On the (In)Security of ElGamal in OpenPGP

May-24-2023, 23:40:03 GMT–Communications of the ACM

Let G be a group and g G a generator. To create a key pair (sk, pk), pick a random integer x, compute the element X gx, and output (sk, pk): (x, X). Given pk, to encrypt a message M, pick an ephemeral random integer y, compute the elements Y gy and Z Xy gxy, and output C (C1, C2): (Y, M · Z) as the ciphertext. Given sk, to decrypt C, first recover element Z from C1 as per Z Yx gyx and then use C2, Z to recover M C2/Z. To instantiate the scheme, the following details have to be fixed: Which group G shall be used?

exponent, gcrypt, library, (14 more...)

Communications of the ACM

May-24-2023, 23:40:03 GMT

Journals Web Page

Add feedback

Country:
- Europe > Switzerland
  - Zürich > Zürich (0.15)
- North America > United States
  - California
    - Alameda County > Berkeley (0.04)
    - San Diego County > San Diego (0.04)
    - Santa Clara County > San Jose (0.04)

Industry:
- Information Technology > Security & Privacy (1.00)

Technology:
- Information Technology
  - Artificial Intelligence (0.94)
  - Security & Privacy (1.00)