ElGamal signature scheme

The ElGamal signature scheme is a digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher ElGamal in 1984.

The ElGamal signature algorithm is rarely used in practice. A variant developed at NSA and known as the Digital Signature Algorithm is much more widely used. There are several other variants. The ElGamal signature scheme must not be confused with ElGamal encryption which was also invented by Taher ElGamal.

The ElGamal signature scheme allows a third-party to confirm the authenticity of a message sent over an insecure channel.

These system parameters may be shared between users.

These steps are performed once by the signer.

To sign a message m the signer performs the following steps.

Then the pair (r,s) is the digital signature of m. The signer repeats these steps for every signature.

A signature (r,s) of a message m is verified as follows.

The verifier accepts a signature if all conditions are satisfied and rejects it otherwise.

The algorithm is correct in the sense that a signature generated with the signing algorithm will always be accepted by the verifier.

The signature generation implies

Hence Fermat's little theorem implies

A third party can forge signatures either by finding the signer's secret key x or by finding collisions in the hash function $H(m)\equiv H(M){\pmod {p-1}}$ $H(m) \equiv H(M) \pmod{p-1}$ . Both problems are believed to be difficult. However, as of 2011 no tight reduction to a computational hardness assumption is known.

...
Wikipedia