University of Science and Technology

Houari Boumediene
(USTHB)

Bachelor Project

Cryptography - ELGAMAL System -

BOUSBIAT Fatma Zohra

Department of Algebra & Cryptography

Supervised by

Dr. BENNENNI Nabil

Faculty of Mathematics

6 September 2020
Declaration
I hereby certify that the material, which I now submit for assessment on the
programs of study leading to the award of Bachelor of Algebra and Cryptography
, is entirely my own work and has not been taken from the work of others except
to the extent that such work has been cited and acknowledged within the text of
my own work. No portion of the work contained in this thesis has been submitted
in support of an application for another degree or qualification to this or any other
institution.

———————————–
BOUSBIAT Fatma Zohra
6 September 2020

2
Acknowledgements
I would first like to thank my thesis advisor Dr Bennini of the Algebra and crypto-
graphy departement at university of science and technology Houari Boumedienne.
The door to Prof. Mr Bennini was always open whenever I ran into a trouble spot
or had a question about my research or writing. He consistently allowed this paper
to be my own work, but steered me in the right direction whenever he thought I
needed it, and I am gratefully indebted to him for his very valuable comments on
this thesis.

Finally, I must express my very profound gratitude to my parents and to my family

for providing me with unfailing support and continuous encouragement throughout
my years of study and through the process of researching and writing this thesis.
This accomplishment would not have been possible without them. Thank you

3
List of Figures
1 Symmetric encryption . . . . . . . . . . . . . . . . . . . . . . . . . 8
2 Asymmetric encryption . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 block diagram of the introduced cryptosystem . . . . . . . . . . . . 15
4 Different values of g . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5 Encryption/Decryption Algorithm in Python . . . . . . . . . . . . . 18
6 Encryption/Decryption Algorithm in Python(following) . . . . . . . 19
7 El Gamal signing in python . . . . . . . . . . . . . . . . . . . . . . 20
8 El Gamal signing in python(followig) . . . . . . . . . . . . . . . . . 21

4
Contents
1 Introduction 7

2 Literature review 8
2.1 What cryptography is? . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Different types of cryptography . . . . . . . . . . . . . . . . . . . . 8
2.2.1 Symmetric Cryptography: . . . . . . . . . . . . . . . . . . . 8
2.2.2 Asymmetric Cryptography (Public Key Cryptography): . . . 9
2.3 How Diffie-Hellman protocol appeared ? . . . . . . . . . . . . . . . 10
2.4 The difference between Diffie-Hellman and El Gamal protocol . . . 10
2.5 ElGAMAL protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5.1 The Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5.2 Practical examples . . . . . . . . . . . . . . . . . . . . . . . 12
2.5.3 Advantage and Disadvantages of El-GAMAL . . . . . . . . . 14

3 Implementation 15
3.1 The introduced cryptosystem . . . . . . . . . . . . . . . . . . . . . 15
3.2 Picking g value in ElGamal and discrete logarithms . . . . . . . . . 16
3.3 ElGamal Encryption/Decryption: . . . . . . . . . . . . . . . . . . . 17
3.4 ElGamal signature . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

4 The reliability and the security of cryptographic scheme ElGamal 21

5 Conclusions 22

5
Abstract
In the applications of Internet and wireless communication network, information
security is one of the most challenging aspects. Cryptography is the best solution
that offers the requisite protection from unintended persons. By using encryption
and decryption mechanisms, cryptography can convert the data from its readable
form to unreadable one so that only the intended receiver can read the message and
alter it. By this way, one can ensure that message can be sent or stored without
any modification. The presented work is concerned with a particular type of
asymmetric key cryptography called El-Gamal algorithm to be used for encryption
and decryption. The cryptosystem performance is evaluated via different quality
measures for encryption/decryption . The given results confirm the effectiveness
of the presented scheme .

6
1 Introduction
Information security is the protection of information and its critical elements, in-
cluding the systems and hardware that use, store, and transmit that information.
It includes the broad areas of information security management, computer, data
integrity1 and network security. It is based on the three characteristics of informa-
tion that gives it value to organizations: confidentiality, integrity, and availability.
The security of these three characteristics of information is as important today as it
has always been. for example, Access to sensitive military locations was controlled
by means of badges, keys, and the facial recognition of authorized personnel by
security guards.During these early years, information security was a straightfor-
ward process composed predominantly of physical security and simple document
classification schemes. but the growing need to maintain national security eventu-
ally led to more complex and more technologically sophisticated computer security
safeguards. Multiple levels of security were implemented to protect these main-
frames and maintain the integrity of the data.One of encryption systems that helps
to increase the level of security is The ElGamal encryption scheme, it has been
proposed several years ago and is one of the few probabilistic encryption schemes.
The following project is made up of two parts.In the first part, we are going to
start talking about information security and its importance nowadays. Then, we
will move further to define what cryptography is and cite its two different types.
Since The ElGamal protocol is based on the Diffie-Hellman protocol, we won’t
start talking about El-Gamal before mentioning how Diffie-Hellman protocol ap-
peared and the difference between the two schemes. After that, we will look at the
ElGamal scheme and its overall algorithms: Signature, encryption and decryption
algorithms. To clarify more, we will give some examples. Also, we will discuss ad-
vantages and disadvantages of ElGamal algorithms. When it comes to the second
part, an implementation will have place. Firstly, We are going to present the in-
troduced cryptosystem. Secondly, an implemantation of ElGamal algorithms in
Python will be included . Thirdly, we will talk about the security of the introduced
algorithm and finally comes the conclusion.

1
Ensuring that information has not been tampered with

7
2 Literature review
2.1 What cryptography is?
As we move further into an information society, the technological means for global
surveillance of millions of individual people are becoming available to major gov-
ernments. Cryptography has become one of the main tools for privacy, trust,
access control, electronic payments, corporate security, and countless other fields.

Cryptography is the art or science of keeping messages secret. People mean dif-
ferent things when they talk about cryptography. However, it contains the real
security which is the kind of security that can be used to protect information
of real value against organized criminals, multinational corporations, and major
governments. And strong encryption that is used to be only in the military do-
main; however, in the information society it has become one of the central tools
for maintaining privacy and confidentiality

2.2 Different types of cryptography

2.2.1 Symmetric Cryptography:

Figure 1: Symmetric encryption

Two parties agree on a secret key (private key)2 and use the same key for en-
cryption, and can at a later point use this secret key to decrypt a message. The
problem with this approach was that this method does not scale. If you wanted
to communicate privately with somebody, you would need to physically meet and
2
A secret random number generated by the user. It should be kept secret

8
agree on the secret key. In the world of modern communications, where we need
to coordinate with many actors, such methods would not be feasible.

2.2.2 Asymmetric Cryptography (Public Key Cryptography):

Figure 2: Asymmetric encryption

Asymmetric cryptography uses key pairs for encryption where each party generates
their own public-private key pair. Private keys should be kept secret and a public
key 3 could be freely distributed among parties. In an asymmetric encryption
scenario, two parties would distribute their public keys and allow anyone to encrypt
messages using their public keys. Because of how a key pair mathematically works
it is impossible to decrypt a message which got encrypted with a public key. This
message can travel securely to the owner of the private key and only he/she would
be able to decrypt the message using the private key which is associated with the
public key .This method works the other way around. Any message encrypted
with a private key can only be decrypted with the corresponding public key. This
method is also referred as a Digital Signature. Public key cryptography has been
around since the 1970s and used in computer and communication security since
then. The first publicly available asymmetric key scheme was produced by the
cryptographers Ron Rivest, Adi Shamir and Leonard Adleman. The algorithm
was called RSA and it is still one of the most widely used algorithms as of today.
3
A public key is mathematically derived from the private key. It is made available to
everyone.

9
2.3 How Diffie-Hellman protocol appeared ?
Perhaps the most striking development in the history of cryptography came in
1976 when Whitfield Diffie and Martin Hellman published new directions in Cryp-
tography [Diffie and Hellman 1976] . Their work introduced the concept of public-
key cryptography and provided a new method for key exchange. This method is
based on the intractability of discrete logarithm problems. Although the authors
had no practical realization of a public-key encryption scheme at the time, the
idea was clear and it generated extensive interests and activities in the world of
cryptography. Diffie-Hellman Key Exchange is an asymmetric cryptographic pro-
tocol for key exchange and its security is based on the computational hardness of
solving a discrete logarithm problem.

2.4 The difference between Diffie-Hellman and El Gamal

protocol
The difference is purely conceptual. That is, when Diffie-Hellman published their
4
paper, they equated between public-key encryption and trapdoor functions .
Thus, they did not think that they had constructed a public-key encryption scheme,
and this invention came only a year later with RSA5 . In fact, Diffie and Hellman
even explicitly talk about publishing one part of the key...

The contribution of ElGamal was to formalize this as an encryption scheme, and

free us of the conceptual block that public-key encryption requires a trapdoor
function. In addition, note that El Gamal was very clear about this in his protocol
that shows a way to implement the public key distribution scheme introduced by
Diffie and Hellman to encrypt and decrypt.
4
a function that is easy to compute in one direction, difficult to compute in the opposite
direction (finding its inverse) Trapdoor functions are widely used in cryptography.
5
a public-key encryption technology

10
2.5 ElGAMAL protocol
One of the powerful and practical public-key schemes ,was produced by ElGamal
in 1985 (ElGamal, 1985).ElGamal is based on the Diffie-Hellman Key Exchange
method. It uses the same domain parameters (p,q,g) and private/public key pair
(b,B = g b ≡ p) for a recipient B. The plaintext message to be encrypted needs to
be encoded as an integer m in the range [1,p−2].

2.5.1 The Algorithm

Signature algorithm

The security of the ElGamal signature scheme is based on the discrete logarithm
problem (DLP). given a cyclic group, a generator g, and an element h, it is hard
to find an integer x such that gx = h.

The group is the largest multiplicative sub-group of the integers modulo p, with
p prime.

The signer holds a value x (0< x <p-1) as private key, and its public key y (where
y=gx ≡ p) is distributed.

The ElGamal signature is twice as big as p

11
ElGamal Encryption

INPUT: Domain parameters (p,q,g); recipient’s public key B; encoded message

m in range 0 < m < p−1.

OUTPUT: Ciphertext (c1 , c2 ).

1. Choose a random k in the range 1<k<p−1.

2. Compute c1 = g k ≡ p

3. Compute c2 = mB k ≡ p

4. Return ciphertext (c1 ,c2 ).

The ciphertext is the pair (c1,c2), which are both about p bits long.

ElGamal Decryption

INPUT: Domain parameters (p,q,g); recipient’s private key b ; ciphertext (c1 , c2 ).

OUTPUT: Message representative, m

1. Compute m = cp−b−1
1 c2 ≡ p

2. Return m.

2.5.2 Practical examples

ElGamal is a public key method that is used in both encryption and digital signing.
It is used in many applications and uses discrete logarithms. At the root is the
generation of P which is a prime number and G (which is a value between 1 and
P-1) [ Flonta and Miclea 2008]

A worked out example

Say the receiver chooses prime p = 71, and g=33 (We can check that 33 is a
∗
generator of Z71 ), and secret exponent x=62. Then h = gx ≡ 71 = 10. The
receiver would publish the public key (p=71, g=33, h=10).

Say a sender wants to send the message m=15. It chooses random exponent r=31,
say, computes the ciphertext (g r , hr m) = (62, 18), and sends this to the receiver.

12
To decrypt the ciphertext (62, 18), the receiver needs to compute 18/62x =
18/6262 . Recall that dividing by 62 modulo 71 really means to multiply by
62−1 ≡ 71. We can verify that 62−1 = 63 ≡ 71 because 62 · 63 = 1 ≡ 71.

Thus, the receiver will compute 18 · (62−1 )62 = 18 · 6362 ≡ 71 = 15. Of course, this
was exactly the message sent by the sender.

Example of ElGamal encryption by Alice to Bob:

INPUT : Domain parameters ( p=283, q=47, g=60)

Bob’s public key, B=216;

encoded message, m=101, such that 0<m<p−1.

1. Alice chooses a random k=36 in the range [2,q−2]

2. Alice computes c1 = g k ≡ p = 6036 ≡ 283 = 78

3. Alice computes c2 = mB k ≡ p = 101 · 21636 ≡ 283 = 218.

4. Alice sends ciphertext (c1 , c2 ) = (78, 218)toBob.

Example of ElGamal decryption by Bob:

INPUT: Domain parameters (p=283, q=47, g=60)

INPUT: Bob’s private key, b=7

INPUT: ciphertext (c1 , c2 ) = (78, 218)

1. Bob computes m = c1p−b−1 c2 ≡ p

= 78283−7−1 · c2 = 116 · 218 ≡ p

=101

13
2.5.3 Advantage and Disadvantages of El-GAMAL

The potential disadvantage of the ElGamal system is that message expansion by

a factor of two takes place during encryption( means the ciphertext is twice long
as the plaintext. when it comes to the time that it is needed to do the encryp-
tion process you may find the RSA needs less time comparing with the Elgamal,
while the decryption process in the RSA needs more time comparing with Elgamal
[Grewal 2015]. However, One of the strength of ElGamal is its non-determinism-
encrypting, the same plaintext multiple times will result in different ciphertexts,
since a random k is chosen each time. ElGamal has some benefits, which are
more interesting when using ElGamal encryption as a building block for larger
cryptographic protocols. For instance:

It is a homomorphic encryption scheme which allows multiplying plaintext hidden

inside of ciphertexts and when using the homomorphic property with an encryption
of the identity element 1 of the group allows to publicly re-randomize ElGamal
ciphertexts. Also, it Obtain new ciphertexts for the same message which are
unlinkable to the original ciphertexts using exponential ElGamal obtained from
ElGamal by encoding the message m as gm .

ElGamal can also be made additively homomorphic for polynomial sized message
spaces (since decrypting involves computing discrete logarithms). It can be used
to construct a threshold cryptosystem, which means there are n parties holding
shares of the secret decryption key and a ciphertext can only be decrypted if at
least k of these n parties are involved in the decryption process but fewer then t
parties will fail in decrypting.

El-Gamal encryption is used in the free GNU6 privacy Guard Software,recent ver-
sions of PGP7 ,and other cryptosystems.
6
GNU is the name of a computer operating system
7
Pretty Good Privacy is an encryption program that provides cryptographic privacy and
authentication for data communication.

14
3 Implementation
3.1 The introduced cryptosystem

Figure 3: block diagram of the introduced cryptosystem

Two major parts are involved in the introduced cryptosystem: information en-
cryption and information decryption based on El-Gamal algorithm. First, the
public and private keys are generated, then the public key is used to encrypt the
acquired message at the sender side. Second, the ciphered or encrypted message
will be transmitted over a secure channel to the receiver sequentially. Third, the
encrypted information will be decrypted according to the private key at the recip-
ient side to reconstruct the original message. Figure 3 explains the block diagram
of the introduced cryptosystem.

15
3.2 Picking g value in ElGamal and discrete logarithms
In reading about cryptography, We often come across the term of a cyclic group
G of order p and a generator g.

The world of public key encryption is currently dominated by two things: discrete
logarithms and elliptic curve methods. RSA is becoming a thing of the past for
new applications, but it is only hanging on as it has such a monopoly in digital
certificates. And so with discrete logarithms and the Diffie-Hellman method we
end up with:

Y = gx ≡ p

where we have a generator value (g) and a prime number p. The challenge is that
even though we know Y, g and p, it is extremely difficult to determine the x value
if we use a large prime number.

So we can not use any value of g, and it should not be as large as possible. If select
a prime number of 7, and then select g values of 2, 3, 4 . . . 9, and then calculate
the results we get :

Figure 4: Different values of g

16
If we look when g=2, we get an output of 2, 4, 1, 2, 4 . . . for the sequence values
of 1, 2, . . . This means that we do not get a unique output for the values from
1 to 6 (where the maximum value will be six as we take the modulus of 7). But
when g = 3, we get 3 (31 ≡ 7), 2 (32 ≡ 7), 6 (33 ≡ 7), 4 (34 ≡ 7), 5 (35 ≡ 7), and
1 (36 ≡ 7), which means that we get a unique value for all the possible outputs
from 1 to 6, and which then repeats. For a prime number of 7, the valid values of
g are 3 and 5.

3.3 ElGamal Encryption/Decryption:

ElGamal is a public key encryption method, and which has a public key (P,G,Y)
and a private key (x). The following will encrypt a value using ElGamal.

Initially Bob creates his public key by selecting a g value and a prime number p
and then selecting a private key (x). He then computes Y which is:

Y = gx ≡ p

His public key is (Y,g,p) and he will send this to Alice. Alice then creates a
message (M) and selects a random value (k). She then computes a and b:

a = gk ≡ p b = yk M ≡ p

Bob then receives these and decrypts with:

b
M= ax
≡p

This works because:

b yk M (g x )k M g xk M
ax
≡p= (g k )x
≡p= (g k )x
≡p= g xk
≡p=M

17
Figure 5: Encryption/Decryption Algorithm in Python

18
 Figure 6: Encryption/Decryption Algorithm in Python(following)

3.4 ElGamal signature

with ElGamal signing, we create a secret signing exponent (s) and a public veri-
fication of v = g v (≡ p), and where p is a large prime number and g is a generator
value.

we create a signing exponent of:

v = gs ≡ p

To sign a document (D), we create an ephemeral key (e). Next we calculate two
signature values:

S1 = g e ≡ p

19
S2 = (D − eS1 )e−1 ≡ p − 1

We then check that these values are the same:

v1 = v S1 S1S2 ≡ p

v2 = g D ≡ p

The public verification part of the signature is g,v,p and the signature is S1,S2.
The secret is s.

This works because:

−1
v S1 S1S2 = g sS1 g eS2 = g sS1 +eS2 = g sS1 +e(D−sS1 )e = g sS1 +(D−sS1 ) = g D

Figure 7: El Gamal signing in python

20
 Figure 8: El Gamal signing in python(followig)

4 The reliability and the security of cryptographic

scheme ElGamal
The ElGamal algorithm has a ciphertext pair. Each encrypted plaintext will gen-
erate two ciphertext values. Regarding security, the ElGamal algorithm will be
more challenging to solve than any other cryptosystem algorithm because ElGamal
has a complicated calculation to solve discrete logarithms.

Besides, implementations of ElGamal often use an element g ∈ Z ∗p of prime order

q where q is much smaller than p. When the set of plaintexts is equal to the
subgroup generated by g, the Decision Diffie Hellman assumption implies that
ElGamal is semantically secure.

ElGamal encryption, when the paramters are chosen in the right way achieves the
weaker notion of indistinguishability under chosen plaintext attacks. its security
has been concretely proven on multiple levels. [Tsiounis and Yung 1998]

21
5 Conclusions
The developments of hardware are significantly ameliorated and the cryptographic
calculations can be performed rapidly in the present day. Furthermore, the attacks
of hackers on the cryptographic algorithms can be also developed rapidly. Hence,
rapid security serving will be required. Thus, the best solution to manage the key
is public key cryptography. In public key cryptography, each user is responsible of
protecting his private key. Predominantly, this feature is called non-repudiation
which is missing in symmetric algorithms. Asymmetric key cryptography is the
basis for secure exchange of data by users through the networks. El-Gamal al-
gorithm is special type of public key technology that used in this article for en-
cryption/decryption. The security of this cryptosystem is based on the difficulty of
calculating discrete logs modulus of a large prime. Breaking El-Gamal cryptosys-
tem is based on resolving the problem of discrete logarithm to obtain the private
key x and finding c1 .

Thus, this system is applied in order to perform secrecy, confidently and security
of important information. The performance analysis of the presented cryptosys-
tem in terms of different encryption and decryption scheme measures indicates a
satisfactory level of security .

Finally, the design of this article is accomplished by comparing it with existing

approaches; the outcomes reveal that the proposed scheme is superior to other
methods in most of performance criterion. The suggested scheme can be applied
in future to cipher/decipher different kind of information .

22
References
Diffie, Whitfield and Martin Hellman (1976). ‘New directions in cryptography’. In:
IEEE transactions on Information Theory 22.6, pp. 644–654.
Flonta, Stelian and Liviu Miclea (2008). ‘An extension of the El Gamal encryption
algorithm’. In: 2008 IEEE International Conference on Automation, Quality and
Testing, Robotics. Vol. 3. IEEE, pp. 444–446.
Grewal, Jaspreet Kaur (2015). ‘ElGamal: Public-Key Cryptosystem’. In: Master
of Science to the Math and Computer Science Department Indiana State Uni-
versity.
Tsiounis, Yiannis and Moti Yung (1998). ‘On the security of ElGamal based en-
cryption’. In: International Workshop on Public Key Cryptography. Springer,
pp. 117–134.

23