# An Efficient DPA Countermeasure for the $Eta_T$ Pairing Algorithm over GF($2^n$) Based on Random Value Addition

• Seo, Seog-Chung (Center for Information Security Technologies (CIST), Korea University) ;
• Han, Dong-Guk (Department of Mathematics, Kookmin University) ;
• Hong, Seok-Hie (Center for Information Security Technologies (CIST), Korea University)
• Accepted : 2011.02.24
• Published : 2011.10.31

#### Abstract

This paper presents an efficient differential power analysis (DPA) countermeasure for the $Eta_T$ pairing algorithm over GF($2^n$). The proposed algorithm is based on a random value addition (RVA) mechanism. An RVA-based DPA countermeasure for the $Eta_T$ pairing computation over GF($3^n$) was proposed in 2008. This paper examines the security of this RVA-based DPA countermeasure and defines the design principles for making the countermeasure more secure. Finally, the paper proposes an efficient RVA-based DPA countermeasure for the secure computation of the $Eta_T$ pairing over GF($2^n$). The proposed countermeasure not only overcomes the security flaws in the previous RVAbased method but also exhibits the enhanced performance. Actually, on the 8-bit ATmega128L and 16-bit MSP430 processors, the proposed method can achieve almost 39% and 43% of performance improvements, respectively, compared with the best-known countermeasure.

#### References

1. P.S.L.M. Barreto et al., "Efficient Algorithms for Pairing-Based Cryptosystems," CRYPTO, LNCS 2442, 2002, pp. 354-368.
2. S.D. Galbraith, K. Harrison, and D. Soldera, "Implementing the Tate Pairing," ANTS V, LNCS 2369, 2002, pp. 324-337.
3. I. Duursma and H.S. Lee, "Tate Pairing Implementation for Hyperelliptic Curves $y^{2}=x^{p}-x+d$," Asiacrypt, LNCS 2894, 2003, pp. 111-123.
4. S. Kwon, "Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields," ACISP, LNCS 3574, 2005, pp. 134-145.
5. P.S.L.M. Barreto et al., "Efficient Pairing Computation on Supersingular Abelian Varieties," Designs Codes Cryptography, vol. 42, no. 3, 2007, pp. 239-271. https://doi.org/10.1007/s10623-006-9033-6
6. F. Hess, N. Smart, and F. Vercauteren, "The Eta Pairing Revisited," IEEE Trans. Inf. Theory, vol. 52, no. 10, 2006, pp. 4595-4602. https://doi.org/10.1109/TIT.2006.881709
7. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," CRYPTO, LNCS 1666 , 1999, pp. 388-397.
8. D. Page and F. Vercauteren, "Fault and Side-Channel Attacks on Pairing Based Cryptography," Cryptology ePrint Archive, Report 2004/283, 2005.
9. M. Scott, "Computing the Tate Pairing," CT-RSA 2005, LNCS 3376, 2005, pp. 293-304.
10. C. Whelan and M. Scott, "Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?" VIETCRYPT, LNCS 4341, 2006, pp. 99-114.
11. T.H. Kim et al., "Power Analysis Attacks and Countermeasures on ηT Pairing over Binary Fields," ETRI J., vol. 30, no. 1, 2008, pp. 68-80. https://doi.org/10.4218/etrij.08.0107.0079
12. D.H. Choi, D.-G. Han, and H. W. Kim, "Construction of Efficient and Secure Pairing Algorithm and Its Application," J. Commun. Netw., vol. 10, no. 4, 2008, pp. 437-443. https://doi.org/10.1109/JCN.2008.6389860
13. E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," CHES, LNCS 3156, 2004, pp. 135-152.
14. M. Shirase, T. Takagi, and E. Okamoto, "An Efficient Countermeasure against Side Channel Attacks for Pairing Computation," ISPEC, LNCS 4991, 2008, pp. 290-303.
15. J.S. Coron, "Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems," CHES, LNCS 1717, 1999, pp. 292-302.
16. J.D. Golic and C. Tymen, "Multiplicative Masking and Power Analysis of AES," CHES, LNCS 2523, 2003, pp. 198-212.
17. J.D. Golic, "Techniques for Random Masking in Hardware," IEEE Trans. Circuits Syst. I, vol. 54, no. 2, 2007, pp. 291-300. https://doi.org/10.1109/TCSI.2006.885974
18. T. Messerges, "Using Second-Order Power Analysis to Attack DPA Resistant Software," CHES, LNCS 1965, 2000, pp. 238- 251.
19. L.B. Oliveira et al., "TinyPBC: Pairings for authenticated Identity- Based Non-interactive Key Distribution in Sensor Networks," Elsevier, Computer Communications, vol. 34, 2011, pp. 485-493. https://doi.org/10.1016/j.comcom.2010.05.013
20. S.C. Seo et al., "TinyECCK: Efficient Elliptic Curve Cryptography Implementation over GF($2^{m}$) on 8-Bit Micaz Mote," IEICE Trans.Syst., vol. 91-D, no. 5, 2010, pp. 1338-1347.