/attack-on-pycrypto-elgamal forked from weikengchen/attack-on-pycryptodome-elgamal

Attack on the ElGamal Implementation of PyCrypto
  1. Python 100.0%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Pull request Compare This branch is 13 commits ahead of weikengchen:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.travis.yml
README.md
attack-pycrypto.py

README.md

Attack on the ElGamal implementation in PyCrypto

UPDATE: PyCrypto's implementation does not only allow chosen-plaintext attacks, but also ciphertext-only attacks. In some sense, this is what our source code already does anyways. More precisely, the attacker computes the Legendre symbol of the ciphertext and correlates with the Legendre symbols of the public key and Elgamal's random coin ($g^r$).

Here is the original README:

Chosen-plaintext attack on the ElGamal implementation in PyCrypto

All versions of PyCrypto generate weak key parameters. Specifically, Elgamal encryption takes places over Z*_p where the DDH does not hold. By computing the Legendre symbol, the attacker breaks IND-CPA.

Authors: Weikeng Chen and Erik-Oliver Blass

Related post

https://github.com/dlitz/pycrypto/issues/253

Test result on Travis

Build Status Please check the following link for a third-party running trace: https://travis-ci.org/TElgamal/attack-on-pycrypto-elgamal