pycryptodome/lib/Crypto/PublicKey/ElGamal.py

#
#   ElGamal.py : ElGamal encryption/decryption and signatures
#
#  Part of the Python Cryptography Toolkit
#
#  Originally written by: A.M. Kuchling
#
# ===================================================================
# The contents of this file are dedicated to the public domain.  To
# the extent that dedication to the public domain is not available,
# everyone is granted a worldwide, perpetual, royalty-free,
# non-exclusive license to exercise all rights associated with the
# contents of this file for any purpose whatsoever.
# No rights are reserved.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ===================================================================

"""ElGamal public-key algorithm (encryption and signature)."""

__revision__ = "$Id$"

from Crypto.PublicKey.pubkey import *
from Crypto.Util import number

class error (Exception):
    pass

# Generate an ElGamal key with N bits
def generate(bits, randfunc, progress_func=None):
    """generate(bits:int, randfunc:callable, progress_func:callable)

    Generate an ElGamal key of length 'bits', using 'randfunc' to get
    random data and 'progress_func', if present, to display
    the progress of the key generation.
    """
    obj=ElGamalobj()
    # Generate prime p
    if progress_func:
        progress_func('p\n')
    obj.p=bignum(getPrime(bits, randfunc))
    # Generate random number g
    if progress_func:
        progress_func('g\n')
    size=bits-1-(ord(randfunc(1)) & 63) # g will be from 1--64 bits smaller than p
    if size<1:
        size=bits-1
    while (1):
        obj.g=bignum(getPrime(size, randfunc))
        if obj.g < obj.p:
            break
        size=(size+1) % bits
        if size==0:
            size=4
    # Generate random number x
    if progress_func:
        progress_func('x\n')
    while (1):
        size=bits-1-ord(randfunc(1)) # x will be from 1 to 256 bits smaller than p
        if size>2:
            break
    while (1):
        obj.x=bignum(getPrime(size, randfunc))
        if obj.x < obj.p:
            break
        size = (size+1) % bits
        if size==0:
            size=4
    if progress_func:
        progress_func('y\n')
    obj.y = pow(obj.g, obj.x, obj.p)
    return obj

def construct(tuple):
    """construct(tuple:(long,long,long,long)|(long,long,long,long,long)))
             : ElGamalobj
    Construct an ElGamal key from a 3- or 4-tuple of numbers.
    """

    obj=ElGamalobj()
    if len(tuple) not in [3,4]:
        raise ValueError('argument for construct() wrong length')
    for i in range(len(tuple)):
        field = obj.keydata[i]
        setattr(obj, field, tuple[i])
    return obj

class ElGamalobj(pubkey):
    keydata=['p', 'g', 'y', 'x']

    def _encrypt(self, M, K):
        a=pow(self.g, K, self.p)
        b=( M*pow(self.y, K, self.p) ) % self.p
        return ( a,b )

    def _decrypt(self, M):
        if (not hasattr(self, 'x')):
            raise TypeError('Private key not available in this object')
        ax=pow(M[0], self.x, self.p)
        plaintext=(M[1] * inverse(ax, self.p ) ) % self.p
        return plaintext

    def _sign(self, M, K):
        if (not hasattr(self, 'x')):
            raise TypeError('Private key not available in this object')
        p1=self.p-1
        if (GCD(K, p1)!=1):
            raise ValueError('Bad K value: GCD(K,p-1)!=1')
        a=pow(self.g, K, self.p)
        t=(M-self.x*a) % p1
        while t<0: t=t+p1
        b=(t*inverse(K, p1)) % p1
        return (a, b)

    def _verify(self, M, sig):
        v1=pow(self.y, sig[0], self.p)
        v1=(v1*pow(sig[0], sig[1], self.p)) % self.p
        v2=pow(self.g, M, self.p)
        if v1==v2:
            return 1
        return 0

    def size(self):
        "Return the maximum number of bits that can be handled by this key."
        return number.size(self.p) - 1

    def has_private(self):
        """Return a Boolean denoting whether the object contains
        private components."""
        if hasattr(self, 'x'):
            return 1
        else:
            return 0

    def publickey(self):
        """Return a new key object containing only the public information."""
        return construct((self.p, self.g, self.y))


object=ElGamalobj
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`#`
			`# ElGamal.py : ElGamal encryption/decryption and signatures`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`#`
[project @ akuchling-20020423042427-a1be157453d55cf4] [project @ 2002-04-22 21:24:27 by akuchling] Remove version number 2002-04-22 21:24:27 -07:00			`# Part of the Python Cryptography Toolkit`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`#`
ElGamal.py: Replace the legal notice I have permission to do this. See the LEGAL directory. 2009-08-02 22:46:19 -04:00			`# Originally written by: A.M. Kuchling`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`#`
ElGamal.py: Replace the legal notice I have permission to do this. See the LEGAL directory. 2009-08-02 22:46:19 -04:00			`# ===================================================================`
			`# The contents of this file are dedicated to the public domain. To`
			`# the extent that dedication to the public domain is not available,`
			`# everyone is granted a worldwide, perpetual, royalty-free,`
			`# non-exclusive license to exercise all rights associated with the`
			`# contents of this file for any purpose whatsoever.`
			`# No rights are reserved.`
			`#`
			`# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,`
			`# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF`
			`# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND`
			`# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS`
			`# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN`
			`# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN`
			`# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
			`# SOFTWARE.`
			`# ===================================================================`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00
Polished the Crypto.PublicKey page.Added hyperlinks to RFCs. 2012-04-12 23:16:52 +02:00			`"""ElGamal public-key algorithm (encryption and signature)."""`

Clean up RCS keywords ($Id ... $ -> $Id$). RCS-style keywords don't well in distributed revision control systems. If you want to use them, do it as part of your build process. 2008-08-06 21:27:50 -04:00			`__revision__ = "$Id$"`
[project @ akuchling-20020711213119-1944f9493ae8d3c1] [project @ 2002-07-11 14:31:19 by akuchling] Add CVS id 2002-07-11 14:31:19 -07:00
[project @ akuchling-20020711213305-3935fe3eaba8d818] [project @ 2002-07-11 14:33:05 by akuchling] Use full path for importing pubkey 2002-07-11 14:33:05 -07:00			`from Crypto.PublicKey.pubkey import *`
[project @ akuchling-20030405034426-780ab797d2a3eae1] [project @ 2003-04-04 19:44:25 by akuchling] Use number.size() 2003-04-04 20:44:26 -07:00			`from Crypto.Util import number`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00
[project @ akuchling-20020524212734-7301cc683c7c9da0] [project @ 2002-05-24 14:27:34 by akuchling] Call 'progress_func' directly in generate() instead of using apply() Turn string exceptions into classes Add docstrings Accommodate various renamings 2002-05-24 14:27:34 -07:00			`class error (Exception):`
			`pass`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00
			`# Generate an ElGamal key with N bits`
			`def generate(bits, randfunc, progress_func=None):`
[project @ akuchling-20020524212734-7301cc683c7c9da0] [project @ 2002-05-24 14:27:34 by akuchling] Call 'progress_func' directly in generate() instead of using apply() Turn string exceptions into classes Add docstrings Accommodate various renamings 2002-05-24 14:27:34 -07:00			`"""generate(bits:int, randfunc:callable, progress_func:callable)`

			`Generate an ElGamal key of length 'bits', using 'randfunc' to get`
			`random data and 'progress_func', if present, to display`
			`the progress of the key generation.`
			`"""`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`obj=ElGamalobj()`
			`# Generate prime p`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if progress_func:`
			`progress_func('p\n')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`obj.p=bignum(getPrime(bits, randfunc))`
			`# Generate random number g`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if progress_func:`
			`progress_func('g\n')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`size=bits-1-(ord(randfunc(1)) & 63) # g will be from 1--64 bits smaller than p`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if size<1:`
			`size=bits-1`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`while (1):`
			`obj.g=bignum(getPrime(size, randfunc))`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if obj.g < obj.p:`
			`break`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`size=(size+1) % bits`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if size==0:`
			`size=4`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`# Generate random number x`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if progress_func:`
			`progress_func('x\n')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`while (1):`
			`size=bits-1-ord(randfunc(1)) # x will be from 1 to 256 bits smaller than p`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if size>2:`
			`break`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`while (1):`
			`obj.x=bignum(getPrime(size, randfunc))`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if obj.x < obj.p:`
			`break`
			`size = (size+1) % bits`
			`if size==0:`
			`size=4`
			`if progress_func:`
			`progress_func('y\n')`
			`obj.y = pow(obj.g, obj.x, obj.p)`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`return obj`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`def construct(tuple):`
[project @ akuchling-20020524212734-7301cc683c7c9da0] [project @ 2002-05-24 14:27:34 by akuchling] Call 'progress_func' directly in generate() instead of using apply() Turn string exceptions into classes Add docstrings Accommodate various renamings 2002-05-24 14:27:34 -07:00			`"""construct(tuple:(long,long,long,long)\|(long,long,long,long,long)))`
			`: ElGamalobj`
			`Construct an ElGamal key from a 3- or 4-tuple of numbers.`
			`"""`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`obj=ElGamalobj()`
			`if len(tuple) not in [3,4]:`
Crypto.PublicKey: Raise ValueError/TypeError/RuntimeError instead of the various custom "error" exceptions At some point, it might be a good idea to remove the custom error classes themselves. 2009-04-25 13:57:55 -04:00			`raise ValueError('argument for construct() wrong length')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`for i in range(len(tuple)):`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`field = obj.keydata[i]`
			`setattr(obj, field, tuple[i])`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`return obj`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`class ElGamalobj(pubkey):`
			`keydata=['p', 'g', 'y', 'x']`

			`def _encrypt(self, M, K):`
			`a=pow(self.g, K, self.p)`
			`b=( M*pow(self.y, K, self.p) ) % self.p`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`return ( a,b )`
[project @ akuchling-20020524212734-7301cc683c7c9da0] [project @ 2002-05-24 14:27:34 by akuchling] Call 'progress_func' directly in generate() instead of using apply() Turn string exceptions into classes Add docstrings Accommodate various renamings 2002-05-24 14:27:34 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`def _decrypt(self, M):`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`if (not hasattr(self, 'x')):`
Crypto.PublicKey: Raise ValueError/TypeError/RuntimeError instead of the various custom "error" exceptions At some point, it might be a good idea to remove the custom error classes themselves. 2009-04-25 13:57:55 -04:00			`raise TypeError('Private key not available in this object')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`ax=pow(M[0], self.x, self.p)`
			`plaintext=(M[1] * inverse(ax, self.p ) ) % self.p`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`return plaintext`
[project @ akuchling-20020524212734-7301cc683c7c9da0] [project @ 2002-05-24 14:27:34 by akuchling] Call 'progress_func' directly in generate() instead of using apply() Turn string exceptions into classes Add docstrings Accommodate various renamings 2002-05-24 14:27:34 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`def _sign(self, M, K):`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`if (not hasattr(self, 'x')):`
Crypto.PublicKey: Raise ValueError/TypeError/RuntimeError instead of the various custom "error" exceptions At some point, it might be a good idea to remove the custom error classes themselves. 2009-04-25 13:57:55 -04:00			`raise TypeError('Private key not available in this object')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`p1=self.p-1`
			`if (GCD(K, p1)!=1):`
Crypto.PublicKey: Raise ValueError/TypeError/RuntimeError instead of the various custom "error" exceptions At some point, it might be a good idea to remove the custom error classes themselves. 2009-04-25 13:57:55 -04:00			`raise ValueError('Bad K value: GCD(K,p-1)!=1')`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`a=pow(self.g, K, self.p)`
			`t=(M-self.x*a) % p1`
			`while t<0: t=t+p1`
			`b=(t*inverse(K, p1)) % p1`
			`return (a, b)`
[project @ akuchling-20020524212734-7301cc683c7c9da0] [project @ 2002-05-24 14:27:34 by akuchling] Call 'progress_func' directly in generate() instead of using apply() Turn string exceptions into classes Add docstrings Accommodate various renamings 2002-05-24 14:27:34 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`def _verify(self, M, sig):`
			`v1=pow(self.y, sig[0], self.p)`
			`v1=(v1*pow(sig[0], sig[1], self.p)) % self.p`
			`v2=pow(self.g, M, self.p)`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if v1==v2:`
			`return 1`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`return 0`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`def size(self):`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`"Return the maximum number of bits that can be handled by this key."`
[project @ akuchling-20030405034426-780ab797d2a3eae1] [project @ 2003-04-04 19:44:25 by akuchling] Use number.size() 2003-04-04 20:44:26 -07:00			`return number.size(self.p) - 1`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00
[project @ akuchling-20030404043615-1825725f0edaa6ca] [project @ 2003-04-03 20:36:06 by akuchling] Rename can* and has* to can_* and has_* 2003-04-03 21:36:15 -07:00			`def has_private(self):`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`"""Return a Boolean denoting whether the object contains`
			`private components."""`
[project @ akuchling-20030404231513-66892dee6da0bede] [project @ 2003-04-04 15:13:34 by akuchling] Code formatting improvements; shouldn't be any semantic changes 2003-04-04 16:15:13 -07:00			`if hasattr(self, 'x'):`
			`return 1`
			`else:`
			`return 0`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00
			`def publickey(self):`
[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00			`"""Return a new key object containing only the public information."""`
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`return construct((self.p, self.g, self.y))`

[project @ akuchling-20030228232835-ae6acc225cd562df] [project @ 2003-02-28 15:21:58 by akuchling] Normalize whitespace 2003-02-28 16:28:35 -07:00
[project @ amk-19981214021948-ae4d136d34b577c7] [project @ 1998-12-13 18:19:48 by amk] Initial revision 1998-12-13 19:19:48 -07:00			`object=ElGamalobj`