preprocessing plaintext before using elgamal?
sen_ml at eccosys.com
sen_ml at eccosys.com
Wed Dec 13 10:25:37 CET 2000
at the most recent asiacrypt conference, the following paper was
presented:
"Why Textbook ElGamal and RSA Encryption are Insecure"
D. Boneh, A. Joux, and P. Nguyen
the abstract for this paper is:
We present an attack on plain ElGamal and plain RSA encryption. The
attack shows that without proper preprocessing of the plaintexts, both
ElGamal and RSA encryption are fundamentally insecure. Namely, when one
uses these systems to encrypt a (short) secret key of a symmetric cipher
it is often possible to recover the secret key from the ciphertext. Our
results demonstrate that preprocessing messages prior to encryption is
an essential part of both systems.
so, to ask the obvious question...does gnupg do appropriate preprocessing
on plaintext when using either of these pk algorithms?
the paper is available via:
http://crypto.stanford.edu/~dabo/abstracts/ElGamalattack.html
More information about the Gnupg-devel
mailing list