Score:1

Understanding Practical Differences Between ElGamal and Diffie-Hellman

id flag

I've been tasked with building a Web Assembly site that implements E2EE. I was thinking of using ElGamal Encryption to encrypt the message and Diffie-Hellman to establish the key. After doing further research, I'm having trouble understanding the practical use cases of using ElGamal vs Diffie-Hellman.

If I'm understanding correctly. Diffie-Hellman and ElGamal both rely on the discrete log problem which makes them both ideal. Diffie-Hellman only establishes a key between two hosts, then a symmetric cryptography system is used to send a message. ElGamal encrypts the message one time, using the same method as Diffie-Hellman and then it must be regenerated each time which is slow and time consuming. So I'm thinking Diffie-Hellman would be best for a scenario when users are communicating frequently, and ElGamal for a one time file transfer.

So I am debating on which use within my web app. I was initially thinking to use both Diffie-Hellman and ElGamal. Now, I am thinking to use Diffie-Hellman to establish a key between two parties, then use a symmetric encryption scheme like AES.

One article I found particularly useful was https://www.commonlounge.com/discussion/2be4d294aa9e44d4b67f6644cd9b5ced

Particularly, Heading "Practical use and Applications"

If I were to use Diffie-Hellman & AES, how often would a key need to be regenerated?

I'm hoping someone can confirm if I'm understanding the practical uses correctly and help fill in any gaps in my understanding.

Thank you!

kelalaka avatar
in flag
How often really depend on your mode of operation and key sizes. If you are free to choose, choose ECDH (Elliptic Curve DHKE) and XChaCha20-Poly1305.
Davis avatar
id flag
Thanks for that suggestion. I will look into ECDH. My mode of operation is pretty small at this point. This is a project for my final year at a university.
Maarten Bodewes avatar
in flag
Are you familiar with [IES](https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme)?
kelalaka avatar
in flag
Yes, IES, or Nacl, which exist in many languages
Davis avatar
id flag
I am somewhat familiar with IES. I will look into that as well. Thank you for the suggestion. I was planning on using a crypto library. So far, BouncyCastle looked to be a highly regarded one.
Maarten Bodewes avatar
in flag
It's used much; it is also quite a badly documented jumble with had issues with side channels and such in the past. You do get great support through the dev mailinglist though, and the authors / devs are very nice guys.
Score:1
br flag

You probably want authenticated/hybrid encryption and there's probably high level functions in whatever crypto library you're using.

Here's another question where they're using IES in BouncyCastle:

https://stackoverflow.com/questions/33297274/using-bouncycastle-to-encrypt-with-ecies-in-java

Maarten Bodewes avatar
in flag
I was wondering if I would be the one writing that code, and yes, of course it was :) Beware that hybrid encryption is not all that well defined. You may want to implement ECIES yourself to use the latest and greatest modes of operation (e.g. GCM mode for the symmetric cipher instead of CBC, which is vulnerable to padding oracle attacks, which may hamper confidentiality); you may also want to *sign* your plaintext or ciphertext to allow for authentication / integrity. In that sense, using NaCL would probably be easier.
Davis avatar
id flag
Thanks everyone for the suggestions and resources! I appreciate it!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.