[Cryptography] Elgamal Variant

Nathaniel McCallum npmccallum at redhat.com
Tue Sep 8 09:15:10 EDT 2015

Hi everyone!

I'd like some review on a small variant of Elgamal (attached).
Encryption should just be standard Elgamal (no modifications). During
the decryption step, the only modification to Elgamal is using an
ephemeral key (X) to provide PFS (even from the server).

On a practical level, should a and b be accompanied by ZKPs? Besides
confirming group membership of all transferred items (and possibly
validating ZKPs), what other defensive checks should I perform?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: deo.png
Type: image/png
Size: 56063 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150908/16060fb8/attachment.png>

More information about the cryptography mailing list