ElGamal signature scheme

The ElGamal signature scheme is a digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher Elgamal in 1985.

The ElGamal signature algorithm is rarely used in practice. A variant developed at the NSA and known as the Digital Signature Algorithm is much more widely used. There are several other variants. The ElGamal signature scheme must not be confused with ElGamal encryption which was also invented by Taher Elgamal.

Overview

The ElGamal signature scheme is a digital signature scheme based on the algebraic properties of modular exponentiation, together with the discrete logarithm problem. The algorithm uses a key pair consisting of a public key and a private key. The private key is used to generate a digital signature for a message, and such a signature can be verified by using the signer's corresponding public key. The digital signature provides message authentication (the receiver can verify the origin of the message), integrity (the receiver can verify that the message has not been modified since it was signed) and non-repudiation (the sender cannot falsely claim that they have not signed the message).

History

The ElGamal signature scheme was described by Taher Elgamal in 1985.

The one-parameter forgery. Select an <math>e</math> such that <math>1 < e < p-1</math>. Set <math>r := g^e y \bmod{p}</math> and <math>s := -r \bmod{(p-1)}</math>. Then the tuple <math>(r,s)</math> is a valid signature for the message <math>m = es \bmod{(p-1)}</math>.
The two-parameters forgery. Select <math>1 < e,v < p-1</math>, and <math>\gcd (v,p-1)=1</math>. Set <math>r := g^e y^v \bmod{p}</math> and <math>s := -rv^{-1} \bmod{(p-1)}</math>. Then the tuple <math>(r,s)</math> is a valid signature for the message <math>m = es \bmod{(p-1)}</math>. The one-parameter forgery is a special case of the two-parameter forgery, when <math>v = 1</math>.

ElGamal signature scheme

Overview

History

See also

References