'Re: [dev-crypto] broplem with homomorphic addition'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] broplem with homomorphic addition
From:       Karsten Ohme <widerstand () t-online ! de>
Date:       2007-05-14 20:28:33
Message-ID: 4648C671.7080804 () t-online ! de
[Download RAW message or body]

poli schrieb:
> Hi!
> 
> I encrypt the messages m1 and m2 using the ElGamal algorithm. Let p  be the
> prime of the encryption process. I multiply, then, the encrypted messages:
> E(m1)*E(m2). Then, i decrypt the previous product. The decryption is right,
> if m1*m2<p. If m1*m2 exceeds p, the decryption is wrong.

Look at the encryption scheme somewhere, e.g. Wikipedia.

Any message must not exceed p-1. It is a finite cyclic group. Everything
is computed mod p. The last step of the decryption looks like:

m*g^(xy) / g^(xy) = m

So, if the product of m1*m2 is greater you have left the cyclic group.

See also the discrete logarithm problem.

Regards,
Karsten
> 
> Why?
> 
> Thanks in advance!


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic