Paper 2014/835

Implementation of a Leakage-Resilient ElGamal Key Encapsulation Mechanism

David Galindo, Johann Großschädl, Zhe Liu, Praveen Kumar Vadnala, and Srinivas Vivek


Leakage-resilient cryptography aims to extend the rigorous guarantees achieved through the provable security paradigm to physical implementations. The constructions designed on basis of this new approach inevitably suffer from an Achilles heel: a bounded leakage assumption is needed. Currently, a huge gap exists between the theory of such designs and their implementation to confirm the leakage resilience in practice. The present work tries to narrow this gap for the leakage-resilient bilinear ElGamal key encapsulation mechanism (BEG-KEM) proposed by Kiltz and Pietrzak in 2010. Our first contribution is a variant of the bounded leakage and the only-computation-leaks model that is closer to practice. We weaken the restriction on the image size of the leakage functions in these models and only insist that the inputs to the leakage functions have sufficient min-entropy left, in spite of the leakage, with no limitation on the quantity of this leakage. We provide a novel security reduction for BEG-KEM in this relaxed leakage model using the generic bilinear group axiom. Secondly, we show that a naive implementation of the exponentiation in BEG-KEM makes it impossible to meet the leakage bound. Instead of trying to find an exponentiation algorithm that meets the leakage axiom (which is a non-trivial problem in practice), we propose an advanced scheme, BEG-KEM+, that avoids exponentiation by a secret value, but rather uses an encoding into the base group due to Fouque and Tibouchi. Thirdly, we present a software implementation of BEG-KEM+ based on the Miracl library and provide detailed experimental results. We also assess its (theoretical) resistance against power analysis attacks from a practical perspective, taking into account the state-of-the-art in side-channel cryptanalysis.

Available format(s)
Publication info
Published elsewhere. Journal of Cryptographic Engineering
secure implementationside-channel cryptanalysisleakage-resilient cryptographysecurity proofpublic-key encryptionpairings
Contact author(s)
D Galindo @ cs bham ac uk
johann groszschaedl @ uni lu
zhelu liu @ uwaterloo ca
praveen vadnala @ gmail com
sv venkatesh @ bristol ac uk
2016-08-27: last of 2 revisions
2014-10-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Galindo and Johann Großschädl and Zhe Liu and Praveen Kumar Vadnala and Srinivas Vivek},
      title = {Implementation of a Leakage-Resilient {ElGamal} Key Encapsulation Mechanism},
      howpublished = {Cryptology ePrint Archive, Paper 2014/835},
      year = {2014},
      doi = {10.1007/s13389-016-0121-x},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.