Elgamal

The Elgamal cryptosystem is a public key encryption scheme based on the difficulty of the discrete logarithm problem.

Setup

Choose a prime $p$ and a primitive root $g$ modulo $p$ .

Bob chooses a secret key $a$ and publishes

A \equiv g^{a} (mod p)

So the public key is $(p, g, A)$ and the private key is $a$ .

To send a message $m$ modulo $p$ , Alice chooses a random integer $k$ and computes

c_{1} c_{2} \equiv g^{k} (mod p) \equiv m A^{k} (mod p)

These powers modulo $p$ are computed efficiently using Binary Exponentiation.

The ciphertext is the pair $(c_{1}, c_{2})$ .

Bob computes

c_{1}^{a} \equiv (g^{k})^{a} = g^{ka} \equiv A^{k} (mod p)

and then recovers the plaintext by

m \equiv c_{2} (c_{1}^{a})^{- 1} (mod p)

An attacker sees $g^{a}$ and $g^{k}$ , but recovering $a$ or $k$ from those values requires solving a discrete logarithm problem.