The El Gamal public-key encryption arrangement can be beheld as Diffie-Hellman key acceding in key alteration mode. Its aegis is based on the intractability of the detached logarithm botheration and the Diffie-Hellman problem.

The aboriginal arrangement to accomplish use of public-key or agee cryptographic keys was the Diffie-Hellman algorithm (by Whitfield Diffie and Martin Hellman, 1976). These systems affected the difficulties of private-key or symmetric key systems because agee key administration is abundant easier. In the symmetric key arrangement it’s important for both abandon of the advice to accept identical keys; the defended barter of the keys has consistently been a huge concern. This affair is alleviated application agee key systems because they use two keys – one alleged the clandestine key that secretly belongs to the user and addition alleged the accessible key that can be aggregate with the apple and appropriately is broadcast after difficulty. Regrettably, the pros of agee key systems are overshadowed by acceleration – they are actual apathetic for any blazon of aggregate encryption. Presently, the archetypal convenance is to use a symmetric arrangement to encrypt the abstracts and again encrypt the symmetric keys acclimated for administration with an agee system. And this is what Diffie-Hellman key barter does.

Playing the bold of poker after any cards over a telecommunications accessory (phone or added realistically internet) is accepted as Mental Poker. The bold usually doesn’t accommodate a trusted third affair banker or a antecedent of randomness and as such it seems that addition (the dealer) will consistently apperceive what cards accept been accustomed out or alternatively, that players will be able to lie about the cards they have.

The aboriginal austere advance at the botheration was by Adi Shamir, Ronald Rivest and Leonard Adleman in 1979 in [SRA]. It’s this scheme, which relies on capricious encryption. The authors aboriginal proved, in an advice academic sense, that the botheration is baffling and again went on to action a solution. Their agreement formed for two players and didn’t crave a trusted third party. However, it did not action acquaintance of strategy, acute the players to acknowledge their calmly at the end of anniversary game.

We accept two players and fifty-two cards. Five cards are dealt again one annular of action again all cards shown. Players accept break hands, any amateur can accept any accessible hand, no amateur can ascertain addition players duke and any bunco has basal effect.

The SRA agreement was apparent to aperture at atomic one bit of information: whether the agenda was a boxlike balance or not. There were suggestions to affected this botheration but there was still no agreement that alternative advice was not leaked.

The agreement relies on a capricious encryption arrangement i.e.:

EA(EB(M)) = EB(EA(M))

Where EX denotes encryption application X’s accessible key. Likewise, we use DX to denote decryption application X’s clandestine key.

- Two players Alice and Bob calm accept a ample prime cardinal n, again Alice chooses her key A s.t. gcd(A,n-1) = 1 and Bob chooses B similarly.
- Encode the 52 cards as integers.
- Encryption EA(M) = MA (mod n)
- Decryption DA(M) = Minv(A) (mod n)
- Bob permutes the cards to x1, x2, …, x52 encrypts them again sends to Alice EB(xi).
- Alice chooses 5 cards for herself, encrypts them and sends to Bob EA(EB(xi)). Additionally chooses 5 cards for Bob and sends them to him (without encrypting) EB(xi).
- Bob can now break his cards to see his duke DB(EB(xi) = xi. He additionally decrypts Alice’s cards again sends them aback to her. Here is area we charge commutativity so DB(EA(EB(xi))) = EA(xi)
- Alice receives her cards and break them seeing her duke DA(EA(xi)) = xi.

The encryption action requires two modular exponentiations, namely ak mod p and (aa)k mod p. These exponentiations can be sped up by selecting accidental exponents k accepting some added structure, for example, accepting low Hamming weights. Care charge be taken that the accessible cardinal of exponents is ample abundant to avert a chase via a baby-step giant-step algorithm.

A check of El Gamal encryption is that there is bulletin amplification by a agency of 2, i.e., the ciphertext is bifold the breadth of the agnate plaintext.

Among abounding alternative encryption schemes, El Gamal encryption utilizes randomization in the encryption process, an archetype of others include: McEliece encryption, and Goldwasser-Micali, and Blum-Goldwasser probabilistic encryption. Deterministic encryption schemes such as RSA may additionally advance randomization in an accomplishment to abstain some attacks. The basal abstraction abaft randomized encryption techniques is to use randomization to access the cryptographic aegis of an encryption action through one or added of the afterward methods:

- increasing the able admeasurement of the plaintext bulletin space;
- precluding or abbreviating the capability of chosen-plaintext attacks by advantage of a one-to-many mapping of plaintext to ciphertext; and
- precluding or abbreviating the capability of statistical attacks by leveling the a priori anticipation administration of inputs.

The botheration of breaking the El Gamal encryption scheme, specifically, convalescent m accustomed p, a, aa, ?, and d, is agnate to analytic the Diffie-Hellman problem. In reality, the ElGamal encryption arrangement can be apparent as alone absolute a Diffie-Hellman key barter to verify a affair key aak, and again encrypting the bulletin by multiplication with that affair key. Hence, the aegis of the El-

Gamal encryption arrangement is said to be based on the detached logarithm botheration in mathbb{Z}_p !,*, although such an adequation hasn’t been verified.

It is basic that altered accidental integers k be acclimated to encrypt altered messages. Accept the aforementioned k is acclimated to encrypt two letters m1 and m2 and the resultant ciphertext pairs are (?1,d1) and (?2,d2). Again d1/ d2 = m1/m2, and m2 could be calmly computed if m1 were known.

Upon accepting the confused and encrypted backpack of cards she can’t acquaint which is which, therefore, she picks randomly, that is, she is clumsy to see Bob’s hand. Back Bob receives Alice’s bifold encrypted duke he would be clumsy to apprehend it alike back he partially decrypts it. But is there advice leaked by the encryption process? Yes! It’s accepted as Boxlike Residues.

An accumulation a, not divisible by an odd prime p, is a boxlike balance modulo p if there is a b in {1, 2,…, p-1} s.t. a = b2 (mod p). Otherwise a is a boxlike no residue.

So for p = 11, 1=12, 3=52, 4=22, 5=42, 9=32 are the boxlike residues and 2, 6, 7, 8, 10 are the boxlike no residues.

This works in general. For a prime p there are (p-1)/2 of both residues and no residues.

- In 1981 R. Lipton showed for odd k, xk is a boxlike balance mod p if x is a boxlike balance mod p.
- So the cards whose representations are boxlike residues are still boxlike residues back they are encrypted.
- This allows Alice to acquisition the cards that are residues and no residues, for the accurate p used, and again accept (on average) aerial cards for herself and low cards for Bob.

- The easiest way to anticipate the advance we accept discussed is to alone represent cards with boxlike residues. About other, added accepted attacks accept been apparent to be able so SRA isn’t a acceptable protocol.
- Other protocols for the Mental Poker botheration accept been advised with the best acknowledged ones application probabilistic encryption and aught ability proof. Crepeau apparent the botheration in 1987 although his agreement is not computationally feasible. Research is still activity on.

Mental Poker is an important problem, both for use in the ample internet poker business and as a allegory for alternative multi-party computations were secrets charge to be kept. It is accessible to apparatus the SRA agreement calmly and securely, about it has a above blemish in that it leaks one bit of advice about the cards. Alternative protocols accept been appropriate with Crepeau analytic the botheration in 1987 although with a computationally absurd algorithm.

http://www.ics.uci.edu/~goodrich/teach/ics247/W03/notes/poker.pdf

http://www.netip.com/articles/keith/diffie-helman.htm

http://www.ics.uci.edu/~goodrich/teach/ics247/W03/notes/elgamal.pdf

Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996.