Side channel analysis of practical pairing implementations: which path is more secure?

Authors:
Claire Whelan;Mike Scott
Affiliations:
School of Computing, Dublin City University, Ballymun, Dublin 9, Ireland;School of Computing, Dublin City University, Ballymun, Dublin 9, Ireland
Venue:
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Year:
2006

Citing 6
Cited 7

Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Identity-Based Encryption from the Weil Pairing

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient Algorithms for Pairing-Based Cryptosystems

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Computing the tate pairing

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology

The Hidden Root Problem

Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
What about Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based Protocol?

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
An efficient countermeasure against side channel attacks for pairing computation

ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
A correlation power analysis attack against tate pairing on FPGA

ARC'11 Proceedings of the 7th international conference on Reconfigurable computing: architectures, tools and applications
Fault attacks against the miller algorithm in hessian coordinates

Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Improved side channel attacks on pairing based cryptography

COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
Inverting the final exponentiation of tate pairings on ordinary elliptic curves using faults

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present an investigation into the security of three practical pairing algorithms; the Tate, truncated Eta (ηT) and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, however no in depth side channel analysis of these specific pairing implementations has yet appeared in the literature. We assess these algorithms based on two main avenues of attack since the secret parameter input to the pairing can potentially be entered in two possible positions, i.e. e(P,Q) or e(Q,P) where P is public and Q is private. We analyse the core operations fundamental to pairings and propose how they can be attacked in a computationally efficient way. Building on this we show how each implementation may potentially succumb to a side channel attack and demonstrate how one path is more susceptible than the other in Tate and Ate. For those who wish to deploy pairing based systems we make a simple suggestion to improve resistance to side channel attacks.