Show that any 2-round key-exchange protocol (that is, where each party sends a single message) can be converted into a CPA-secure public-key encryption scheme. Solution In CPA-secure public-key encryption scheme prevents attacker to obtain the ciphertexts for arbitrary plaintexts. Diffie-Hellmen key exchange protocol is a 2-round key-exchange protocol . ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange and prevents attacker to obtain the ciphertexts for arbitrary plaintexts making it CPA secure. The conversion of Diffie-Hellmen into Elgamal is performed as follows. In Diffie-Hellman, Alice generates a and sends a representation of it g a . Bob generates b and sends g b . Both parties can compute g ab . To convert to Elgamal, Alice starts the protocol generating a and posts g a so anyone can complete Diffie-Hellman with her. If Bob wants to complete the protocol, he generates b and sends g b . To make it encryption, he generates the shared secret g ab and multiplies in his message m . g ab and sends that as well. g ab is indistinguishable from a random group element so it works as a sort of one-time pad. Since the sender contributes b to the random mask, each encryption of the same message results in a different ciphertext. The following precautions must be made while con verting Diffie-Hellmen into Elgamal.i.e. The shared secret must be indistinguishable from random. The shared secret must be an element of a group so there is a permissible operation that can be used to combine it with the message with closure. .