Quiz Entry - updated: 2026.07.14
True or false: "EC encryption — analogous to RSA — is deterministic."
False — EC encryption (ElGamal/VM98) is automatically probabilistic because each encryption uses a fresh random ephemeral exponent $i$. This is a key advantage over schoolbook RSA.
Why EC encryption is probabilistic:
- Each encryption generates a random $i$
- The ephemeral key $K_E = i \cdot P$ and masking key $K_M = i \cdot Q$ change every time
- The same plaintext encrypted twice produces different ciphertexts
- No two encryptions are alike, even for the same message and same public key
Contrast with RSA:
- Schoolbook RSA: $c = m^e \mod N$ — same message → same ciphertext (deterministic)
- RSA needs OAEP padding to become probabilistic
- EC ElGamal is probabilistic by construction — no padding needed
Implications:
- No codebook attacks possible against EC encryption
- No table lookup attacks
- No statistical pattern leakage
- This is one reason EC encryption is considered more elegant than RSA
Important nuance: If the same $i$ is reused (like the Sony PS3 bug for ECDSA), the encryption becomes effectively deterministic and the secret key can be recovered. Fresh randomness for every operation is critical.
Go deeper:
Probabilistic encryption — Wikipedia — why randomised encryption makes the same plaintext yield different ciphertexts.
ElGamal encryption — Wikipedia — probabilistic by construction via a fresh ephemeral value.