Why Textbook ElGamal and RSA Encryption Are Insecure
Extended Abstract

Dan Boneh, Antoine Joux and Phong Q. Nguyen

View Related Documents

Book Chapter
Encoding-Free ElGamal Encryption Without Random Oracles
Benoît Chevallier-Mames, Pascal Paillier and David Pointcheval
Lecture Notes in Computer Science, 2006, Volume 3958, Public Key Cryptography - PKC 2006, Pages 91-104
- Download PDF (435.5 KB)
Journal Article
Attacking a polynomial-based cryptosystem: Polly Cracker
Rainer Steinwandt, Willi Geiselmann and Regine Endsuleit
International Journal of Information Security, 2001, Volume 1, Number 3, Pages 143-148
- Download PDF (157.4 KB)
Book Chapter
Differential fault analysis of secret key cryptosystems
Eli Biham and Adi Shamir
Lecture Notes in Computer Science, 1997, Volume 1294, Advances in Cryptology — CRYPTO '97, Pages 513-525
- Download PDF (795.3 KB)
Book Chapter
Public Key Cryptography
2006, A Classical Introduction to Cryptography Exercise Book, Pages 181-198
- Download PDF (689.6 KB)
Book Chapter
Lattice Reduction in Cryptology: An Update
Phong Q. Nguyen and Jacques Stern
Lecture Notes in Computer Science, 2000, Volume 1838, Algorithmic Number Theory, Pages 85-112
- Download PDF (354.7 KB)
Book Chapter
Side-Channel Attacks on Textbook RSA and ElGamal Encryption
Ulrich Kühn
Lecture Notes in Computer Science, 2002, Volume 2567, Public Key Cryptography — PKC 2003, Pages 324-336
- Download PDF (200.9 KB)
Journal Article
Index Calculation Attacks on RSA Signature and Encryption
Jean-Sébastien Coron, David Naccache, Yvo Desmedt, Andrew Odlyzko and Julien P. Stern
Designs, Codes and Cryptography, 2006, Volume 38, Number 1, Pages 41-53
- Download PDF (124.2 KB)
Book Chapter
A Group-Oriented (t, n) Threshold Signature Scheme Against Replay Attacks
Chin-Chen Chang, Kuo-Lun Chen, Chu-Hsing Lin and Jen-Chieh Chang
Lecture Notes in Computer Science, 2006, Volume 4159, Ubiquitous Intelligence and Computing, Pages 816-825
- Download PDF (205.1 KB)
Book Chapter
Generalized threshold cryptosystems
Chi Sung Laih and Lein Harn
Lecture Notes in Computer Science, 1993, Volume 739, Advances in Cryptology — ASIACRYPT '91, Pages 159-166
- Download PDF (310.0 KB)
Book Chapter
Shared and Searchable Encrypted Data for Untrusted Servers
Changyu Dong, Giovanni Russello and Naranker Dulay
Lecture Notes in Computer Science, 2008, Volume 5094, Data and Applications Security XXII, Pages 127-143
- Download PDF (394.6 KB)

Abstract

We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both El Gamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing messages prior to encryption is an essential part of bothsy stems.

Implementations of ElGamal often use an element g ∈ ℤ*_p of prime order q where q is much smaller than p. When the set of plaintexts is equal to the subgroup generated by g, the Decision Diffie Hellman assumption implies that ElGamal is semantically secure. Unfortunately, implementations of ElGamal often encrypt an m-bit message by viewing it as an m-bit integer and directly encrypting it. The resulting system is not semantically secure - the ciphertext leaks the Legendre symbol of the plaintext.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Why Textbook ElGamal and RSA Encryption Are Insecure Extended Abstract

View Related Documents

Abstract

Fulltext Preview

Why Textbook ElGamal and RSA Encryption Are Insecure
Extended Abstract