- an encryption function that uses the public key
- a decryption function making use of the private key
- a proof of the algorithm’s security
The Elgamal cryptographic algorithm relies on modular multiplication and discrete logarithms. This is what we’ll discuss in the following sections.
3.2. Modular Multiplication
Let’s consider an integer and a non-negative integer . Further, we can find two integers and : and . Then, we say that modulo , abbreviated as mod . For instance, we have mod since .
Moreover, we can compute multiplication modulo , i.e., mod . In multiplication, the multiplicative inverse of , denoted as is a number such that mod . Consider, for instance, multiplication modulo :
3.3. Existence of Multiplicative Inverses
We can notice that not all numbers have multiplicative inverses. In fact, only 3, 7, and 9 have multiplicative inverses mod . These are the rows colored in red, where appears as a result of multiplication. So, for instance, the multiplicative inverse of 3 is . This is because mod .
Moreover, a known property of modular multiplication is that a number has a multiplicative inverse mod if and only if it is relatively prime to . Two numbers are relatively prime if they have no common factors other than 1. In fact, 3, 7, and 9 are relatively prime to 10. That’s why they are the only numbers in the table above with multiplicative inverses.
3.4. The Discrete Logarithm
If we multiply a number by itself times, we write mod . We call the base and the exponent or logarithm. Also, we write mod . The function here is the discrete logarithm since it deals with whole numbers. Moreover, there is no efficient algorithm to compute discrete logarithms. Therefore, computing discrete logarithms is difficult (computationally complex).
4. Elgamal Cryptographic Algorithm
The Elgamal algorithm makes use of the difficulty of computing discrete logarithms. This difficulty provides security to the algorithm, as we will show. But first, we need to introduce the concept of a primitive root.
4.1. Primitive Roots
Let’s consider the set of all numbers that have multiplicative inverses mod . As we mentioned previously, these numbers in the range from 0 to are relatively prime to . Therefore, as we already know, . Moreover, if is a prime , then since all numbers from to are relatively prime to .
Also, if there is a number such that the set mod , mod mod , then is called a primitive root of . Let’s assume , the table below shows that only and are its primitive roots.
If is a primitive root of , then, for any , mod is a distinct value. This shows in the table above: mod (a unique value). However, mod or . This follows from the definition of primitive roots.
4.2. Encryption
Let’s assume Alice would like to send a secret message to Bob. Bob has already chosen as a prime and a primitive root of . He also chose a private key , where . Finally, Bob computed his public key mod . Then, he sent Alice the values over any public channel.
To encrypt , Alice applies the following algorithm:
algorithm ElgamalEncryptionAlgorithm(p, α, u, m):
// INPUT
// p = a prime number
// α = a primitive root of p
// u = public key (α^r mod p)
// m = the message to be encrypted
// OUTPUT
// c1, c2 = the cipher texts
x <- choose a random value between 1 and p - 1
c1 <- α^x mod p
c2 <- m * u^x mod p
return c1, c2
4.3. Decryption
To decrypt , Bob applies the following algorithm:
algorithm ElgamalDecryption(c1, c2):
// INPUT
// c1 = the first part of the cipher text
// c2 = the second part of the cipher text
// OUTPUT
// m = the decrypted message
Compute c1^r as α^(rx) mod p
m <- c2 * (c1^r)^(-1) // = m * u^x * (α^(rx))^(-1) = m * α^(rx) * (α^(rx))^(-1) mod p = m
return m
4.4. Analysis
As we already know, discrete logarithms are hard to compute. Therefore an intruder knowing the public information will find it hard to compute the private key . This is because, to know , the intruder has to compute the discrete logarithm mod .
5. Conclusion
In this tutorial, we talked about Elgamal cryptographic algorithm. We showed how to use the algorithm for both encryption and decryption.