Nadia El Mrabet

What about Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based Protocol?

We complete the study of [16] and [20] about the Millers algorithm. The Millers algorithm is a central step to compute the Weil, Tate and Ate pairings. The aim of this article is to analyse the weakness of the Millers algorithm when it undergoes a fault attack. We prove that the Millers algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution of a nonlinear system. We show that the final exponentiation is no longer a counter measure to this attack for the Tate and Ate pairings.

A variant of Miller's formula and algorithm

Millers algorithm is at the heart of all pairing-based cryptosystems since it is used in the computation of pairing such as that of Weil or Tate and their variants. Most of the optimizations of this algorithm involve elliptic curves of particular forms, or curves with even embedding degree, or having an equation of a special form. Other improvements involve a reduction of the number of iterations. In this article, we propose a variant of Millers formula which gives rise to a generically faster algorithm for any pairing friendly curve. Concretely, it provides an improvement in cases little studied until now, in particular when denominator elimination is not available. It allows for instance the use of elliptic curve with embedding degree not of the form 2i3j, and is suitable for the computation of optimal pairings. We also present a version with denominator elimination for even embedding degree. In our implementations, our variant saves between 10% and 40% in running time in comparison with the usual version of Millers algorithm without any optimization.

A survey of fault attacks in pairing based cryptography

The latest implementations of pairings allow efficient schemes for Pairing Based Cryptography. These make the use of pairings suitable for small and constrained devices (smart phones, smart cards…) in addition to more powerful platforms. As for any cryptographic algorithm which may be deployed in insecure locations, these implementations must be secure against physical attacks, and in particular fault attacks. In this paper, we present the state-of-the-art of fault attacks against pairing algorithms, more precisely fault attacks against the Miller algorithm and the final exponentiation which are the two parts of a pairing calculation.

Guide to Pairing-Based Cryptography

This book is devoted to efficient pairing computations and implementations, useful tools for cryptographers working on topics like identity-based cryptography and the simplification of existing protocols like signature schemes. As well as exploring the basic mathematical background of finite fields and elliptic curves, Guide to Pairing-Based Cryptography offers an overview of the most recent developments in optimizations for pairing implementation. Each chapter includes a presentation of the problem it discusses, the mathematical formulation, a discussion of implementation issues, solutions accompanied by code or pseudocode, several numerical results, and references to further reading and notes. Intended as a self-contained handbook, this book is an invaluable resource for computer scientists, applied mathematicians and security professionals interested in cryptography.

Efficient multiplication in finite field extensions of degree 5

Small degree extensions of finite fields are commonly used for cryptographic purposes. For extension fields of degree 2 and 3, the Karatsuba and Toom Cook formulae perform a multiplication in the extension field using 3 and 5 multiplications in the base field, respectively. For degree 5 extensions, Montgomery has given a method to multiply two elements in the extension field with 13 base field multiplications. We propose a faster algorithm, which requires only 9 base field multiplications. Our method, based on Newtons interpolation, uses a larger number of additions than Montgomerys one but our implementation of the two methods shows that for cryptographic sizes, our algorithm is much faster.

Practical Validation of Several Fault Attacks against the Miller Algorithm

Pairing based cryptography (PBC) is touted as an efficient approach to address usability and privacy issues in the cyberspace. Like most cryptographic algorithms, PBC must be robust not only against theoretical cryptanalysis but also against practical physical attacks such as fault injections. The computation of the Tate pairing can be divided into two parts, the Miller Algorithm and the Final Exponentiation. In this paper, we describe practical implementations of fault attacks against the Miller Algorithm validating common fault models used against pairings. In the light of the implemented fault attacks, we show that some blinding techniques proposed to protect the algorithm against Side-Channels Analyses cannot be used as countermeasures against the implemented fault attacks.

Finite Field Multiplication Combining AMNS and DFT Approach for Pairing Cryptography

Pairings over elliptic curves use fields

On Near Prime-Order Elliptic Curves with Small Embedding Degrees

\mathbb{F}_{p^k}

Efficient computation of pairings on Jacobi quartic elliptic curves

with p *** 2160 and 6 < k ≤ 32. In this paper we propose to represent elements in

Side Channel Attacks against Pairing over Theta Functions

\mathbb{F}_p