Improved Fault Attack Against Eta Pairing

In recent years, an increasing number of cryptographic protocols based on bilinear pairings have been developed. With the enhancement of implementation e‐ciency, the algorithms of pairings are usually embedded in identity aware devices such as smartcards. Although many fault attacks and countermeasures for public key and elliptic curve cryptographic systems are known, the security of pairing based cryptography against the fault attacks has not been studied extensively. In this paper, we present an improved fault attack against the Eta pairing and generalize the attack to general loop iteration. We show that whatever the position of the secret point is, it can be recovered through solving the non-linear system obtained after the fault attack.

[1]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[2]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[3]  Michael Scott,et al.  Implementing Cryptographic Pairings on Smartcards , 2006, CHES.

[4]  Jean-Jacques Quisquater,et al.  Faults, Injection Methods, and Fault Attacks , 2007, IEEE Design & Test of Computers.

[5]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[6]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[7]  Frederik Vercauteren,et al.  Fault Attacks on Pairing-Based Cryptography , 2012, Fault Analysis in Cryptography.

[8]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[9]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[10]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[11]  Frederik Vercauteren,et al.  A Fault Attack on Pairing-Based Cryptography , 2006, IEEE Transactions on Computers.

[12]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[13]  Michael Scott,et al.  The Importance of the Final Exponentiation in Pairings When Considering Fault Attacks , 2007, Pairing.

[14]  Nigel P. Smart,et al.  High Security Pairing-Based Cryptography Revisited , 2006, ANTS.

[15]  Debdeep Mukhopadhyay,et al.  Fault Attack, Countermeasures on Pairing Based Cryptography , 2011, Int. J. Netw. Secur..

[16]  Gennadij Liske,et al.  Fault attacks in pairing-based cryptography , 2011 .

[17]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004, 2004 International Conferce on Test.

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Nadia El Mrabet What about Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based Protocol? , 2009, ISA.

[20]  Debdeep Mukhopadhyay,et al.  Fault Attack and Countermeasures on Pairing Based Cryptography , 2009 .

[21]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[22]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.