LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

What is ElGamal encryption, and how does it use Diffie-Hellman?

ElGamal turns the DH key exchange into a full asymmetric encryption scheme. The receiver's static DH public key acts as their long-term public key; each ciphertext encrypts a one-shot DH exchange.

Setup (receiver Alice):

p = large prime; g = generator
a = Alice's private key (random in [1, p−1])
A = g^a mod p          ← Alice's public key

Encryption (sender Bob, message m):

b = random in [1, p−1]            ← fresh per message
B = g^b mod p                      ← ephemeral public value
shared_key = A^b mod p             ← Bob's view of DH shared secret
c = m · shared_key mod p           ← simple group operation
send (B, c) to Alice

Decryption (Alice):

shared_key = B^a mod p             ← Alice's view of DH shared secret = g^(ab)
m = c · shared_key⁻¹ mod p         ← multiply by the inverse

Alice and Bob computed the same g^(ab) mod p, so encryption and decryption cancel.

Properties:

  • Probabilistic — the random b makes the same plaintext encrypt to different ciphertexts every time (unlike textbook RSA).
  • Ciphertext is twice the size of the plaintext (you send both B and c).
  • The signature variant ElGamal Signature is the basis of DSA.

Where it's used:

  • PGP / GnuPG historically used ElGamal for encryption (alongside DSA for signatures) before EC support became standard.
  • The pattern (sender does a fresh DH with receiver's static key) inspired modern integrated encryption schemes (IES, ECIES) — those replace the raw A^b · m with proper symmetric encryption keyed by a KDF on g^(ab).

Tip: ElGamal as-such is rarely used today (the size overhead and proper hybrid integration matter), but understanding it helps see why "DH → ElGamal → ECIES" is one continuous design line.

From Quiz: ISF / Asymmetric Cryptography | Updated: May 31, 2026