Abstract
We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both El Gamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing messages prior to encryption is an essential part of bothsy stems.
Implementations of ElGamal often use an element g ∈ ℤ*p of prime order q where q is much smaller than p. When the set of plaintexts is equal to the subgroup generated by g, the Decision Diffie Hellman assumption implies that ElGamal is semantically secure. Unfortunately, implementations of ElGamal often encrypt an m-bit message by viewing it as an m-bit integer and directly encrypting it. The resulting system is not semantically secure - the ciphertext leaks the Legendre symbol of the plaintext.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abdalla, M. Bellare, P. Rogoway, “DHAES: An encryption scheme based on the Diffie-Hellman problem”, manuscript, 1998.
R. J. Anderson, S. Vaudenay, “Minding your p’s and q’s”, Proc of Asiacrypt’ 96, LNCS 1163, Springer-Verlag, pp. 26–35, 1996.
C. Batut, K. Belabas, D. Bernardi, H. Cohen, M. Olivier, “Pari/GP computer package version 2”, available at http://hasse.mathematik.tu-muenchen.de/ntsw/pari/Welcome .
M. Bellare, P. Rogaway, “Optimal asymmetric encryption-how to encrypt using RSA”, Proc. Eurocrypt’ 94, LNCS 950, Springer-Verlag, 1995.
D. Boneh, “The Decision Diffie-Hellman Problem”, Proc. ANTS-III, LNCS 1423, Springer-Verlag, 1998.
D. Boneh, “Twenty Years of Attacks on the RSA cryptosystem”, Notices of the AMS, 46(2):203–213, 1999.
J.-S. Coron, D. Naccache, J. P. Stern, “On the Security of RSA Padding”, Proc. of Crypto’ 99, LNCS 1666, Springer-Verlag, pp. 1–18, 1999.
J.-S. Coron, M. Joye, D. Naccache, P. Paillier, “New Attacks on PKCS#1 v1.5 Encryption”, Proc. of Eurocrypt’ 2000, LNCS 1807, Springer-Verlag, pp. 369–381, 2000.
T. ElGamal, “A public key cryptosystem and a signature scheme based on the discrete logarithm”, IEEE Trans. on Information Theory, 31(4):469–472, 1985.
E. Fujisaki, T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes”, Proc. of Crypto’ 99, LNCS 1666, Springer-Verlag, pp. 537–554, 1999.
R. R. Hall, G. Tenenbaum, “Divisors”, Cambridge University Press, 1988.
A. Menezes, P. v. Oorschot, S. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1997.
T. Okamoto and D. Pointcheval, “PSEC-3: Provably Secure Elliptic Curve Encryption Scheme”, Submission to IEEE P1363a, 2000.
P. v Oorschot, M. J. Wiener, “On Diffie-Hellman Key Agreement With Short Exponents”, Proc. Eurocrypt’ 96, LNCS 1070, Springer-Verlag, 1996.
PKCS1, “Public Key Cryptography Standard No. 1 Version 2.0”, RSA Labs.
D. Pointcheval, “Chosen-Ciphertext Security for any One-Way Cryptosystem”, Proc. PKC’ 2000, LNCS 1751, Springer-Verlag, 2000.
R. L. Rivest., A. Shamir, L. M. Adleman “ A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21(2):120–126, 1978.
R. Schroeppel, A. Shamir, “A T = O(2n/2), S = O(2n/4) algorithm for certain NP-complete problems”, SIAM J. Comput., 10(3):456–464, 1981.
V. Shoup, “Number Theory C++ Library (NTL) version 3.7”, available at http://www.shoup.net/ .
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boneh, D., Joux, A., Nguyen, P.Q. (2000). Why Textbook ElGamal and RSA Encryption Are Insecure. In: Okamoto, T. (eds) Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture Notes in Computer Science, vol 1976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44448-3_3
Download citation
DOI: https://doi.org/10.1007/3-540-44448-3_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41404-9
Online ISBN: 978-3-540-44448-0
eBook Packages: Springer Book Archive