Skip to main content

Table 1 CCmLA1 security experiment for KEM

From: Implementation of a leakage-resilient ElGamal key encapsulation mechanism

KEM-CCmLA1\(_{\mathsf {KEM}}(\mathcal {A},\kappa ,\lambda )\) KEM-Leak-Oracle \(O^{\text {CCmLA1}}(C,f_{i},h_{i})\)
\((pk,(\sigma _{0},\sigma '_{0}))\leftarrow \mathsf {KG}\left( \kappa ,\lambda \right) \)  
\( i:=1\), \(w\leftarrow \mathcal {A}^{O^{\text {CCmLA1}}(\cdot )}\left( pk\right) \) \((\sigma _{i},w_{i})\overset{r_{i}}{\leftarrow }\mathsf {Dec1}(\sigma _{i-\text {1}},C)\)
\(b\overset{\$}{\leftarrow }\left\{ 0,1\right\} \) \( (\sigma '_{i},K)\overset{r'_{i}}{\leftarrow }\mathsf {Dec2}(\sigma '_{i-\text {1}},w_{i})\)
\(\left( C,K_{0}\right) \leftarrow \mathsf {Enc}\left( pk\right) \) \(\Lambda _{i}:=f_{i}(\sigma _{i-1},r_{i})\)
\( K_{1}\overset{\$}{\leftarrow }\mathcal {K}\) \( \Lambda '_{i}:=h_{i}(\sigma '_{i-1},r'_{i},w_{i})\)
\(b'\leftarrow \mathcal {A}\left( w,CK_{b}\right) \) \(i:=i+1\)
  Return \((K,\Lambda _{i},\Lambda '_{i})\)