On (Destructive) Impacts of Mathematical Realizations over the Security of Leakage Resilient ElGamal Encryption

Abstract. Leakage resilient cryptography aims to address the issue of inadvertent and unexpected information leakages from physical cryptographic implementations. At Asiacrypt 2010, E.Kiltz et al. [1] presented a multiplicatively blinded version of ElGamal public-key encryption scheme, which is proved to be leakage resilient in the generic group model against roughly 0.50 *log(p) bits of arbitrary, adversarially chosen information leakage about the computation, when the scheme is instantiated over bilinear groups of prime order p (denoted BEG ∗). Nonetheless, for the same scheme instantiated over arbitrary groups of prime order p (denoted EG ∗), no leakage resilience bound is given, and was only conjectured to be leakage resilient. In this paper, we show that, when some of the leakage happens within the computation of pseudo random number generator (PRNG) used by EG ∗ , the leakage tolerance of EG ∗ is far worse than expected. We used three instances of internationall