Paper 2015/152
Inverting the Final exponentiation of Tate pairings on ordinary elliptic curves using faults
Ronan Lashermes, Jacques Fournier, and Louis Goubin
Abstract
The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The first step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically difficult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special `easy' cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using $3$ independent faults.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in CHES 2013
- Keywords
- Tate pairingAte pairingfinal exponentiationfault attacks
- Contact author(s)
- ronan lashermes @ wanadoo fr
- History
- 2015-02-27: revised
- 2015-02-27: received
- See all versions
- Short URL
- https://ia.cr/2015/152
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/152,
author = {Ronan Lashermes and Jacques Fournier and Louis Goubin},
title = {Inverting the Final exponentiation of Tate pairings on ordinary elliptic curves using faults},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/152},
year = {2015},
url = {https://eprint.iacr.org/2015/152}
}
