Improving side-channel attacks against pairing-based cryptography

  • Damien Jauvart
  • Nadia El MrabetEmail author
  • Jacques J. A. Fournier
  • Louis Goubin
Regular Paper


Side-channel attacks are a serious threat against secret data involved in cryptographic calculations, as, for instance, pairing-based cryptography which is a promising tool for the IoT. We focus our work on correlation power analysis (CPA) attack against a pairing implementation. We improve a vertical side-channel analysis attack and propose the first horizontal attack against a pairing implementation. First, we present a characterization of the multiplication that allows us to reduce by a factor of ten the number of side-channel traces required in order to perform a CPA attack against an implementation of Ate pairing. Secondly, we successfully attack the same implementation with only one trace by using the first horizontal attack path against pairing-based cryptography.


Side-channel attacks Pairing-based cryptography Collisions attack Countermeasure 



  1. 1.
    Azarderakhsh, R., Fishbein, D., Grewal, G., Hu, S., Jao, D., Longa, P., Verma, R.: Fast software implementations of bilinear pairings. IEEE Trans. Dependable Sec. Comput. 14(6), 605–619 (2017)CrossRefGoogle Scholar
  2. 2.
    Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. (2018).
  3. 3.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: SAC’05, pp. 319–331. Springer, Berlin (2005)Google Scholar
  4. 4.
    Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Cryptographers Track at the RSA Conference, pp. 1–17. Springer, Berlin (2013)Google Scholar
  5. 5.
    Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-speed software implementation of the optimal ate pairing over Barreto–Naehrig curves. In: ICPBC, pp. 21–39. Springer, Berlin (2010)Google Scholar
  6. 6.
    Blömer, J., Günther, P., Liske, G.: Improved side channel attacks on pairing based cryptography. In: COSADE, pp. 154–168. Springer, Berlin (2013)Google Scholar
  7. 7.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing, vol. 32. Springer, Berlin (2001)zbMATHGoogle Scholar
  8. 8.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: CHES, pp. 16–29. Springer, Berlin (2004)Google Scholar
  9. 9.
    Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: ROSETTA for single trace analysis. In: International Conference on Cryptology in India, pp. 140–155. Springer, Berlin (2012)Google Scholar
  10. 10.
    Coron, J.: Resistance against differential power analysis for elliptic curve cryptosystems. In: CHES, pp. 292–302. Springer, Berlin (1999)Google Scholar
  11. 11.
    Coron, J.-S., Kocher, P., Naccache, D.: Statistics and secret leakage. In: Financial Cryptography, pp. 157–173. Springer, Berlin (2000)Google Scholar
  12. 12.
    Desmedt, Y., Burmester, M.: Identity-based key infrastructures (iki). In: SEC, pp. 167–176. Springer, Boston (2004)Google Scholar
  13. 13.
    Dumas, J.-G., Lafourcade, P., Redon, P.: Architectures PKI et communications sécurisées. Dunod. (2015). EAN 9782100726158Google Scholar
  14. 14.
    Dutta, R., Barua, R., Sarkar, P.: Pairing-based cryptographic protocols: a survey. IACR Cryptol. 2004, 64 (2004)Google Scholar
  15. 15.
    Duursma, I., Lee, H.: Tate pairing implementation for hyperelliptic curves \(y^2 = x^p - x + d\). Adv. Cryptol. AsiaCrypt 2003(4), 111–123 (2003)zbMATHGoogle Scholar
  16. 16.
    El Mrabet, N., Di Natale, G., Flottes, M. Lise.: A practical differential power analysis attack against the Miller algorithm. In: PRIME, pp. 308–311 (2009)Google Scholar
  17. 17.
    Ghosh, S., Roychowdhury, D.: Security of Prime Field Pairing Cryptoprocessor Against Differential Power Attack, pp. 16–29. Springer, Berlin (2011)Google Scholar
  18. 18.
    Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: CHES, pp. 15–29. Springer, Berlin (2006)Google Scholar
  19. 19.
    Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theory 52, 4595–4602 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Jauvart, D.: Sécurisation des algorithmes de couplages contre les attaques physiques. PhD thesis, Université Paris-Saclay, (2017)Google Scholar
  21. 21.
    Jauvart, D., Fournier, J.J., El Mrabet, N., Goubin, L.: Improving side-channel attacks against pairing-based cryptography. In: CRiSIS, Springer, Cham (2016)Google Scholar
  22. 22.
    Jauvart, D., Fournier, J.J., Goubin, L.: First practical side-channel attack to defeat point randomization in secure implementations of pairing-based cryptography. In: SECRYPT, INSTICC, ICETE. ScitePress (2017)Google Scholar
  23. 23.
    Joux, A., Odlyzko, A.M., Pierrot, C.: The past, evolving present, and future of the discrete logarithm. In: Open Problems in Mathematics and Computational Science, pp. 5–36 (2014).
  24. 24.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Lecture Notes in Computer Science CRYPTO (1), vol. 9814, pp. 543–571. Springer, Berlin (2016)Google Scholar
  25. 25.
    Kim, T.H., Takagi, T., Han, D.-G., Kim, H.W., Lim, J.: Side channel attacks and countermeasures on pairing based cryptosystems over binary fields. In: Cryptology and Network Security, pp. 168–181. Springer, Berlin (2006)Google Scholar
  26. 26.
    Koc, C.K., Acar, T., Kaliski, B.S.: Analyzing and comparing Montgomery multiplication algorithms. IEEE micro 16(3), 26–33 (1996)CrossRefGoogle Scholar
  27. 27.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology—CRYPTO’99, pp. 1–10. Springer, Berlin (1999)Google Scholar
  28. 28.
    Kusaka, T., Joichi, S., Ikuta, K., Khandaker, M.A.-A., Nogami, Y., Uehara, S., Yamai, N., Duquesne, S.: Information security and cryptology—ICISC 2017. In: Kim, H., Kim, D.-C. (eds.) Solving 114-bit ECDLP for a Barreto–Naehrig Curve, pp. 231–244. Springer, Cham (2018)Google Scholar
  29. 29.
    Mayer-Sommer, R.: Smartly analyzing the simplicity and the power of simple power analysis on smartcards. In: CHES, pp. 78–92. Springer, Berlin (2000)Google Scholar
  30. 30.
    Medwed, M., Herbst, C.: Randomizing the Montgomery multiplication to repel template attacks on multiplicative masking. In: Lecture Notes in Computer Science COSADE, vol. 9 (2010)Google Scholar
  31. 31.
    Miller, V.S.: Short programs for functions on curves. In: IBM Thomas J. Watson Research Center (1986)Google Scholar
  32. 32.
    Page, D., Vercauteren, F.: A fault attack on pairing-based cryptography. IEEE Trans. Comput. 55(9), 1075–1080 (2006). CrossRefzbMATHGoogle Scholar
  33. 33.
    Pan, W., Marnane, W.: A correlation power analysis attack against Tate pairing on FPGA. In: Reconfigurable Computing: Architectures, Tools and Applications, pp. 340–349, Springer, Berlin (2011)Google Scholar
  34. 34.
    Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (ema): measures and counter-measures for smart cards. In: Smart Card Programming and Security, pp. 200–210. Springer, Berlin (2001)Google Scholar
  35. 35.
    Scott, M.: Computing the Tate pairing. In: CT-RSA, pp. 293–304. Springer, Berlin (2005)Google Scholar
  36. 36.
    Scott, M., Benger, N., Charlemagne, M., Perez, L.J.D., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: International Conference on Pairing-Based Cryptography, pp. 78–88. Springer, Berlin (2009)Google Scholar
  37. 37.
    Shamir, A., et al.: Identity-based cryptosystems and signature schemes. In: Crypto, vol. 84, pp. 47–53. Springer, Berlin (1984)Google Scholar
  38. 38.
    Unterluggauer, T., Wenger, E.: Practical attack on bilinear pairings to disclose the secrets of embedded devices. In: ARES, pp. 69–77 (2014)Google Scholar
  39. 39.
    Whelan, C., Scott, M.: Side channel analysis of practical pairing implementations: Which path is more secure? VIETCRYPT 2006, 99–114 (2006)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Aix SonicAix-en-ProvenceFrance
  2. 2.IMT, Mines Saint-Etienne, Centre CMP, Equipe Commune CEA Tech - Mines Saint-EtienneGardanneFrance
  3. 3.Université Grenoble Alpes, CEA Leti, DSYS/LSOSPGrenoble CédexFrance
  4. 4.Université de Versailles-St-Quentin-en-YvelinesVersailles CedexFrance

Personalised recommendations