Why Textbook ElGamal and RSA Encryption Are Insecure

Extended Abstract
  • Dan Boneh
  • Antoine Joux
  • Phong Q. Nguyen
Conference paper

DOI: 10.1007/3-540-44448-3_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 1976)
Cite this paper as:
Boneh D., Joux A., Nguyen P.Q. (2000) Why Textbook ElGamal and RSA Encryption Are Insecure. In: Okamoto T. (eds) Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture Notes in Computer Science, vol 1976. Springer, Berlin, Heidelberg


We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both El Gamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing messages prior to encryption is an essential part of bothsy stems.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Dan Boneh
    • 1
  • Antoine Joux
    • 2
  • Phong Q. Nguyen
    • 3
  1. 1.Computer Science DepartmentStanford UniversityStanfordUSA
  2. 2.DCSSIIssy-les-Moulineaux CedexFrance
  3. 3.Département d’InformatiqueÉcole Normale SupérieureParisFrance

Personalised recommendations