Abstract
The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The first step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically difficult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special ‘easy’ cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using 3 independent faults.
Chapter PDF
Similar content being viewed by others
References
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil pairing. SIAM J. of Computing 32(3), 586–615 (2003)
Dutta, R., Barua, R., Sarkar, P.: Pairing-Based Cryptographic Protocols: A Survey. Cryptology ePrint Archive, Report 2004/064 (2004), http://eprint.iacr.org/
El Mrabet, N., Di Natale, G., Flottes, M.L., Rouzeyre, B., Bajard, J.C.: Differential Power Analysis against the Miller Algorithm. Technical report, Published in Prime 2009, IEEE Xplore (August 2008)
Whelan, C., Scott, M.: Side channel analysis of practical pairing implementations: Which path is more secure? In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 99–114. Springer, Heidelberg (2006)
Page, D., Vercauteren, F.: A Fault Attack on Pairing-Based Cryptography. IEEE Transactions on Computers 55(9), 1075–1080 (2006)
Whelan, C., Scott, M.: The Importance of the Final Exponentiation in Pairings when considering Fault Attacks. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 225–246. Springer, Heidelberg (2007)
El Mrabet, N.: What about Vulnerability to a Fault Attack of the Miller’s algorithm During an Identity Based Protocol? In: Park, J.H., Chen, H.-H., Atiquzzaman, M., Lee, C., Kim, T.-h., Yeo, S.-S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 122–134. Springer, Heidelberg (2009)
Vercauteren, F.: The Hidden Root Problem. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 89–99. Springer, Heidelberg (2008)
Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-Speed Software Implementation of the Optimal Ate Pairing over Barreto–Naehrig Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 21–39. Springer, Heidelberg (2010)
Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)
Hess, F., Smart, N., Vercauteren, F.: The Eta Pairing Revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)
Vercauteren, F.: Optimal Pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)
Kim, S., Cheon, J.H.: Fixed Argument Pairing Inversion on Elliptic Curves. Cryptology ePrint Archive, Report 2012/657 (2012), http://eprint.iacr.org/
Kanayama, N., Okamoto, E.: Approach to Pairing Inversions Without Solving Miller Inversion. IEEE Transactions on Information Theory 58(2), 1248–1253 (2012)
Galbraith, S., Hess, F., Vercauteren, F.: Aspects of Pairing Inversion. IEEE Transactions on Information Theory 54(12), 5719–5728 (2008)
Satoh, T.: On Pairing Inversion Problems. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 317–328. Springer, Heidelberg (2007)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. Proceedings of the IEEE 94(2), 370–382 (2006)
Dehbaoui, A., Dutertre, J.M., Robisson, B., Tria, A.: Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES. In: FDTC, pp. 7–15. IEEE (2012)
Stein, W., et al.: Sage Mathematics Software (Version 5.5). The Sage Development Team (2012), http://www.sagemath.org
Ozturk, E., Gaubatz, G., Sunar, B.: Tate Pairing with Strong Fault Resiliency. In: Proceedings of FDTC 2007, pp. 103–111. IEEE Computer Society (2007)
Ghosh, S., Mukhopadhyay, D., Chowdhury, D.: Fault Attack and Countermeasures on Pairing Based Cryptography. International Journal Network Security 12, 21–28 (2011)
Certivox: Miracl library, v 5.6.1 (2012), https://certivox.com/solutions/miracl-crypto-sdk/
Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On compressible pairings and their computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008)
Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster explicit formulas for computing pairings over ordinary curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011)
Van Woudenberg, J., Witteman, M., Menarini, F.: Practical Optical Fault Injection on Secure Microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 91–99 (September 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 International Association for Cryptologic Research
About this paper
Cite this paper
Lashermes, R., Fournier, J., Goubin, L. (2013). Inverting the Final Exponentiation of Tate Pairings on Ordinary Elliptic Curves Using Faults. In: Bertoni, G., Coron, JS. (eds) Cryptographic Hardware and Embedded Systems - CHES 2013. CHES 2013. Lecture Notes in Computer Science, vol 8086. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40349-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-40349-1_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40348-4
Online ISBN: 978-3-642-40349-1
eBook Packages: Computer ScienceComputer Science (R0)