Crate elgamal

source ·
Expand description

§Elgamal Public Key Encryption

This document represents an executable specification of the Elgamal Public Key Encryption scheme.

At the basis of the encryption scheme is a prime order group $\mathbb{G}$ with the same interface as defined in [draft-oprf].

Enums§

  • Any of the given algorithms may fail if the given arguments result in invalid group operations.

Functions§

  • Elgamal ciphertexts under the same encryption key enjoy an additive homomorphism, i.e. if c1 = Enc(ek, m1) and c2 = Enc(pk, m2), then we can define an addition operation + such that Dec(dk, c1 + c2) = m1 + m2.
  • To decrypt an Elgamal ciphertext, the holder of the decryption key can multiply the auxillary component of the ciphertext by the decryption key, thus reproducing the blinding element that was calculated during encryption. Adding the negation of this blinding to the blinded message component of the ciphertext recovers the encrypted message.
  • To encrypt a message (a group element) under encryption key ek, the encryption key randomized by scalar muliplication with randomizer. The result is used as a blinding element by adding it to the message using the group operation. To allow for decryption, the ciphertext also includes as an auxillary component the result of scalar multiplication of the generator by the randomizer that was used in the blinding.
  • To generate a pair of encryption and decryption keys, first the decryption key is drawn uniformly at random from the set of scalars. Then the corresponding encryption key is generated by scalar multiplication of the group generator with the decryption key.
  • Given the correct public encryption key, it is possible to rerandomize Elgamal ciphertexts without changing the message that is encrypted. To do so, the encryption is multiplied by the fresh randomizer and the result is added to the blinded message component of the ciphertext.
  • Since addition as described above is defined via component-wise application of the group operation, repeated addition of a ciphertext with itself can be expressed via componentwise scalar multiplication of the ciphertext.

Type Aliases§

  • An Elgamal encryption of a message M under public key PK is a pair of group elements (c0, c1) where
  • An Elgamal private decryption key is a scalar $dk$ of base group $\mathcal{G}$.
  • An Elgamal encryption key is a group element in $`\mathcal{G}$.
  • An Elgamal plaintext is a member of the base group.