A cyclic group is a group generated by a single element g, such that every element can be written as a power of g. A primitive root of a prime number p is a number that, when raised to powers from 0 to p-1, yields distinct results modulo p. The discrete logarithm problem is to find the exponent that raises a generator to a given element, which is easy in one direction but computationally infeasible in the other. ElGamal cryptography relies on the discrete logarithm problem for security by encrypting messages as powers of a public key.

1. Cyclic Group
a cyclic group is a group that is generated by a single element. That is, it is a
set of invertible elements with a single associative binary operation, and it contains
an element g (generator) such that every other element of the group may be obtained
by repeatedly applying the group operation to g or its inverse. Each element can be
written as a power of g in multiplicative notation, or as a multiple of g in additive
notation.

2. Primitive Root
 A number α is a primitive root mod p if every number coprime to p is congruent to a power of
α mod p
 α is said to be a primitive root of prime number p if :
α0 mod p , α1mod p , α2 mod p, …., αp-1 mod p are distinct (Equally distributed)
 Example: is 2 a primitive root of the prime number 5 ?
21 mod p = 2 , 22mod p = 4 , 23 mod p= 3 , 25-1 mod p = 1
 Example: is 3 a primitive root of the prime number 7 ?

3. The Discrete Logarithm Problem
 Consider α ε G, having order n.
< α > ={αi : 0 ≤ i ≤ n-1} is a cyclic sub-group of G having order n.
 Discrete Logarithm
 Multiplicative group (G, .), an element α ε G having order n, and an element β ε < α > .
 Find the unique integer a, 0 ≤ a ≤ n-1 such that αa = β
 We will denote this integer a by logα β ; it is called the discrete logarithm of 𝛃

4. The Discrete Logarithm Problem cont.
 To understand the discrete logarithm problem, let’s try to solve a simple equation:
5x mod 17 ≡ ?
If x is given , It’s Easy to compute the above equation One way function
 However, much harder time to solve the following equation:
5y mod 17 ≡ 12
If y is unknown. It’s hard to find y if x =12 is given

5. Example of Discrete Logarithm Problem
Suppose p =17 is an odd prime , then the message representation Zp ={0,1,…,p-1} is a finite
field , here Zp* = {1,2,…,16}, also given α =3 is a generator of Zp* , where Zp* is the set of
integers which are relatively prime to p ,i.e. , Zp* ={α º mod p, α ¹ mod p, …, αn-1 mod p}.
Then:- Zp*= { 30, 31, 32, 33, 34, 35, 36, 37,38,39,310,………,315 }
Zp*= {1, 3, 9, 10, 13, 5, 15, 11, 16,14, 8,7, 4 , 12 ,2 ,6 } Note 316 mod 17 =1.
You have to notice that , Given any a , compute b ≡ αa mod p is easy , for example given a =
10, b ≡ 3¹º mod 17 = 8 , given any b, finding an a such that b ≡ α a mod p is difficult , for
example given b=14, what is a ?? , By searching the table, a = 9. The problem is, when p is
large, the table becomes very large.

6. ElGamal Cryptosystem
 ElGamal is a public-key cryptosystem, which uses randomization. so that independent
encryptions of the same plain-text give different cipher-texts.
 Blocks of input text are considered as numbers.
 Encryption and Decryption are done by performing arithmetic on these numbers.
 ElGammal cryptosystem is depends on discrete logarithmic problem assumption to
guarantee security. This assumption claims that it is hard in some groups to find x
given: gx mod n and x is easy to compute given : log (gx) mod n

7. ElGamal Cryptosystem - Key Generation
Participant A : generates the public/private key pair
1. Generate large prime p and generator α of the multiplicative Group Zp
∗ of the
integers modulo p.
2. Select a random integer a, 1 ≤ a ≤ p − 2, and compute β ≡ αa mod p.
3. A’s Public key is (p, α, β); A’s Private key is a.

8. ElGamal Cryptosystem - Encryption Procedure
Participant B encrypts a message m to A
1. Obtain A’s authentic public key (p, α, β).
2. Represent the message as integers m in the range {0, 1, . . . , p − 1}.
3. Select a random integer k, 1 ≤ k ≤ p − 2.
4. Compute γ = αk mod p and δ = m ∗ (β)k.
5. Send ciphertext c = (γ, δ) to A
Note that for each plaintext, there are p-1 possible ciphertexts

9. ElGamal Cryptosystem - Decryption Procedure
ParticipantA receives encrypted message m from B
1. Use private key a can compute βk by raising αk → (γ) to a
2. Recover m by computing (γ−a) ∗ δ mod p.
Note: dividing δ with βk

10. Example
ParticipantA: p=2579, α = 2 (primitive element of Zp*)
a = 765 (secret value)
β = 2765 mod 2579 = 949.
Participant B: wishes to send m=1299 to A.
B randomly chooses k=853.
Compute γ = 2853 mod 2579 = 435 and δ =1299(949853)mod 2579=2396
B sends C = (435,2396)
Participant A: computes m =2396 (435765)-1 mod 2579=1299.