Score:0

ElGamal same private and random key attack

cn flag

I'm having difficulty understanding this.

Consider two messages are encrypted using the same cyclic group order $q$, generator $g$, private key $x$, and random parameter $y$. The attacker knows a plaintext $m_1$ and its corresponding ciphertext $c_1=\left(r_1,s_1\right)$.

I was told that, under these circumstances, if an attacker also knows the ciphertext $c_2=\left(r_2,s_2\right)$ of another message $m_2$, they can recover $m_2$.

How is this possible? Wouldn't the attacker need to know $q$ and $g$?

Score:0
gb flag

$q$ and $g$ are usually assumed to be public knowledge - they are known as public parameters (or are part of the users' public keys).

If the same random value $y$ is used for both messages, then $r_1 = r_2 = g^y$.

Then we know that $s_1 = (r_1^x) \cdot m_1$ and $s_2 = (r_1^x) \cdot m_2$.

Thus the attacker can compute $$m_2 = \frac{s_2}{s_1}m_1$$ in the group.

Public IP avatar
cn flag
Ah thanks. If I had understood that *q* and *g* are considered public knowledge, this is exactly what I would have done.
Public IP avatar
cn flag
What if we were to introduce modulo?
meshcollider avatar
gb flag
"In the group" means modulo the order of the group. E.g. the inversion of $s_1$ is done modulo $q$
Public IP avatar
cn flag
I guess I'm not understanding. For example $m_1=s_1\times\left({r_1}^x\right)^{-1}\mod q$. How did you get $s_1=r_1\times m_1$ from that?
meshcollider avatar
gb flag
Sorry, I just forgot to write the power of $x$. Fixed :)
Public IP avatar
cn flag
What about the inverse?
meshcollider avatar
gb flag
What do you mean?
Public IP avatar
cn flag
$\left(r_1^x\right)^{-1}$
meshcollider avatar
gb flag
Yes, what about it? It's the same as what I wrote, but inverted. I'd encourage you to expand out the details if you're not sure, and see that it all cancels.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.