Paper 2006/237

Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?

Claire Whelan and Mike Scott


We present an investigation into the security of three practical pairing algorithms; the Tate, Eta and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, yet no in depth side channel analysis has yet appeared in the literature. Since the secret parameter input to the pairing can potentially be entered in either of the two possible positions, there exist two avenues of attack, i.e. e(P,Q) or e(Q,P) where P is public and Q is private. We analyse the core operations fundamental to pairings and not only highlight how each implementation may potentially succumb to a side channel attack, but also show how one path is more susceptible than the other in Tate and Ate. For those who wish to deploy pairing based systems we make a simple suggestion to improve resistance to side channel attacks.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Side Channel Analysis (SCA)Pairing Based CryptographyCorrelation Power Analysis (CPA)Tate Pairing.
Contact author(s)
cwhelan @ computing dcu ie
2006-07-13: revised
2006-07-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Claire Whelan and Mike Scott},
      title = {Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?},
      howpublished = {Cryptology ePrint Archive, Paper 2006/237},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.