Advertisement

Resistance of the Point Randomisation Countermeasure for Pairings Against Side-Channel Attack

  • Damien JauvartEmail author
  • Nadia El Mrabet
  • Jacques J. A. Fournier
  • Louis Goubin
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 990)

Abstract

Pairing-based cryptography (PBC) has been significantly studied over the last decade, both in the areas of computational performance and in establishing security and privacy protocols. PBC implementations on embedded devices are exposed to physical attacks such as side channel attacks. Such attacks which are able to recover the secret input used in some PBC-based schemes are our main focus in this paper. Various countermeasures have consequently been proposed in the literature. The present paper provides an updated review of the state of the art countermeasures against side channel attacks against PBC implementations. We especially focus on a technique based on point blinding using randomization. Furthermore, we propose a collision based side-channel attack against an implementation embedding the point randomization countermeasure. This raises questions about the validation of countermeasures for complex cryptographic schemes such as PBC. We also discuss about ways of defeat our attack. This article is in part an extension of the paper [20] published at Secrypt 2017.

Keywords

Pairing-based cryptography Miller’s algorithm Side-channel attack Collision side-channel attack Countermeasures 

Notes

Acknowledgements

This work was supported in part by the EUREKA Catrene programme under contract CAT208 MobiTrust and by a French DGA-MRIS scholarship.

References

  1. 1.
    Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster explicit formulas for computing pairings over ordinary curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_5CrossRefGoogle Scholar
  2. 2.
    Bajard, J.C., El Mrabet, N.: Pairing in cryptography: an arithmetic point of view. In: Proceedings of SPIE: ASPAAI (2007)Google Scholar
  3. 3.
    Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Improving NFS for the discrete logarithm problem in non-prime finite fields. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 129–155. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_6CrossRefzbMATHGoogle Scholar
  4. 4.
    Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part II. LNCS, vol. 9453, pp. 31–55. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_2CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006).  https://doi.org/10.1007/11693383_22CrossRefGoogle Scholar
  6. 6.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_23CrossRefGoogle Scholar
  7. 7.
    Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal collision correlation attack on elliptic curves. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 553–570. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43414-7_28CrossRefGoogle Scholar
  8. 8.
    Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-speed software implementation of the optimal ate pairing over barreto–naehrig curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 21–39. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17455-1_2CrossRefzbMATHGoogle Scholar
  9. 9.
    Blömer, J., Günther, P., Liske, G.: Improved side channel attacks on pairing based cryptography. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 154–168. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40026-1_10CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48059-5_25CrossRefGoogle Scholar
  12. 12.
    Duursma, I., Lee, H.-S.: Tate Pairing Implementation for Hyperelliptic Curves y2 = xpx + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-40061-5_7CrossRefGoogle Scholar
  13. 13.
    Eisenträger, K., Lauter, K., Montgomery, P.L.: Improved weil and tate pairings for elliptic and hyperelliptic curves. In: Buell, D. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 169–183. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24847-7_12CrossRefGoogle Scholar
  14. 14.
    El Mrabet, N., Di Natale, G., Flottes, M.L.: A practical differential power analysis attack against the miller algorithm. In: PRIME, pp. 308–311, July 2009Google Scholar
  15. 15.
    Fouque, P.-A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45238-6_22CrossRefGoogle Scholar
  16. 16.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45455-1_26CrossRefGoogle Scholar
  17. 17.
    Ghosh, S., Roychowdhury, D.: Security of prime field pairing cryptoprocessor against differential power attack. In: Joye, M., Mukhopadhyay, D., Tunstall, M. (eds.) InfoSecHiComNet 2011. LNCS, vol. 7011, pp. 16–29. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24586-2_4CrossRefGoogle Scholar
  18. 18.
    Hutter, M., Medwed, M., Hein, D., Wolkerstorfer, J.: Attacking ECDSA-enabled RFID devices. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 519–534. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01957-9_32CrossRefGoogle Scholar
  19. 19.
    Jauvart, D.: Sécurisation des algorithmes de couplages contre les attaques physiques. Ph.D thesis, Université Paris-Saclay (2017)Google Scholar
  20. 20.
    Jauvart, D., Fournier, J.J.A., Goubin, L.: First practical side-channel attack to defeat point randomization in secure implementations of pairing-based cryptography. In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT (ICETE 2017), pp. 104–115. INSTICC, SciTePress (2017)Google Scholar
  21. 21.
    Jauvart, D., Fournier, J.J.A., El-Mrabet, N., Goubin, L.: Improving side-channel attacks against pairing-based cryptography. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 199–213. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-54876-0_16CrossRefGoogle Scholar
  22. 22.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17, 263–276 (2004)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Joux, A., Odlyzko, A., Pierrot, C.: The past, evolving present, and future of the discrete logarithm. In: Koç, Ç.K. (ed.) Open Problems in Mathematics and Computational Science, pp. 5–36. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-10683-0_2CrossRefzbMATHGoogle Scholar
  24. 24.
    Joye, M., Neven, G. (eds).: Identity-Based Cryptography. IOS Press (2008)Google Scholar
  25. 25.
    Kim, T.H., Takagi, T., Han, D.-G., Kim, H.W., Lim, J.: Side channel attacks and countermeasures on pairing based cryptosystems over binary fields. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 168–181. Springer, Heidelberg (2006).  https://doi.org/10.1007/11935070_11CrossRefGoogle Scholar
  26. 26.
    Kim, T., Barbulescu, R.: Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case. Cryptology ePrint Archive (2015)Google Scholar
  27. 27.
    Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005).  https://doi.org/10.1007/11586821_2CrossRefzbMATHGoogle Scholar
  28. 28.
    Koc, C.K., Acar, T., Kaliski, B.S.: Analyzing and comparing montgomery multiplication algorithms. IEEE Micro 16(3), 26–33 (1996)CrossRefGoogle Scholar
  29. 29.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  30. 30.
    Kusaka, T., et al.: Solving 114-Bit ECDLP for a barreto-naehrig Curve. In: Kim, H., Kim, D.-C. (eds.) ICISC 2017. LNCS, vol. 10779, pp. 231–244. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78556-1_13CrossRefGoogle Scholar
  31. 31.
    Menezes, A., Sarkar, P., Singh, S.: Challenges with Assessing the Impact of NFS Advances on the Security of Pairing-based Cryptography. Cryptology ePrint Archive (2016)Google Scholar
  32. 32.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986).  https://doi.org/10.1007/3-540-39799-X_31CrossRefGoogle Scholar
  33. 33.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–519 (1985)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_9CrossRefGoogle Scholar
  35. 35.
    Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14712-8_7CrossRefGoogle Scholar
  36. 36.
    Page, D., Vercauteren, F.: Fault and Side-Channel Attacks on Pairing Based Cryptography. IEEE Trans. Comput. (2004)Google Scholar
  37. 37.
    Pan, W., Marnane, W.P.: A correlation power analysis attack against tate pairing on FPGA. In: Koch, A., Krishnamurthy, R., McAllister, J., Woods, R., El-Ghazawi, T. (eds.) ARC 2011. LNCS, vol. 6578, pp. 340–349. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19475-7_36CrossRefGoogle Scholar
  38. 38.
    Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-39887-5_16CrossRefGoogle Scholar
  39. 39.
    Scott, M.: Computing the Tate pairing. CT-RSA, pp. 293–304 (2005)Google Scholar
  40. 40.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009).  https://doi.org/10.1007/978-0-387-09494-6CrossRefzbMATHGoogle Scholar
  41. 41.
    Unterluggauer, T., Wenger, E.: Practical attack on bilinear pairings to disclose the secrets of embedded devices. In: ARES, pp. 69–77 (2014)Google Scholar
  42. 42.
    Varchola, M., Drutarovsky, M., Repka, M., Zajac, P.: Side channel attack on multiprecision multiplier used in protected ECDSA implementation. In: ReConFig, pp. 1–6, December 2015Google Scholar
  43. 43.
    Whelan, C., Scott, M.: Side channel analysis of practical pairing implementations: which path is more secure? In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 99–114. Springer, Heidelberg (2006).  https://doi.org/10.1007/11958239_7CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Damien Jauvart
    • 1
    Email author
  • Nadia El Mrabet
    • 2
  • Jacques J. A. Fournier
    • 3
  • Louis Goubin
    • 4
  1. 1.Aix-Marseille UniversitéMarseilleFrance
  2. 2.Mines Saint-ÉtienneGardanne CedexFrance
  3. 3.CEA LETIGrenoble Cedex 9France
  4. 4.Laboratoire de Mathématiques de Versailles, UVSQ, CNRS, Université Paris-SaclayVersaillesFrance

Personalised recommendations