Join Log in
Score:0
Public IP avatar Crypto

ElGamal same private and random key attack

cn flag
Public IP

I'm having difficulty understanding this.

Consider two messages are encrypted using the same cyclic group order $q$, generator $g$, private key $x$, and random parameter $y$. The attacker knows a plaintext $m_1$ and its corresponding ciphertext $c_1=\left(r_1,s_1\right)$.

I was told that, under these circumstances, if an attacker also knows the ciphertext $c_2=\left(r_2,s_2\right)$ of another message $m_2$, they can recover $m_2$.

How is this possible? Wouldn't the attacker need to know $q$ and $g$?

36
0 + 0
Score:0
meshcollider avatar Crypto
gb flag
meshcollider

$q$ and $g$ are usually assumed to be public knowledge - they are known as public parameters (or are part of the users' public keys).

If the same random value $y$ is used for both messages, then $r_1 = r_2 = g^y$.

Then we know that $s_1 = (r_1^x) \cdot m_1$ and $s_2 = (r_1^x) \cdot m_2$.

Thus the attacker can compute $$m_2 = \frac{s_2}{s_1}m_1$$ in the group.

0 + 0
Public IP avatar
cn flag
Public IP
Ah thanks. If I had understood that *q* and *g* are considered public knowledge, this is exactly what I would have done.
0
Reply
Public IP avatar
cn flag
Public IP
What if we were to introduce modulo?
0
Reply
meshcollider avatar
gb flag
meshcollider
"In the group" means modulo the order of the group. E.g. the inversion of $s_1$ is done modulo $q$
0
Reply
Public IP avatar
cn flag
Public IP
I guess I'm not understanding. For example $m_1=s_1\times\left({r_1}^x\right)^{-1}\mod q$. How did you get $s_1=r_1\times m_1$ from that?
0
Reply
meshcollider avatar
gb flag
meshcollider
Sorry, I just forgot to write the power of $x$. Fixed :)
0
Reply
Public IP avatar
cn flag
Public IP
What about the inverse?
0
Reply
meshcollider avatar
gb flag
meshcollider
What do you mean?
0
Reply
Public IP avatar
cn flag
Public IP
$\left(r_1^x\right)^{-1}$
0
Reply
meshcollider avatar
gb flag
meshcollider
Yes, what about it? It's the same as what I wrote, but inverted. I'd encourage you to expand out the details if you're not sure, and see that it all cancels.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.