Personal tools
elgamal-using-dss.txt
From msuinfo!agate!howland.reston.ans.net!zaphod.mps.ohio-state.edu!ub!news.kei.com!ddsw1!chinet!schneier Thu May 6 22:59:50 1993
Newsgroups: sci.crypt
Path: msuinfo!agate!howland.reston.ans.net!zaphod.mps.ohio-state.edu!ub!news.kei.com!ddsw1!chinet!schneier
From: schneier@chinet.chinet.com (Bruce Schneier)
Subject: ElGamal Encryption using the Digital Signature Algorithm
Message-ID: <C6L9w6.6yC@chinet.chinet.com>
Organization: Chinet - Public Access UNIX
Date: Thu, 6 May 1993 05:00:05 GMT
Lines: 37
Here's how to do ElGamal encryption with DSA. This procedure assumes the
existence of a DSA function call:
DSAsign (p,q,g,k,x,h,r,s)
You supply the parameters p, q, g, j, x, and h, and the function returns
the signature parameters, r and s.
To do ElGamal encryption of a message m with public key y, choose a random
number k and call:
DSAsign (p,p,g,k,0,0,r,s)
The value of r returned is a in the ElGamal scheme. Throw s away. Then call:
DSAsign (p,p,y,k,0,0,r,s)
Rename the value of r to be u; throw s away. Finally, call:
DSAsign (p,p,m,1,u,0,r,s)
Throw r away. The value of s returned is b in the ElGamel scheme. Yoy now
have the ciphertext, a and b.
Decryption only takes two function calls. First, call:
DSAsign (p,p,a,x,0,0,r,s)
Rename r as e. Throw s away. Then call:
DSAsign (p,p,1,e,b,0,r,s)
Throw r away. The value of s returned is the plaintext, m.
This won't work if the function has size restrictions on some of the variables,
but it will work for a general implementation of the function.
Created before October 2004