Abstract
We present an investigation into the security of three practical pairing algorithms; the Tate, truncated Eta (η T ) and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, however no in depth side channel analysis of these specific pairing implementations has yet appeared in the literature. We assess these algorithms based on two main avenues of attack since the secret parameter input to the pairing can potentially be entered in two possible positions, i.e. e(P,Q) or e(Q,P) where P is public and Q is private. We analyse the core operations fundamental to pairings and propose how they can be attacked in a computationally efficient way. Building on this we show how each implementation may potentially succumb to a side channel attack and demonstrate how one path is more susceptible than the other in Tate and Ate. For those who wish to deploy pairing based systems we make a simple suggestion to improve resistance to side channel attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barreto, P.: Pairing based crypto lounge, URL: http://paginas.terra.com.br/informatica/paulobarreto/pblounge.html
Barreto, P., Galbraith, S., O’hEigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Cryptology ePrint Archive: Report, 2004/375, URL: http://eprint.iacr.org/2004/375
Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
Duursma, I.M., Lee, H.S.: Tate Pairing Implementation for Hyperelliptic Curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)
Fong, K., Hankerson, D., Lopez, J., Menezes, A.: Field inversion and point halving revisited. CACR Technical Report, CORR 2003-18 (2003), URL: http://www.cacr.math.waterloo.ca/
Hess, F., Smart, N., Vercauteren, F.: The eta pairing revisited. Cryptology ePrint Archive: Report 2006/110 (2006), URL: http://eprint.iacr.org/2006/110
Kocher, P.: Timing attacks on implementations of diffie-hellman, rsa, dss and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Menezes, A.J., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39, 1639–1646 (1993)
Messerges, T., Dabbish, E., Sloan, R.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(4) (April 2002)
Page, D., Vercauteren, F.: Fault and side-channel attacks on pairing based cryptography. Cryptology ePrint Archive, Report 2004/283, URL: http://eprint.iacr.org/2004/283
Scott, M.: Computing the tate pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)
Scott, M., Costigan, N., Abdulwahab, W.: Implementing cryptographic pairings on smart cards. Cryptology ePrint Archive: Report 2006/144, URL: http://eprint.iacr.org/2006/144
Walter, C.: Simple power analysis of unified code for ecc double and add. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Whelan, C., Scott, M. (2006). Side Channel Analysis of Practical Pairing Implementations: Which Path Is More Secure?. In: Nguyen, P.Q. (eds) Progress in Cryptology - VIETCRYPT 2006. VIETCRYPT 2006. Lecture Notes in Computer Science, vol 4341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11958239_7
Download citation
DOI: https://doi.org/10.1007/11958239_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68799-3
Online ISBN: 978-3-540-68800-6
eBook Packages: Computer ScienceComputer Science (R0)