An Efficient Countermeasure against Side Channel Attacks for Pairing Computation

DOI IR IR (HANDLE) Open Access

Description

Pairing-based cryptosystems have been widely researched, and several efficient hardware implementations of pairings have also been proposed. However, side channel attacks (SCAs) are serious attacks on hardware implementations. Whelan et al. pointed out that pairings except the ηT pairing might not be vulnerable against SCAs by setting the secret point to the first parameter [25]. This paper deals with SCAs for the ηT pairing over F3n. To our knowledge, the randomized-projective-coordinate method has the smallest overhead among all countermeasures against SCAs for the ηT pairing. The cost of that overhead is 3nM, where M is the cost of a multiplication in F3n. In this paper, we propose another countermeasure based on random value additions (xp + λ) and (yp + λ), where P = (xp, yp) is the input point, and λ is a random value in F3n. The countermeasure using the random value addition was relatively slow in the case of the scalar multiplication of elliptic curve cryptosystems. However, in the case of the ?T pairing, we can construct an efficient countermeasure due to the form of the function gP(x, y) = yp3y-(xp3 + x - 1)2 for a point P = (xp, yp). The overhead of our proposed scheme is just 0.5nM, which is a reduction of more than 75% compared with the randomized-projective-coordinate method.

Journal

  • ISPEC 2008

    ISPEC 2008 LNSC 4991 290-303, 2008-04

    Springer

Details 詳細情報について

Report a problem

Back to top