[SUGGESTION NEEDED] A request for suggestion on furthering the discussion over ElGamal

NIIBE Yutaka gniibe at fsij.org
Wed Oct 18 06:35:08 CEST 2017


This message is to gcrypt-devel, Cc-ed to Weikeng Chen and Werner Koch.

Weikeng Chen <w.k at berkeley.edu> wrote:
> Actually, my teacher Alessandro (an assistant professor of
> cryptography and theory) and I (a Ph.D. student on applied
> cryptography) have a brief discussion after the class.

I think that... possibly, you and your teacher are so young, well, it
means that I am too old.  If you find some difficulty to communicate to
one of maintainers of crypto implementation with long history, I think
that it's normal.  Don't worry.

Well, I tried to answer your questions, but it seemed it didn't work and
it won't work, perhaps.  From this world, what I see is: you keep using
your language and keep insisting your points.  That's good of youth.

As a Zen Buddhist, I would say:

    When you ask, ask yourself how and where your questions come

ElGamal is here in GnuPG, due to the patent of RSA, in the last century.
GnuPG Project started in Europe.  I remember Debian had non-US part [0].

Admitting some sort of dis-communication, or different terms and
languages, I should write my own explanation.  Here we go.

I wrote:
> Actually, I think that "ElGamal crypto system" can refer different
> crypto systems.

In the original paper of Taher Elgamal, "THE PUBLIC KEY SYSTEM" is
explaind as a crypto system in Multiplicative Group of Integers modulo p
$Z_p^*$, where p is large prime.

In the OpenPGP standard [1], we have ElGamal encryption.  In this
context, "ElGamal Crypto system" specifically refers to the ElGamal
Crypto system in Multiplicative Group of Integers modulo p $Z_p^*$.
(For your reference, the input message into the ElGamal encryption is a
session key for symmetric cipher, and it is encoded by PKCS#1 v1.5.)

In the OpenPGP standard, it refers the Handbook of Applied Cryptography
by Alfred Menezes, Paul van Oorschot, and Scott Vanstone [2].  In that
book, probably it's too old for you, we can find a subsubsection 8.4.1
"Basic ElGamal encryption", and it describes encryption and decryption
(in Multiplicative Group of Integers modulo p $Z_p^*$).

The routines for ElGamal in libgcrypt, specifically implements the one
in Multiplicative Group of Integers modulo p $Z_p^*$.

GnuPG implements OpenPGP by using libgcrypt.  You can find a concrete
example how the routines of libgcrypt is used to implement the crypto
protocol of OpenPGP.

			*	*	*

Having written that...

I don't know if it's worth or not, but it make sense to modify/enhance
libgcrypt so that it can support ElGamal crypto system on Schnorr group.
When it will be done, it can be used for other crypto protocol(s).

If someone misunderstands as if current version of libgcrypt's ElGamal
were on Schnorr group, I'm afraid it would be due to some historical
revisionism or something.

[0] https://wiki.debian.org/non-US
[1] https://tools.ietf.org/html/rfc4880
[2] http://cacr.uwaterloo.ca/hac/

More information about the Gcrypt-devel mailing list