DH/DSS vs ElGame/DSS?

David Shaw dshaw at jabberwocky.com
Fri Apr 24 15:04:58 CEST 2009

On Apr 24, 2009, at 7:50 AM, Robert J. Hansen wrote:

> allen.schultz at gmail.com wrote:
>> What is the difference between DH/DSS and ElGamel/DSS? I was  
>> reading up
>> on S/MIME v3 and PGP/MIME differences when that came up.
> I don't know how it's used in the S/MIME standard.  However, the  
> Elgamal
> encryption algorithm is often misnamed the Diffie-Hellman encryption
> algorithm.
> The DH key exchange algorithm (DHKEA) came first, way back in the  
> '70s.
> Then an Egyptian-American named Taher Elgamal did some groundbreaking
> work in generalizing DHKEA, discovering the mathematical roots of  
> why it
> worked as well as it does, and in the process developed a whole family
> of algorithms.  This family is often called the "Elgamal family."  He
> also developed the Elgamal encryption and signing algorithms.
> It is my understanding that the correct name for what OpenPGP uses is
> the Elgamal encryption algorithm.  I don't know why PGP Corporation
> calls it Diffie-Hellman encryption; it seems to be an idiosyncratic  
> usage.

It's historical.  Back in the late 1990s, the PGP developers were  
offered a free patent license if they called it Diffie-Hellman.  Now  
that the patent has expired, though, it's a little hard to change  
their product without confusing a bunch of customers who would see  
their "Diffie-Hellman" keys suddenly become "Elgamal" keys.


More information about the Gnupg-users mailing list