This Article 
 Bibliographic References 
 Add to: 
A Fault Attack on Pairing-Based Cryptography
September 2006 (vol. 55 no. 9)
pp. 1075-1080
Current fault attacks against public key cryptography focus on traditional schemes, such as RSA and ECC, and, to a lesser extent, on primitives such as XTR. However, bilinear maps, or pairings, have presented theorists with a new and increasingly popular way of constructing cryptographic protocols. Most notably, this has resulted in efficient methods for Identity Based Encryption (IBE). Since identity-based cryptography seems an ideal partner for identity aware devices such as smart-cards, in this paper, we examine the security of concrete pairing instantiations in terms of fault attack.

[1] R.J. Anderson and M.G. Kuhn, “Low Cost Attacks on Tamper Resistant Devices,” Proc. Int'l Security Protocols Workshop (IWSP), pp. 125-136, 1997.
[2] H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan, “The Sorcerer's Apprentice Guide to Fault Attacks,” Cryptology ePrint Archive, Report 2004/10, 2004.
[3] P.S.L.M. Barreto, S. Galbraith, C. O'hEigeartaigh, and M. Scott, “Efficient Pairing Computation on Supersingular Abelian Varieties,” Cryptology ePrint Archive, Report 2004/375, 2004.
[4] P.S.L.M. Barreto, H. Kim, B. Lynn, and M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,” Advances in Cryptology, Proc. CRYPTO, pp. 354-368, 2002.
[5] D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
[6] M. Ciet and M. Joye, “Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults,” Designs, Codes, and Cryptography, 2004.
[7] I. Duursma and H. Lee, “Tate Pairing Implementation for Hyperelliptic Curves $y^2 = x^p - x + d$ ,” Advances in Cryptology, Proc. ASIACRYPT, pp. 111-123, 2003.
[8] S. Kwon, “Efficient Tate Pairing Computation for Supersingular Elliptic Curves over Binary Fields,” Cryptology ePrint Archive, Report 2004/303, 2004.
[9] R. Dutta, R. Barua, and P. Sarkar, “Pairing-Based Cryptographic Protocols: A Survey,” Cryptology ePrint Archive, Report 2004/064, 2004.
[10] S. Galbraith, K. Harrison, and D. Soldera, “Implementing the Tate Pairing,” Proc. Algorithmic Number Theory Symposium (ANTS-V), pp. 324-337, 2002.
[11] R. Granger, D. Page, and M. Stam, “On Small Characteristic Algebraic Tori in Pairing-Based Cryptography,” Cryptology ePrint Archive, Report 2004/132, 2004.
[12] P.C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” Advances in Cryptology, Proc. CRYPTO, pp. 104-113, 1996.
[13] P.C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Advances in Cryptology, Proc. CRYPTO, pp. 388-397, 1999.
[14] O. Kömmerling and M.G. Kuhn, “Design Principles for Tamper-Resistant Smartcard Processors,” Proc. USENIX Workshop Smart Card Technology, pp. 9-20, 1999.
[15] A. Miyaji, M. Nakabayashi, and S. Takano, “New Explicit Conditions on Elliptic Curve Traces for FR-Reduction,” IEICE Trans. Fundamentals, vol. E-84 A(5), pp. 1234-1243, 2001.
[16] J. Silverman, The Arithmetic of Elliptic Curves. Springer-Verlag, 1986.
[17] S.P. Skorobogatov and R.J. Anderson, “Optical Fault Induction Attacks,” Proc. Cryptographic Hardware and Embedded Systems (CHES), pp. 2-12, 2002.

Index Terms:
Cryptography, fault attack, Tate pairing, identity based encryption.
Daniel Page, Frederik Vercauteren, "A Fault Attack on Pairing-Based Cryptography," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1075-1080, Sept. 2006, doi:10.1109/TC.2006.134
Usage of this product signifies your acceptance of the Terms of Use.