Security Analysis against RVA-based DPA Countermeasure Applied to $Eta_T$ Pairing Algorithm

RVA 기반의 페어링 부채널 대응법에 대한 안전성 분석

  • Received : 2010.05.20
  • Accepted : 2010.09.13
  • Published : 2011.04.30


Recently, pairings over elliptic curve have been applied for various ID-based encryption/signature/authentication/key agreement schemes. For efficiency, the $Eta_T$ pairings over GF($P^n$) (P = 2, 3) were invented, however, they are vulnerable to side channel attacks such as DPA because of their symmetric computation structure compared to other pairings such as Tate, Ate pairings. Several countermeasures have been proposed to prevent side channel attacks. Especially, Masaaki Shirase's method is very efficient with regard to computational efficiency, however, it has security flaws. This paper examines closely the security flaws of RVA-based countermeasure on $Eta_T$ Pairing algorithm from the implementation point of view.


Supported by : 한국연구재단


  1. P. Kocher, "Differential Power Analysis," CRYPTO 1999, LNCS 1666, pp. 388-397, 1999.
  2. P. S. L. M. Barreto, H. Y. Kim, B. Lynn, and M. Scott, "Efficient Algorithms for Pairing-based Cryptosystems," CRYPTO 2002, LNCS 2442, pp. 354-368, 2002.
  3. S. D. Galbraith, K. Harrison, and D. Soldera, "Implementing the Tate Pairing," ANTS V, LNCS 2369, pp. 324-337, 2002.
  4. I. Duursma and H. S. Lee, "Tate Pairing Implementation for Hyperelliptic Curves $y^{2}=x^{p}-x+d$," Asiacrypt 2003, LNCS 2894, pp. 111-123, 2003.
  5. D. Page and F. Vercauteren, "Fault and Side-Channel Attacks on Pairing Based Cryptography," Cryptology ePrint Archive, Report 2004/283, 2005.
  6. M. Scott, "Computing the Tate Pairing", CT-RSA 2005, LNCS 3376, pp. 293-304, 2005.
  7. C. Whelan and M. Scott, "Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?," VIETCRYPT 2006, LNCS 4341, pp. 99-114, 2006.
  8. F. Hess, N. Smart, and F. Vercauteren, "The Eta Pairing Revisited," IEEE Trans. Inf. Theory. 52 no. 10 pp. 4595-4602, 2006.
  9. P. S. L. M. Barreto, S. D. Galbraith, Colm O' hEigeartaigh, and M. Scott, "Efficient Pairing Computation on Supersingular Abelian Varieties," Design Codes and Cryptography, 42(3), pp. 239-271, 2007.
  10. TaeHyun. Kim, T. Takagi, Dongguk Han, Howon Kim and Jongin Lim, "Power Analysis Attacks and Countermeasures on Pairing over Binary Fields," ETRI Journal, Volume 30, Number 1, pp. 68-80, 2008.
  11. Dooho Choi, DongGuk Han, and Howon Kim, "Construction of Efficient and Secure Pairing Algorithm and Its Application," Jounal of Communications and Networks, Vol. 10, No. 4, pp. 437-443, 2008.
  12. M. Shirase, T. Takagi, and E. Okamoto "An Efficient Countermeasure against Side Channel Attacks for Pairing Computation," ISPEC 2008, LNCS 4991, pp. 290-303, 2008.
  13. K. Harrison, D. Page, and N. P. Smart, "Software Implementation of Finite Fields of Characteristic Three, for Use in Pairing-Based Cryptosystems," London Mathematical Society, Journal of Computer Math, Vol. 5, pp. 181-193, 2002.
  14. Eric Brier, Christophe Clavier and Francis Olivier, "Correlation Power Analysis with a Leakage Model," CHES 2004, LNCS 3156, pp. 135-152, 2004.