Introduction to ElGamal encryption algorithm

Introduction

Previous describes the RSA asymmetric encryption algorithm RSA algorithm introduction , this look at the ElGamal algorithm.
First, it is an asymmetric encryption algorithm based on Diffie-Hellman key exchange. It was proposed by Tahir Gemmore in 1985. It can be defined on any cyclic group G. Its security depends on the discrete logarithm problem on G. (RSA is based on factorization of large numbers)

Before introducing the principle of the algorithm, familiarize yourself with a few concepts:

Order

Suppose n>1, a and n are relatively prime, then there must be an x ​​(1≤x ≤n-1) such that: a ^x ≡ 1 (mod n)
satisfies the smallest integer x of a ^x ≡ 1 (mod n), called Is the order of a mod n. The symbol is represented as Ord _n (a)

Observe the equation a ^x ≡1(modn) According to Euler's theorem, we can obviously know that φ(n) is a solution of the equation, but it may not be the smallest, so it is not necessarily the order, and when φ(n) is a modulus When the order of n is, we call a a primitive element of n.

Motomoto

When the order of a modulo n is φ(n), that is, if and only if x is a multiple of φ(n), so that a ^x ≡1 (mod n) holds, then a is called the primitive element of n.
For example:

these remainders constitute a complete remainder system 1, 2, 3, 4, 5, 6 modulo 7, that is, for any a, x0 can be found such that:
5 ^x0 ≡a (mod 7).

Primitive element solving Python:

# 用辗转相除求最大公因子
def gcd(a, b):
    r = a % b
    while r != 0:
        a = b
        b = r
        r = a % b
    return b


# 欧拉函数
def euler(a):
    cnt = 0
    for i in range(1, a):
        if gcd(a, i) == 1:
            cnt += 1
    return cnt


# 阶
def order(a, n, b):
    #   输出b在mod(a)中的阶
    #   n是mod(a)群的阶
    p = 1
    while p <= n and b ** p % a != 1:
        p += 1
    if p <= n:
        return p
    else:
        return -1


# 求本原元
def primitive_root(a):
    n = euler(a)
    for b in range(2, a):
        if order(a, n, b) == n:
            return b

print(primitive_root(37))
# 可以看到，是2

Algorithm flow

It is also introduced through a case, or Alice wants to use the ElGamal encryption algorithm to send information to Bob. .

1. Key generation

1. For Bob, a large prime number p must be randomly selected first, and p-1 is required to have a large prime factor. Then choose a primitive element α modulo p. Publish p and α. For the convenience of calculation, we take p = 37, then a primitive element of Z37 α = 2.

2. Randomly select an integer d as the key, 2≤d≤p-2. We choose d = 5,

3. Calculate β=α ^d mod p, β=2 ⁵ mod 37 = 32

2. Encryption

Suppose Alice wants to send a message x = 29

1. First select a random number k, assuming k = 7,
   then: y1 = α ^k mod p = 2 ⁷ mod 37 = 17
   y2 = x β ^k mod p = 29×32 ⁷ mod 37 = 33
2. Send the ciphertext y = (17,33) to Bob

3. Decrypt

Bob receives the ciphertext y = (17,33) and restores the plaintext as follows:
x = y2 (y1 ^d ) ^-1 mod p
= 33 (17 ⁵ ) ^-1 mod 37
= 33×2 mod 37
= 29