ElGamal+Encryption

ElGamal Encryption and decryption done properly. Due November 11, 2009.

We're still going to use small numbers at this stage, just to get used to the structure of ElGamal. All we've seen so far is that the discrete logarithm is a wild animal.

Remember base 7? We can write all our numbers using only the symbols 0, 1, 2, 3, 4, 5, 6 and place value in powers of 7. The number 342 in base 7 means 3times 49 plus 4times 7 plus 2 in base 10, that is, 177. Weird, huh? 342 in base 7 is an odd number. Mathematicians have studied the structure of groups like this. Mod 7 is just like single digit base 7! Here's the multiplication table for mod 7. Each row and column has the entire list of 1 through 6 (I left off the column and row of zeroes.)


 * Times || 1 || 2 || 3 || 4 || 5 || 6 ||
 * 1 || 1 || 2 || 3 || 4 || 5 || 6 ||
 * 2 || 2 || 4 || 6 || 1 || 3 || 5 ||
 * 3 || 3 || 6 || 2 || 5 || 1 || 4 ||
 * 4 || 4 || 1 || 5 || 2 || 6 || 3 ||
 * 5 || 5 || 3 || 1 || 6 || 4 || 2 ||
 * 6 || 6 || 5 || 4 || 3 || 2 || 1 ||

A more useful table for our purposes is a table of powers of 0 through 6 mod 7. Read the table like this. The base b is in the first vertical column, the power x is in the first horizontal row. The table entry is the b^x mod 7. The last row is homework number 1.

**6 1 6 1** //(This is when I thought it might repeat 6 and 1 again)// **6 1** //(My suspicions were correct.)// So the row is: 616161 - [|LauraShuman] I am hoping that Laura performed the calculations with great earnestness. I fear that she built her answer out of patterns in the given first five rows. Her answer is correct. On the one hand, we math people pay attention to patterns. But we also know that facts trump patterns. - [|mcdaniel30] My earnestness was great indeed in performing the calculations, McDaniel. - [|LauraShuman] I am relieved to learn of the sincerity of your earnestness. - [|mcdaniel30]
 * power> || 1 || 2 || 3 || 4 || 5 || 6 ||
 * 1 || 1 || 1 || 1 || 1 || 1 || 1 ||
 * 2 || 2 || 4 || 1 || 2 || 4 || 1 ||
 * 3 || 3 || 2 || 6 || 4 || 5 || 1 ||
 * 4 || 4 || 2 || 1 || 4 || 2 || 1 ||
 * 5 || 5 || 4 || 6 || 2 || 3 || 1 ||
 * 6 ||  ||   ||   ||   ||   ||   ||

We notice that powers of 3 and 5 generate the digits 1 through 6. The vocabulary for this situation is, 3 and 5 are **primitive** in the **group** Z_7.

ElGamal encryption: x is the message. p is a prime number. A is a primitive element of Z_p. a is a secret number. k is any element of Z_p-1. I need to brush up on my group theory - what does it mean to be an element of Z_p-1? - [|LauraShuman] Z stands for the set of integers. Z_p-1 stands for the integers mod p-1 and the notation is pronounced "Z sub p minus 1" A group is a set of elements, a binary operation (multiplication here) and enough structure so that the multiplication is closed and associative. There has to be an identity element and an inverse for each element. In the Z_7 multiplication table, 1 is the multiplicative identity. The inverse of 5 is 3. (3*5 =15. But 15 = 1 (mod 7).)

The person establishing the ElGamal code making machine performs a calculation: B = A^a (mod p). p, A and B are made public inside the ElGamal code maker, e(x,k). A person sending a message x chooses a number k. The machine creates an ordered pair.

e(x,k) = (A^k mod p,xB^k mod p).

This ordered pair is sent over the internet or airwaves or whatever to the person who set up the ElGamal code machine. The receiver decrypts:

d(y_1,y_2) = y_2(y_1^a)^-1 mod p = x.

Problem 2. Make a working example. Feel free to use the 7, 3 and 5 which were provided in the cheesy explanation. Everyone should do this problem.

x = 4 p = 7 A = 3 a = 10 k = 2 B = A^a mod p = 3^10 mod 7 = 4

e(x,k) = e(4,2) = (A^k mod 7, xB^k mod 7) = (3^2 mod 7, 4*4^2 mod 7) = (2,1)

d(y_1,y_2) = d(2,1) = 1*(2^10 mod 7) ^-1 = 1(2)^-1 = 1(4) = 4 = my message! user:LauraShuman

Here's another: x = 10 p = 13 A = 6 a = 8 k = 4 B = 3

e(10,4) = (6^4 mod 13, 10 * 3^4 mod 13) = (9,4)

d(9,4) = 4 * (9^8 mod 13)^-1 = 4 * (3)^-1 mod 13 = 4*9 mod 13 = 36 mod 13 = 10 = my message! user:LauraShuman

x=2 p=7 A=5 a=4 k=3 B=2 e(2,3) = 5^3 mod 7, 2x2^3 mod 7 = (6,2) d(6,2) = 2(6^4 mod 7)^-1 = 2, my original message user:D_Sweeney

x=11 p=7 A=5 a=6 k=5 B= (5^6) mod 7 = 1 e(x,k) = e(11,5) = ((5^5) mod 7,11*(1^5) mod 7) = (3,4) d(3,4) = 4*(3^6 mod 7)^-1 = 4 4 is not 11, but it’s equal to 11 in mod 7…. does x need to be less thank p?

user:wrighann Yes, the message needs to be shorter than the modulus. ElGamal mods by p, so if your message is longer than p, your message simply cannot reappear intact. The mod p would not be big enough to allow x to reappear upon decryption. I'm willing to bet we'd lose x without the ability to recover in the encryption part, as well. I will add this investigation to the next homework. user:mcdaniel30 x = 6 p = 7 A = 3 a = 9 k = 4 B = (3^9) mod 7 = 6 e(x,k) = (3^4 mod 7, 6*6^4 mod 7) = (4,6) d(4,6) = 6*(4^9 mod 7)^-1 = 6, which was the message. user:MattJohnson1013 x=5 P=17 A=6 a=13 k=3 B= 6^13 mod 17 = 10 e(x,k) = (5^3 mod 17, 10*5^3 mod 17) = (6,60) d(6,60) = 60*(6^13 mod 17)^-1 = 6 ??? user:TrevorBarton

Problem 3. What are y_1 and y_2? y_1=A^k mod p and y_2=xB^k mod p user:D_Sweeney Dave is correct. More can be said. So, somebody seeking more points could add a sentence or two here. user:mcdaniel30

Problem 4. What is (y_1^a)^-1 ? As seen from the process of encrypting and decrypting, this is the multiplicative inverse of y_1^a mod p. EX: (3*5) mod 7 = 1 so 5 is the multiplicative inverse of 3, mod7 user:D_Sweeney

Problem 5. How does the decryption calculation give back the original x? d(y_1,y_2) = (y_2)*((y_1)^a)^-1 mod p = x : from decryption process (x(B^k) mod p)*(A^(ka) mod p ) ^-1 mod p : substituted in equations for y_1 and y_2 x [(A^a mod p)^k mod p]*[(A^k mod p)^-a mod p] : substituted in equation for B x [(A^(ka) mod p) mod p]*[(A^(-ka) mod p) mod p] Inverses: A^(ka) * A^(-ka) = 1 in mod p, so left with x, and the second mod p will turn out the same as the first ... mod p) mod p. (I don't know if I said that last line right.) user:wrighann