LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the security weaknesses of the ElGamal Encryption Protocol (EEP)?

ElGamal provides no integrity, is vulnerable to insertion attacks, has a homomorphic property, is not safe against MitM, and has a known-plaintext attack.

The five weaknesses of ElGamal encryption, all rooted in confidentiality-only design

* Every weakness follows from ElGamal protecting confidentiality only. *

The thread tying these together is that ElGamal was built for confidentiality only: it hides a message but makes no promise that the message arrived unmodified, came from who it claims, or was sent only once. Every weakness below is a consequence of that single gap.

The five weaknesses:

Fact Issue
No integrity Attacker can modify ciphertext without detection
Insertion vulnerable Attacker can send fabricated ciphertexts to Bob
Homomorphic Multiplying ciphertexts multiplies plaintexts — attacker can scale messages without knowing them
MitM vulnerable Same as DH — no authentication built in
Known-plaintext attack If attacker knows one plaintext-ciphertext pair with the same ephemeral key, they can decrypt other messages

Critical rule: Alice must use a fresh random $i$ for every message! Reusing $i$ allows trivial key recovery.

Advantage over RSA: ElGamal is inherently probabilistic — the same plaintext produces different ciphertexts each time (because $i$ is random). RSA needs OAEP padding to achieve this.

Go deeper:

From Quiz: KRYPTOG / Diffie-Hellman and ElGamal | Updated: Jul 14, 2026