Inverting the Final Exponentiation of Tate Pairings on Ordinary Elliptic Curves Using Faults
نویسندگان
چکیده
The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The rst step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically di cult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special `easy' cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the nal exponentiation becomes feasible using 3 independent faults.
منابع مشابه
Inverting the nal exponentiation of Tate pairings on ordinary elliptic curves using faults
The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The rst step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically di cult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. Th...
متن کاملOn the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves
When performing a Tate pairing (or a derivative thereof) on an ordinary pairing-friendly elliptic curve, the computation can be looked at as having two stages, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of “truncated loop” pairings like the R-ate pairing [18...
متن کاملEfficient elliptic curve cryptosystems
Elliptic curve cryptosystems (ECC) are new generations of public key cryptosystems that have a smaller key size for the same level of security. The exponentiation on elliptic curve is the most important operation in ECC, so when the ECC is put into practice, the major problem is how to enhance the speed of the exponentiation. It is thus of great interest to develop algorithms for exponentiation...
متن کاملFixed argument pairing inversion on elliptic curves
Let E be an elliptic curve over a finite field Fq with a power of prime q, r a prime dividing #E(Fq), and k the smallest positive integer satisfying r|Φk(p), called embedding degree. Then a bilinear map t : E(Fq)[r]×E(Fqk )/rE(Fqk )→ Fqk is defined, called the Tate pairing. And the Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power....
متن کاملComparing Implementation Efficiency of Ordinary and Squared Pairings
In this paper, we will implement a standard probabilistic method of computing bilinear pairings. We will compare its performance to a deterministic algorithm introduced in [5] to compute the squared Tate/Weil pairings which are claimed to be 20 percent faster than the standard method. All pairings will be evaluated over pairing-friendly ordinary elliptic curves of embedding degrees 8 and 10 and...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013