Security Analysis of ElGamal Implementations

Mohamad El Laz, Benjamin Grégoire, Tamara Rezk


The ElGamal encryption scheme is not only the most extensively used alternative to RSA, but is also almost exclusively used in voting systems as an effective homomorphic encryption scheme. Being easily adaptable to a wide range of cryptographic groups, the ElGamal encryption scheme enjoys homomorphic properties while remaining semantically secure. This is subject to the upholding of the Decisional Diffie-Hellman (DDH) assumption on the chosen group. We analyze 26 libraries that implement the ElGamal encryption scheme and discover that 20 of them are semantically insecure as they do not respect the Decisional Diffie-Hellman (DDH) assumption. From the five libraries that do satisfy the DDH assumption, we identify and compare four different message encoding and decoding techniques.


Paper Citation