Cryptology ePrint Archive: Report 2014/835

Implementation of a Leakage-Resilient ElGamal Key Encapsulation Mechanism

David Galindo and Johann Großschädl and Zhe Liu and Praveen Kumar Vadnala and Srinivas Vivek

Abstract: Leakage-resilient cryptography aims to extend the rigorous guarantees achieved through the provable security paradigm to physical implementations. The constructions designed on basis of this new approach inevitably suffer from an Achilles heel: a bounded leakage assumption is needed. Currently, a huge gap exists between the theory of such designs and their implementation to confirm the leakage resilience in practice. The present work tries to narrow this gap for the leakage-resilient bilinear ElGamal key encapsulation mechanism (BEG-KEM) proposed by Kiltz and Pietrzak in 2010. Our first contribution is a variant of the bounded leakage and the only-computation-leaks model that is closer to practice. We weaken the restriction on the image size of the leakage functions in these models and only insist that the inputs to the leakage functions have sufficient min-entropy left, in spite of the leakage, with no limitation on the quantity of this leakage. We provide a novel security reduction for BEG-KEM in this relaxed leakage model using the generic bilinear group axiom. Secondly, we show that a naive implementation of the exponentiation in BEG-KEM makes it impossible to meet the leakage bound. Instead of trying to find an exponentiation algorithm that meets the leakage axiom (which is a non-trivial problem in practice), we propose an advanced scheme, BEG-KEM+, that avoids exponentiation by a secret value, but rather uses an encoding into the base group due to Fouque and Tibouchi. Thirdly, we present a software implementation of BEG-KEM+ based on the Miracl library and provide detailed experimental results. We also assess its (theoretical) resistance against power analysis attacks from a practical perspective, taking into account the state-of-the-art in side-channel cryptanalysis.

Category / Keywords: secure implementation, side-channel cryptanalysis, leakage-resilient cryptography, security proof, public-key encryption, pairings

Original Publication (in the same form): Journal of Cryptographic Engineering
DOI:
10.1007/s13389-016-0121-x

Date: received 14 Oct 2014, last revised 26 Aug 2016

Contact author: D Galindo at cs bham ac uk; johann groszschaedl@uni lu; zhelu liu@uwaterloo ca; praveen vadnala@gmail com; sv venkatesh@bristol ac uk

Available format(s): PDF | BibTeX Citation

Version: 20160827:001117 (All versions of this report)

Short URL: ia.cr/2014/835

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]