How can we succeed the fault attack on PACE protocol

Fault analysis attacks are a class of side channel attacks which exploit faults that can occur in the implementation of a cryptosystem to discover the secret keys partially or fully. In this paper we propose a fault analysis attack on The Password Authenticated Connection Establishment Protocol (PACE) to recover the session key, also we discuss the possibility of mounting Tunstall-Mukhopadhyay attack to expose the long term key (Password), and we prove that despite its theoretical security in BPR model, DY model or eCK model, PACE can be insecure in this new setting.

[1]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[2]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[3]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[4]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[5]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[6]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[7]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[8]  Thomas Icart,et al.  How to Hash into Elliptic Curves , 2009, IACR Cryptol. ePrint Arch..

[9]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[10]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[11]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[12]  Stefan Dziembowski,et al.  On Forward-Secure Storage , 2006, CRYPTO.

[13]  Jean-Sébastien Coron,et al.  Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping , 2011, Cryptography and Security.

[14]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[15]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ecc) Brainpool Standard Curves and Curve Generation , 2010 .