Fwd: question on ElGamal implementation

[Weikeng Chen]

---------- Forwarded message ----------
From: Weikeng Chen <w.k at berkeley.edu>
Date: Thu, Sep 21, 2017 at 6:50 PM
Subject: Re: question on ElGamal implementation
To: NIIBE Yutaka <gniibe at fsij.org>


You are right. If it is for hybrid encryption, the actual message is
confidential, the message in ElGamal encryption is just a key, then
semantic security is not that crucial -- the security can be proved by
the semantic security of the symmetric part.

It seems that only when people use ElGamal for homomorphic encryption
(computing on encrypted data), where actual data stay in the message
space, then a strong security is demanded.

-- 

Weikeng Chen @ 795 Soda Hall