Improving Side-Channel Attacks Against Pairing-Based Cryptography
نویسندگان
چکیده
Although the vulnerability of pairing-based algorithms to side-channel attacks has been demonstrated—pairing implementations were targeted on three different devices in a recent paper [41]—it nevertheless remains difficult to choose an adapted leakage model and detect points of interest. Our proposed approach evaluates the parameters of the attack and validates the data processing workflow. We describe weaknesses in the implementation of cryptographic pairings, and we show how information leakage can be fully exploited. Different leakage models, point-of-interest detection methods, and parameter dependencies are compared. In addition, practical results were obtained with a software implementation of twisted Ate pairing on Barreto–Naehrig curves with an ARM Cortex-M3 processor running at 50 MHz. We discuss countermeasures aimed at reducing side-channel leakage and review the available literature.
منابع مشابه
Failure of the Point Blinding Countermeasure Against Fault Attack in Pairing-Based Cryptography
Pairings are mathematical tools that have been proven to be very useful in the construction of many cryptographic protocols. Some of these protocols are suitable for implementation on power constrained devices such as smart cards or smartphone which are subject to side channel attacks. In this paper, we analyse the efficiency of the point blinding countermeasure in pairing based cryptography ag...
متن کاملFault Attacks against the Miller's Algorithm in Edwards Coordinates
Initially, the use of pairings did not involve any secret entry. However in an Identity Based Cryptographic protocol, one of the two entries of the pairing is secret, so fault attack can be applied to Pairing Based Cryptography to nd it. In [18], the author shows that Pairing Based Cryptography in Weierstrass coordinates is vulnerable to a fault attack. The addition law in Edwards coordinates i...
متن کاملImproved Side Channel Attacks on Pairing Based Cryptography
Several known invasive and non-invasive attacks against pairing algorithms only work if the second but not if the rst argument of the pairing is the secret. In this paper we extend some of these attacks to the case where the rst argument is the secret. Hence we conclude that positioning the secret as the rst argument of the pairing does not necessarily improve the security against side channel ...
متن کاملDi erential Power Analysis against the Miller Algorithm
Pairings permit several protocol simplications and original scheme creation, for example Identity Based Cryptography protocols. Initially, the use of pairings did not involve any secret entry, consequently, side channel attacks were not a threat for pairing based cryptography. On the contrary, in an Identity Based Cryptographic protocol, one of the two entries to the pairing is secret. Side Cha...
متن کاملSide Channel Attacks and Countermeasures on Pairing Based Cryptosystems over Binary Fields
Pairings on elliptic curves have been used as cryptographic primitives for the development of new applications such as identity based schemes. For the practical applications, it is crucial to provide efficient and secure implementations of the pairings. There have been several works on efficient implementations of the pairings. However, the research for secure implementations of the pairings ha...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016