2006
DOI: 10.1007/11958239_7
|View full text |Cite
|
Sign up to set email alerts
|

Side Channel Analysis of Practical Pairing Implementations: Which Path Is More Secure?

Abstract: We present an investigation into the security of three practical pairing algorithms; the Tate, Eta and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, yet no in depth side channel analysis has yet appeared in the literature. Since the secret parameter input to the pairing can potentially be entered in either of the two possible positions, there exist two avenues of attack, i.e. e(P, Q) or e(Q, P… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
61
0

Year Published

2013
2013
2023
2023

Publication Types

Select...
6

Relationship

0
6

Authors

Journals

citations
Cited by 24 publications
(61 citation statements)
references
References 15 publications
0
61
0
Order By: Relevance
“…Regarding non-invasive attacks, i.e., attacks that exploit timings, power consumption, or electro-magnetic radiance, in [KTH + 06] the authors have investigated attacks for implementations of the eta pairing on supersingular curves in characteristic 2. In [WS06], differential power analysis (DPA) based attacks on the Tate pairing were analyzed. The authors showed how to attack implementations of the Tate pairing if the second argument represents the secret.…”
Section: Introductionmentioning
confidence: 99%
“…Regarding non-invasive attacks, i.e., attacks that exploit timings, power consumption, or electro-magnetic radiance, in [KTH + 06] the authors have investigated attacks for implementations of the eta pairing on supersingular curves in characteristic 2. In [WS06], differential power analysis (DPA) based attacks on the Tate pairing were analyzed. The authors showed how to attack implementations of the Tate pairing if the second argument represents the secret.…”
Section: Introductionmentioning
confidence: 99%
“…Whelan et al [25] explained that a multiplication of secret data by public data, and squaring and square-root computations of secret data became subjects of SCAs if we use the pairing over finite fields of characteristic two. Moreover, they discuss that one input point Q of pairing e(P, Q) is fixed (never changed) during computation of the BKLS algorithm.…”
Section: Previous Countermeasures Against Scasmentioning
confidence: 99%
“…Countermeasures for pairing devices have recently been investigated [21,19,25,13,26]. Let e(P, Q) be a pairing for two points P = (x p , y p ), Q = (x q , y q ) on the underlying elliptic curve.…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations