In [5]:
import sys
from sympy import primitive_root as pr

def primitive_root(p: int) -> int:
    g = pr(p)
    if g == None:
        sys.exit(f"no primitive_root found for prim {p}")
    return g

### ElGamal Encryption and Decryption

ElGamal is a public-key cryptosystem based on modular arithmetic and the **Discrete Logarithm Problem (DLP)**. It enables secure encryption of messages.


#### **1. Key Parameters**
- **Prime (`p`)**: A large prime defining the group \( $\mathbb{Z}_p^*$ \).
- **Generator (`g`)**: A primitive root modulo \( $p$ \).
- **Private Key (`x`)**: A random secret integer \( $1 \leq x \leq p-2$ \).
- **Public Key (`h`)**: Computed as \( $h = g^x \mod p$ \), shared publicly.


#### **2. Encryption Process**
1. Choose a random ephemeral key \( $y$ \), where \( $1 \leq y \leq p-2$ \).
2. Compute the ciphertext as two parts:
   - \( $c_1 = g^y \mod p$ \)
   - \( $c_2 = (h^y \cdot m) \mod p$ \)
3. Send the ciphertext \( $(c_1, c_2)$ \).


#### **3. Decryption Process**
1. Using the private key \( $x$ \), compute \( $c_1^x \mod p$ \).
2. Find the modular inverse \( $(c_1^x)^{-1}$ \).
3. Recover the plaintext message \( $m$ \) using:
   \[
   m = (c_2 \cdot (c_1^x)^{-1}) \mod p
   \]


#### **4. Key Points**
- \( $m$ \) (the message) must be in \( $[1, p-1]$ \).
- A fresh \( $y$ \) ensures semantic security, meaning the same \( $m$ \) encrypted twice produces different results.
- Security relies on the infeasibility of solving the Discrete Logarithm Problem (DLP).


#### **5. Use Cases**
ElGamal is used in:
- Secure communication protocols.
- Cryptographic signing systems like PGP.

In [12]:
from sympy import prime
import secrets

p: int = prime(1000) # type: ignore # A large prime
g = primitive_root(p)               # Generator
y = secrets.randbelow(p - 1) + 1    # Ephemeral key
x = secrets.randbelow(p - 1) + 1    # Private key
m = 34

assert 1 <= m < p, "Message must be in the range [1, p-1]"


h = pow(g, x, p) # Public Key

c1 = pow(g, y, p)
c2 = pow(h, y, p) * m % p

print(f"Encrypted Message: (c1={c1}, c2={c2})")

Encrypted Message: (c1=7399, c2=4130)


In [13]:
# Decryption
c1_inverse = pow(c1, p-1-x, p)  # Modular inverse of c1^x
decrypted_message = c2 * c1_inverse % p
print(f"Decrypted Message: {decrypted_message}")

Decrypted Message: 34
