Cryptology ePrint Archive: Report 2006/237

Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?

Claire Whelan and Mike Scott

Abstract: We present an investigation into the security of three practical pairing algorithms; the Tate, Eta and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, yet no in depth side channel analysis has yet appeared in the literature. Since the secret parameter input to the pairing can potentially be entered in either of the two possible positions, there exist two avenues of attack, i.e. e(P,Q) or e(Q,P) where P is public and Q is private. We analyse the core operations fundamental to pairings and not only highlight how each implementation may potentially succumb to a side channel attack, but also show how one path is more susceptible than the other in Tate and Ate. For those who wish to deploy pairing based systems we make a simple suggestion to improve resistance to side channel attacks.

Category / Keywords: Side Channel Analysis (SCA), Pairing Based Cryptography, Correlation Power Analysis (CPA), Tate Pairing.

Date: received 10 Jul 2006, last revised 13 Jul 2006

Contact author: cwhelan at computing dcu ie

Available format(s): PDF | BibTeX Citation

Version: 20060713:110510 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]