Forgery attack on the ElGamal signature algorithm Prove that

Forgery attack on the ElGamal signature algorithm: Prove that if we are given prime p such that p -1 = qw, with w smooth and a primitive root g = cq, 0 < c < w such that t satisfying g^t = a mod p can be found, then we can compute a valid ElGamel signature (m, r, s) for a given message m. Hint: Find a subgroup H of the multiplicative group of non zero integers mod p such that we can find discrete logs in H by using Pohlig-Hellman

ElGamal encryption can be defined over any cyclic group G Its security depends upon the difficulty of a certain problem in G related to computing discrete logarithms

an efficient description of a cyclic group G of order q with generator g. .

a private root is g=cp.

x randomly form {1,q,--p-1}

root g=cp here c,p are parameters

and g=a mod p

C=c1,c2,c3-----cn

g=c(m,r,s) these are parameters

c2=m\' c2=r\'

Forgery attack on the ElGamal signature algorithm: Prove that if we are given prime p such that p -1 = qw, with w smooth and a primitive root g = cq, 0 < c &

Forgery attack on the ElGamal signature algorithm Prove that

Solution

Get Help Now

Submit a Take Down Notice