A practical Differential Power Analysis attack against the Miller algorithm

Mrabet, Nadia El; Natale, Giorgio Di; Flottes, Marie Lise

doi:10.1109/rme.2009.5201339

Cited by 17 publications

(25 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors suggest randomization and blinding as defense against such attacks, both of which are already used in other algorithms such as RSA. In 2009, a DPA against pairing computations was simulated [64]. It was shown how the secret input point to the Miller Algorithm can be revealed by analyzing a modular multiplication and an addition.…”

Section: Power Analysismentioning

confidence: 99%

Why Cryptography Should Not Rely on Physical Attack Complexity

Krämer

2015

T-Labs Series in Telecommunication Services

View full text Add to dashboard Cite

Ich versichere an Eides statt, dass ich diese Dissertation selbständig verfasst und nur die angegebenen Quellen und Hilfsmittel verwendet habe. Datum Für meine Eltern AbstractEver since the first side channel attacks and fault attacks on cryptographic devices were introduced in the mid-nineties, new possibilities of physical attacks have been consistently explored. The risk that these attacks pose is reduced by reacting to known attacks and by developing and implementing countermeasures against them. For physical attacks whose theory is known but which have not been conducted yet, however, the situation is different. Attacks whose physical realization is assumed to be very complex are taken less seriously. The trust that these attacks will not be realized due to their physical complexity means that no countermeasures are developed at all. This leads to unprotected devices once the assessment of the complexity turns out to be wrong.This thesis presents two practical physical attacks whose theory is known for several years. Since neither attack has previously been successfully implemented in practice, however, they were not considered a serious threat. Their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, we introduce the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its first realization, it has not been taken seriously. We show both simple and differential photonic side channel analyses. Then, we present a fault attack against pairing-based cryptography. Due to the need for at least two independent precise faults in a single pairing computation, it has also not been taken seriously. We show how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these physical attacks. We present countermeasures on the software and the hardware level, which help to prevent these attacks in the future.Based on these two presented attacks, this thesis shows that the assessment of physical attack complexity is error-prone. Hence, cryptography should not rely on it. Cryptographic technologies have to be protected against all physical attacks, have they already been realized or not. The development of countermeasures does not require the successful execution of an attack but can already be carried out as soon as the principle of a side channel or a fault attack is understood.

show abstract

Section: Power Analysismentioning

confidence: 99%

Why Cryptography Should Not Rely on Physical Attack Complexity

Krämer

2015

T-Labs Series in Telecommunication Services

View full text Add to dashboard Cite

show abstract

“…But, contrary to [MFN09] our attack requires either a DPA of the multiplication or a DPA of the addition. For pairings that are defined on elliptic curves over finite fields, usually an extension field of the base fields is required.…”

Section: Introductionmentioning

confidence: 95%

“…Furthermore, the authors of [WS06] conjectured that it may be more difficult to attack some implementations of the Tate pairing if the first argument of the pairing is the secret. In [MFN09] this problem has been addressed for the case where the first argument is represented in Jacobian coordinates. Here, a DPA of a modular multiplication and a DPA of a modular addition was required to succeed.…”

Section: Introductionmentioning

confidence: 99%

Improved Side Channel Attacks on Pairing Based Cryptography

Blömer

Gunther

Liske

2013

Constructive Side-Channel Analysis and Secure Design

View full text Add to dashboard Cite

Techniques from pairing based cryptography (PBC) are used in an increasing number of cryptographic schemes. With progress regarding efficient implementations, pairings also become interesting for applications on smart cards. With these applications the question of the vulnerability to side channel attacks (SCAs) arises. Several known invasive and noninvasive attacks against pairing algorithms only work if the second but not if the first argument of the pairing is the secret. In this paper we extend some of these attacks also to the case where the first argument is the secret. Hence we may conclude that positioning the secret as the first argument of the pairing does not improve the security against SCAs, as it sometimes has been suggested.

show abstract

“…Nevertheless, considering side channel attacks, we cannot predict if an algorithm is more or less secure than another given the representation of the groups. Weaknesses to side channel attacks of pairing based cryptography over elliptic curve have been highlighted [20,22,23,7,8]. Then, wondering if a pairing implemented in Theta function would be vulnerable to side channel attacks is an important issue for pairing based cryptography and this is the main objective of this contribution.…”

Section: Introductionmentioning

confidence: 99%

Side Channel Attacks against Pairing over Theta Functions

Mrabet¹

2013

Algebraic Informatics

View full text Add to dashboard Cite

Abstract. In [17], Lubicz and Robert generalized the Tate pairing over any abelian variety and more precisely over Theta functions. The security of the new algorithms is an important issue for the use of practical cryptography. Side channel attacks are powerful attacks, using the leakage of information to reveal sensitive data. The pairings over elliptic curves were sensitive to side channel attacks. In this article, we study the weaknesses of the Tate pairing over Theta functions when submitted to side channel attacks.

show abstract

A practical Differential Power Analysis attack against the Miller algorithm

Cited by 17 publications

References 7 publications

Why Cryptography Should Not Rely on Physical Attack Complexity

Why Cryptography Should Not Rely on Physical Attack Complexity

Improved Side Channel Attacks on Pairing Based Cryptography

Side Channel Attacks against Pairing over Theta Functions

Contact Info

Product

Resources

About