|
The ElGamal Signature scheme is a digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher ElGamal in 1984. The ElGamal signature algorithm described in this article is rarely used in practice. Much more popular is a variant known as the Digital Signature Algorithm. The ElGamal signature scheme must not be confused with the ElGamal encryption which was also invented by Taher ElGamal. Digital signature (or public key digital signature) is a type of method for authenticating digital information analogous to ordinary physical signatures on paper, but implemented using techniques from the field of public key cryptography. ...
In abstract algebra and its applications, the discrete logarithms are defined in group theory in analogy to ordinary logarithms. ...
Dr. Taher Elgamal (Arabic: طاهر الجمل) (born 18 August 1955) is an Egyptian-American cryptographer. ...
1984 is a leap year starting on Sunday of the Gregorian calendar. ...
The Digital Signature Algorithm (DSA) is a United States Federal Government standard for digital signatures. ...
The Elgamal algorithm is an asymmetric key encryption algorithm for public key cryptography which is based on Diffie-Hellman key agreement. ...
Dr. Taher Elgamal (Arabic: طاهر الجمل) (born 18 August 1955) is an Egyptian-American cryptographer. ...
The ElGamal signature scheme allows that a verifier can confirm the authenticity of a message m sent by the signer sent to him over an insecure channel.
System parameters
- Let H be a collision-resistant hash function.
- Let p be a large prime such that computing discrete logarithms modulo p is difficult.
- Let g be a randomly chosen generator of the multiplicative group .
These system parameters may be shared between users. In computer science, a hash collision is a situation that occurs when two distinct inputs into a hash function produce identical outputs. ...
A hash function is a function that converts an input from a (typically) large domain into an output in a (typically) smaller range (the hash value, often a subset of the integers). ...
Key generation - Choose randomly a secret key x with 1 < x < p − 1.
- Compute y = gx(mod p).
- The public key is (p,g,y).
- The secret key is x.
These steps are performed once by the signer.
Signature generation To sign a message m the signer performs the following steps. - Choose a random k such that 0 < k < p − 1 and gcd(k,p − 1) = 1.
- Compute .
- Compute .
- If s = 0 start over again.
Then the pair (r,s) is the digital signature of m. The signer repeats these steps for every signature.
Verification A signature (r,s) of a message m is verified as follows. - 0 < r < p and 0 < s < p − 1.
The verifier accepts a signature if all conditions are satisfied and rejects it otherwise.
Correctness The algorithm is correct in the sense that a signature generated with the signing algorithm will always be accepted by the verifier.
The signature generation implies
Hence Fermat's little theorem implies Fermats little theorem (not to be confused with Fermats last theorem) states that if p is a prime number, then for any integer a, This means that if you take some number a, multiply it by itself p times and subtract a, the result is divisible by p...
Security A third party can forge signatures either by finding the signer's secret key x or by finding collisions in the hash function . Both problems are believed to be difficult.
The signer must be careful to choose a different k uniformly at random for each signature and make sure that k or even partial information about k is not leaked. Otherwise a third party may be able to deduce the secret key x with less difficulty. In particular, if two messages are sent using the same value of k then a third party can compute x.
See also | 
Feeds |
Contact