Search for a generator for Elgamal

Question

Search for a generator for Elgamal

How are generators for the elgamal signature scheme found? Are there values that are used by most programs that are good generators? or is there a way to find a generator for the primary value? if so, how? Is it possible to say that a prime number has at least 1 generator?

+3

math security digital-signature encryption-asymmetric

calccrypto Dec 22 '10 at 6:05

source share

3 answers

abc · Answer 1 · 2010-12-22T14:20:21+0000

Use DSA instead of ElGamal signature scheme.

Too many errors that can be implemented with the implementation of ElGamal. One of these errors is what GregS suggested: use IKE options. These parameters were generated for ElGamal encryption, and not for the signature scheme. These two schemes have clear requirements. In particular, using g = 2 as a generator is a good choice for encryption, but a very poor choice for a signature scheme. (See, for example, "Applied Cryptography Handbook" http://www.cacr.math.uwaterloo.ca/hac/ note 11.67 in chapter 11 for some details). It would be right to choose a generator randomly. But again, if you just use DSA, you can simply avoid these errors by following the standard.

: OpenPGP http://tools.ietf.org/html/rfc4880, ElGamal, . , DSA : , . , PGP, , , .

SquareRootOfTwentyThree · Answer 2 · 2012-04-19T07:00:37+0000

? , , ? ? , ?

, 4.86 . , , , Elgamal. , p-1 (, 2) , p-1. , , . , .

, . , , , , , .

, 1 ?

: p ( p - ). : phi (phi (p)), phi totient. Elgamal.

James k polk · Answer 3 · 2010-12-22T12:14:53+0000

El Gamal , . , IKE 1 2 RFC 2409 IKE, RFC. FIPS 186 DSA. , . .

EDIT:
As @abc noted, this is not true for el gamal signatures. Follow the DSA link (FIPS 186).

Search for a generator for Elgamal

More articles: