Abstract
Recently it was conjectured that an ElGamal-based public-key encryption scheme with stateful decryption resists lunch-time chosen ciphertext and leakage attacks in the only computation leaks information model. We give a non-trivial upper bound on the amount of leakage tolerated by this conjecture. More precisely, we prove that the conjecture does not hold if more than a (38+o(1)) fraction of the bits are leaked at every decryption step, by showing a lunch-time attack that recovers the full secret key. The attack uses a new variant of the Hidden Number Problem, that we call Hidden Shares - Hidden Number Problem, which is of independent interest.
Original language | English |
---|---|
Pages (from-to) | 192-196 |
Number of pages | 5 |
Journal | Information Processing Letters |
Volume | 114 |
Issue number | 4 |
Early online date | 28 Nov 2013 |
DOIs | |
Publication status | Published - 1 Apr 2014 |
Keywords
- Cryptography
- ElGamal
- Hidden number problem
- Lattice-based attacks
- Leakage-resilient cryptography
ASJC Scopus subject areas
- Information Systems
- Computer Science Applications
- Signal Processing
- Theoretical Computer Science