Fault Attack against Miller's algorithm
نویسنده
چکیده
We complete the study of [23] and [27] about Miller’s algorithm. Miller’s algorithm is a central step to compute the Weil, Tate and Ate pairings. The aim of this article is to analyze the weakness of Miller’s algorithm when it undergoes a fault attack. We prove that Miller’s algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution of a nonlinear system. We highlight the fact that putting the secret as the first argument of the pairing is not a countermeasure. This article is an extensed version of the article [15].
منابع مشابه
Fault Attacks against the Miller's Algorithm in Edwards Coordinates
Initially, the use of pairings did not involve any secret entry. However in an Identity Based Cryptographic protocol, one of the two entries of the pairing is secret, so fault attack can be applied to Pairing Based Cryptography to nd it. In [18], the author shows that Pairing Based Cryptography in Weierstrass coordinates is vulnerable to a fault attack. The addition law in Edwards coordinates i...
متن کاملWhat about Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based Protocol?
We complete the study of [16] and [20] about the Miller’s algorithm. The Miller’s algorithm is a central step to compute the Weil, Tate and Ate pairings. The aim of this article is to analyse the weakness of the Miller’s algorithm when it undergoes a fault attack. We prove that the Miller’s algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolutio...
متن کاملFault Attacks on the Montgomery Powering Ladder
Security-aware embedded devices which are likely to operate in hostile environments need protection against physical attacks. For the RSA public-key algorithm, protected versions of the Montgomery powering ladder have gained popularity as countermeasures for such attacks. In this paper, we present a general fault attack against RSA implementations which use the Montgomery powering ladder. In a ...
متن کاملRelaxed Differential Fault Analysis of SHA-3
In this paper, we propose a new method of differential fault analysis of SHA-3 which is based on the differential relations of the algorithm. Employing those differential relations in the fault analysis of SHA-3 gives new features to the proposed attacks, e.g., the high probability of fault detection and the possibility of re-checking initial faults and the possibility to recover internal state...
متن کاملFailure of the Point Blinding Countermeasure Against Fault Attack in Pairing-Based Cryptography
Pairings are mathematical tools that have been proven to be very useful in the construction of many cryptographic protocols. Some of these protocols are suitable for implementation on power constrained devices such as smart cards or smartphone which are subject to side channel attacks. In this paper, we analyse the efficiency of the point blinding countermeasure in pairing based cryptography ag...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2011 شماره
صفحات -
تاریخ انتشار 2011