elgamal icon indicating copy to clipboard operation
elgamal copied to clipboard

Published 20 hours ago verified publisher icon RyanRiddle

make message $M$ also an element in q-order subgroup

Open weikengchen opened this issue 7 years ago • 2 comments

Hi @RyanRiddle

This is the final solution I found to secure the message space.

By squaring the message $M->M^2$, it becomes an element in q-order subgroup. Interestingly, by powering $(q+1)//2$, we can get the unique square root. So decoding is easy.

This makes this library semantic secure.

Disadvantage: no compatible with old ciphertexts.

weikengchen avatar Sep 27 '17 21:09 weikengchen

Hi @weikengchen

Thanks for the PR!

Can you explain in more detail why this works?

Thanks!

RyanRiddle avatar Oct 05 '17 03:10 RyanRiddle

I am going to write a blog about this -- recently.

Thanks for patience!

weikengchen avatar Oct 05 '17 04:10 weikengchen