Paper 2015/152

Inverting the Final exponentiation of Tate pairings on ordinary elliptic curves using faults

Ronan Lashermes, Jacques Fournier, and Louis Goubin

Abstract

The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The first step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically difficult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special `easy' cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using $3$ independent faults.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in CHES 2013
Keywords
Tate pairingAte pairingfinal exponentiationfault attacks
Contact author(s)
ronan lashermes @ wanadoo fr
History
2015-02-27: revised
2015-02-27: received
See all versions
Short URL
https://ia.cr/2015/152
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/152,
      author = {Ronan Lashermes and Jacques Fournier and Louis Goubin},
      title = {Inverting the Final exponentiation of Tate pairings on ordinary elliptic curves using faults},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/152},
      year = {2015},
      url = {https://eprint.iacr.org/2015/152}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.