Elgamal digital signature scheme[5] is proposed by Elgamal in 1985. This is based on Diffe-Hellman key exchange. This signature scheme is quite different from RSA signature scheme in terms of validity of signatures corresponding to a message. i.e. there are many valid signatures for a message. Suppose Alice want to sign a message using Elgamal digital signature scheme, she can generate signature S corresponding to message m as follow:

Key generation:-
She can generate key for Elgamal signature scheme as follow:

Choose p be a large prime.
Choose g be a randomly chosen generator of the multiplicative group of integers Zp .
Choose a secret key x such that 1 < x < p − 1.
Compute y = g^x (mod p).

Then the public key and private key of user will be (p, g, y) and (p, g, x) respectively.

Signing:-
Now Alice has her public and private key so she can sign a message m by using following steps:

Choose a random number k such that 0 < k < p − 1 and gcd(k, p − 1) = 1.
Compute r ≡ g^k(mod p).
Compute s ≡ (H(m) − xr)k ^-1 (mod p − 1). Where H(m) is hash of message.

Then the pair (r, s) is the signature of the message m.

Verification:-
Bob can verify the signature (r, s) of message m as follow:

Download Alice's public key (p, g, y).
Compute v₁ ≡ g ^H(m)(mod p) and v₂ ≡ y ^r r ^s (mod p).
The signature is declared valid if and only if v₁ ≡ v₂ (mod p).

For a valid signature (r, s), v₁ ≡ v₂ (mod p) since
            s ≡ (H(m) − xr)k ^-1 (mod p − 1)
            sk ≡ (H(m) − xr)(mod p − 1)
            H(m) ≡ (sk + xr)(mod p -1)
            v₁ ≡ g ^H(m)(mod p)
            v₁ ≡ g ^{(sk + xr)}(mod p)
            v₁ ≡ g ^{(sk )} g ^(xr)(mod p)
            v₁ ≡ (g^k) ^s (g^x) ^r(mod p)
            v₁ ≡ y^r r^s (mod p)
            v₁ ≡ v₂ (mod p).