Re: El Gamal strength by modulus length

Lewis McCarthy (lmccarth@cs.umass.edu)
Sat, 21 Feb 1998 02:40:05 -0500

• Next message: vcarlos35@juno.com: "Re: El Gamal strength by modulus length"
• Previous message: Bill Stewart: "Re: Encrypting Files Overseas"
• In reply to: Rich Helton: "Encrypting Files Overseas"
• Next in thread: vcarlos35@juno.com: "Re: El Gamal strength by modulus length"

Steve Salkin <salkin@pop.mindspring.com> writes:
> Can anyone give me a pointer to some information about the strengths
> of El Gamal versus other popular public key cryptosystems for a
> given modulus length?

ElGamal public keys are essentially the same as Diffie-Hellman public
keys. Thus the security requirements for, e.g., DH moduli apply also
to ElGamal moduli. The strength of the ElGamal schemes versus a direct
key recovery attack depends (at a minimum) upon the difficulty of
computing discrete logarithms in the group used.

For concrete discussion of strengths of moduli you might want to refer
to the specification of "The OAKLEY Key Determination Protocol",
<ftp://ds.internic.net/internet-drafts/draft-ietf-ipsec-oakley-02.txt>,
in particular Section 2.8 and Appendices A, D, and E.

-- 
Lewis    http://www.cs.umass.edu/~lmccarth/    "In our opinion
provable security is nothing more than a phantom, similar to
the perpetuum mobile in thermodynamics."  -- Joan Daemen, 1995

• Next message: vcarlos35@juno.com: "Re: El Gamal strength by modulus length"
• Previous message: Bill Stewart: "Re: Encrypting Files Overseas"
• In reply to: Rich Helton: "Encrypting Files Overseas"
• Next in thread: vcarlos35@juno.com: "Re: El Gamal strength by modulus length"