Abstract
We investigate the possibilities for injecting faults on pairings and assess their consequences. We assess the effect of faults that seek to corrupt the data being operated on and show that pairings with either no or a straightforward final exponentiation are less secure than pairings with a more complex final exponentiation when considering such fault attacks. As evidence, we describe two types of fault attacks on the Weil and η pairing that recover the secret point, which cannot be applied to the Tate pairing. This can be accredited to its more complex final exponentiation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerers Apprentice Guide to Fault Attacks. Proceedings of the IEEE, Special Issue on Cryptography and Security 96(2), 370–382 (2006)
Barreto, P., Galbraith, S., O’hEigeartaigh, C., Scott, M.: Efficient Pairing Computation on Supersingular Abelian Varieties. Cryptology ePrint Archive: Report, 2004/375. URL: http://eprint.iacr.org/2004/375
Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient Algorithms for Pairing Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Blomer, J., Otto, M., Seifert, J.-P.: Sign Change Fault Attacks on Elliptic Curve Cryptosystems. In: Workshop on Fault Detection and Tolerance in Cryptography - FDTC 2005. LNCS, Springer, Heidelberg (2005)
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Cardano, G.: Cardano’s Formula for Solving a Cubic Equation. Wikipedia, URL: http://en.wikipedia.org/wiki/CubicEquation
Duursma, I.M., Lee, H.S.: Tate Pairing Implementation for Hyperelliptic Curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)
Galbraith, S., OhEigeartaigh, C., Sheedy, C.: Simplified Pairing Computation and Security Implication. Cryptology ePrint Archive: Report (2006), URL: http://eprint.iacr.org/2006/
Hess, F., Smart, N., Vercauteren, F.: The Eta Pairing Revisited. Cryptology ePrint Archive: Report, 2006/110. URL: http://eprint.iacr.org/2006/110
Johnston, A.: On the Difficulty of Prime Root Computation in Certain Finite Cyclic Groups. PhD thesis, Royal Holloway University of London (2006), URL: http://www.ma.rhul.ac.uk/techreports/
Joye, M., Quisquater, J.J.: Efficient Computation of Full Lucas Sequences. Electronic Letters 32(6), 537–538 (1996)
Joye, M., Yen, S.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2002)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Kwon, S.: Efficient Tate Pairing Computation for Supersingular Elliptic Curves over Binary Fields. Cryptology ePrint Archive: Report 2004/303. URL: http://eprint.iacr.org/2004/303
Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press (1996)
Miller, V.: The Weil Pairing, and its Efficient Calculation. Journal of Cryptology 17, 235–261 (2004)
Montgomery, P.L.: Speeding the Pollard and Elliptic Curve Methods of Factorization. Mathematics of Computation 48(177), 243–264 (1987)
Page, D., Vercauteren, F.: Fault and Side-Channel Attacks on Pairing Based Cryptography. In: Fault Detection and Tolerance in Cryptography - FDTC 2005 (2005)
Satoh, T.: On Polynomial Interpolations of Homomorphisms from Finite Fields to Elliptic Curves. In: LMS JCM
Scott, M.: Multiprecision Integer and Rational Arithmetic C/C++ Library - MIRACL. URL: http://www.shamus.ie
Scott, M.: Computing the Tate Pairing. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)
Scott, M., Costigan, N., Abdulwahab, W.: Implementing Cryptographic Pairings on Smart Cards. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 134–147. Springer, Heidelberg (2006)
Verheul, E.: Evidence that XTR is more Secure than Supersingular Elliptic Curve Cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Whelan, C., Scott, M. (2007). The Importance of the Final Exponentiation in Pairings When Considering Fault Attacks. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds) Pairing-Based Cryptography – Pairing 2007. Pairing 2007. Lecture Notes in Computer Science, vol 4575. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73489-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-73489-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73488-8
Online ISBN: 978-3-540-73489-5
eBook Packages: Computer ScienceComputer Science (R0)