preprocessing plaintext before using elgamal?

sen_ml at sen_ml at
Wed Dec 13 10:25:37 CET 2000

at the most recent asiacrypt conference, the following paper was

  "Why Textbook ElGamal and RSA Encryption are Insecure"
  D. Boneh, A. Joux, and P. Nguyen

the abstract for this paper is:

  We present an attack on plain ElGamal and plain RSA encryption. The 
  attack shows that without proper preprocessing of the plaintexts, both 
  ElGamal and RSA encryption are fundamentally insecure. Namely, when one 
  uses these systems to encrypt a (short) secret key of a symmetric cipher 
  it is often possible to recover the secret key from the ciphertext. Our 
  results demonstrate that preprocessing messages prior to encryption is 
  an essential part of both systems.  

so, to ask the obvious question...does gnupg do appropriate preprocessing
on plaintext when using either of these pk algorithms?

the paper is available via:

More information about the Gnupg-devel mailing list