Abstract
Although the vulnerability of pairing-based algorithms to side-channel attacks has been demonstrated—pairing implementations were targeted on three different devices in a recent paper [41]—it nevertheless remains difficult to choose an adapted leakage model and detect points of interest. Our proposed approach evaluates the parameters of the attack and validates the data processing workflow. We describe weaknesses in the implementation of cryptographic pairings, and we show how information leakage can be fully exploited. Different leakage models, point-of-interest detection methods, and parameter dependencies are compared. In addition, practical results were obtained with a software implementation of twisted Ate pairing on Barreto–Naehrig curves with an ARM Cortex-M3 processor running at 50 MHz. We discuss countermeasures aimed at reducing side-channel leakage and review the available literature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bajard, J., Mrabet, N.: Pairing in cryptography: an arithmetic point of view. In: Architectures, and Implementations, Advanced Signal Processing Algorithms (2007)
Bajard, J.-C., Imbert, L., Liardet, P.-Y., Teglia, Y.: Leak resistant arithmetic. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 62–75. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_5
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). doi:10.1007/11693383_22
Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36095-4_1
Blömer, J., Günther, P., Liske, G.: Improved side channel attacks on pairing based cryptography. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 154–168. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40026-1_10
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing, vol. 32. Springer, Heidelberg (2001)
Booth, A.D.: A signed binary multiplication technique. Q. J. Mech. Appl. Math. 4(2), 236–240 (1951)
Brickell, E.F.: A fast modular multiplication algorithm with application to two key cryptography. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 51–60. Springer, New York (1983)
Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: ROSETTA for single trace analysis. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 140–155. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_9
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17650-0_5
Cook, S.: On the minimum computation time of functions. Trans. Am. Math. Soc. 142(23), 291–291 (1969)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). doi:10.1007/3-540-48059-5_25
Coron, J.-S., Kocher, P., Naccache, D.: Statistics and secret leakage. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 157–173. Springer, Heidelberg (2001). doi:10.1007/3-540-45472-1_12
Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73489-5_10
Dhem, J.-F., Joye, M., Quisquater, J.-J.: Normalisation in diminished-radix modulus transformation. Electron. Lett. 33(23), 1931 (1997)
Duursma, I., Lee, H.-S.: Tate pairing implementation for hyperelliptic curves \(y^{2}=x^{p}-x+d\). In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003). doi:10.1007/978-3-540-40061-5_7
El Mrabet, N., Di Natale, G., Flottes, M.L.: A practical differential power analysis attack against the miller algorithm. In: PRIME, pp. 308–311 (2009)
Ghosh, S., Roychowdhury, D.: Security of prime field pairing cryptoprocessor against differential power attack. In: Joye, M., Mukhopadhyay, D., Tunstall, M. (eds.) InfoSecHiComNet 2011. LNCS, vol. 7011, pp. 16–29. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24586-2_4
Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 15–29. Springer, Heidelberg (2006). doi:10.1007/11894063_2
Hess, F., Smart, N.P., Vercauteren, F.: The Eta pairing revisited. IEEE Trans. Inf. Theor. 52, 4595–4602 (2006)
Hutter, M., Medwed, M., Hein, D., Wolkerstorfer, J.: Attacking ECDSA-enabled RFID devices. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 519–534. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01957-9_32
Joye, M.: Elliptic curves and side-channel analysis. ST J. Syst. Res. 4(1), 17–21 (2003)
Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. In: Soviet Physics Doklady, vol. 7, p. 595 (1963)
Kim, T.H., Takagi, T., Han, D.-G., Kim, H.W., Lim, J.: Side channel attacks and countermeasures on pairing based cryptosystems over binary fields. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 168–181. Springer, Heidelberg (2006). doi:10.1007/11935070_11
Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005). doi:10.1007/11586821_2
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology - CRYPTO 1999, pp. 1–10 (1999)
Mayer-Sommer, R.: Smartly analyzing the simplicity and the power of simple power analysis on smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 78–92. Springer, Heidelberg (2000). doi:10.1007/3-540-44499-8_6
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). doi:10.1007/3-540-39799-X_31
Montgomery, P.L.: Modular multiplication without trial division (1985)
Oswald, E.: On side-channel attacks and the application of algorithmic countermeasures. na (2003)
Page, D., Vercauteren, F.: Fault and Side-Channel Attacks on Pairing Based Cryptography (2004)
Pan, W., Marnane, W.P.: A correlation power analysis attack against tate pairing on FPGA. In: Koch, A., Krishnamurthy, R., McAllister, J., Woods, R., El-Ghazawi, T. (eds.) ARC 2011. LNCS, vol. 6578, pp. 340–349. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19475-7_36
Perin, G., Imbert, L., Maurine, P., Torres, L.: Vertical and horizontal correlation attacks on RNS-based exponentiations. J. Cryptographic Eng. 5(3), 1–15 (2015)
Perin, G., Imbert, L., Torres, L., Maurine, P.: Attacking randomized exponentiations using unsupervised learning. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 144–160. Springer, Cham (2014). doi:10.1007/978-3-319-10175-0_11
Quisquater, J.-J.: Presentation at the rump session of Eurocrypt 90 (1990)
Sato, H., Schepers, D., Takagi, T.: Exact analysis of montgomery multiplication. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 290–304. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30556-9_23
Scott, M.: Computing the tate pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30574-3_20
Scott, M.: On the efficient implementation of pairing-based protocols. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 296–308. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25516-8_18
Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106, 2nd edn. Springer, New York (2009)
Toom, A.L.: The complexity of a scheme of functional elements realizing the multiplication of integers. Sov. Math. Dokl. 3, 714–716 (1963)
Unterluggauer, T., Wenger, E.: practical attack on bilinear pairings to disclose the secrets of embedded devices. In: ARES, pp. 69–77 (2014)
Whelan, C., Scott, M.: Side channel analysis of practical pairing implementations: which path is more secure? In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 99–114. Springer, Heidelberg (2006). doi:10.1007/11958239_7
Acknowledgments
This work was supported in part by the EUREKA Catrene programme under contract CAT208 MobiTrust and by a French DGA-MRIS scholarship.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jauvart, D., Fournier, J.J.A., El-Mrabet, N., Goubin, L. (2017). Improving Side-Channel Attacks Against Pairing-Based Cryptography. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-54876-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54875-3
Online ISBN: 978-3-319-54876-0
eBook Packages: Computer ScienceComputer Science (R0)