An efficient countermeasure against side channel attacks for pairing computation

Masaaki Shirase, Tsuyoshi Takagi, Eiji Okamoto

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Pairing-based cryptosystems have been widely researched, and several efficient hardware implementations of pairings have also been proposed. However, side channel attacks (SCAs) are serious attacks on hardware implementations. Whelan et al. pointed out that pairings except the η T pairing might not be vulnerable against SCAs by setting the secret point to the first parameter [25]. This paper deals with SCAs for the η T pairing over . To our knowledge, the randomized-projective-coordinate method has the smallest overhead among all countermeasures against SCAs for the η T pairing. The cost of that overhead is 3nM, where M is the cost of a multiplication in . In this paper, we propose another countermeasure based on random value additions (x p ∈+∈λ) and (y p ∈+∈λ), where P∈=∈(x p ,y p ) is the input point, and λ is a random value in . The countermeasure using the random value addition was relatively slow in the case of the scalar multiplication of elliptic curve cryptosystems. However, in the case of the η T pairing, we can construct an efficient countermeasure due to the form of the function for a point P∈=∈(x p ,y p ). The overhead of our proposed scheme is just 0.5nM, which is a reduction of more than 75% compared with the randomized-projective-coordinate method.

Original languageEnglish
Title of host publicationInformation Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings
Pages290-303
Number of pages14
DOIs
Publication statusPublished - Apr 7 2008
Event4th Information Security Practice and Experience Conference, ISPEC 2008 - Sydney, NSW, Australia
Duration: Apr 21 2008Apr 23 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4991 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other4th Information Security Practice and Experience Conference, ISPEC 2008
CountryAustralia
CitySydney, NSW
Period4/21/084/23/08

Fingerprint

Side Channel Attacks
Countermeasures
Pairing
Cryptography
Hardware Implementation
Hardware
Pairing-based Cryptosystems
Elliptic Curve Cryptosystem
Costs
Scalar multiplication
P-point
Efficient Implementation
Side channel attack
Multiplication
Attack

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Shirase, M., Takagi, T., & Okamoto, E. (2008). An efficient countermeasure against side channel attacks for pairing computation. In Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings (pp. 290-303). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4991 LNCS). https://doi.org/10.1007/978-3-540-79104-1_21

An efficient countermeasure against side channel attacks for pairing computation. / Shirase, Masaaki; Takagi, Tsuyoshi; Okamoto, Eiji.

Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. 2008. p. 290-303 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4991 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shirase, M, Takagi, T & Okamoto, E 2008, An efficient countermeasure against side channel attacks for pairing computation. in Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4991 LNCS, pp. 290-303, 4th Information Security Practice and Experience Conference, ISPEC 2008, Sydney, NSW, Australia, 4/21/08. https://doi.org/10.1007/978-3-540-79104-1_21
Shirase M, Takagi T, Okamoto E. An efficient countermeasure against side channel attacks for pairing computation. In Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. 2008. p. 290-303. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-79104-1_21
Shirase, Masaaki ; Takagi, Tsuyoshi ; Okamoto, Eiji. / An efficient countermeasure against side channel attacks for pairing computation. Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. 2008. pp. 290-303 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{f3e684db8a1d4015aea950d1a4123b18,
title = "An efficient countermeasure against side channel attacks for pairing computation",
abstract = "Pairing-based cryptosystems have been widely researched, and several efficient hardware implementations of pairings have also been proposed. However, side channel attacks (SCAs) are serious attacks on hardware implementations. Whelan et al. pointed out that pairings except the η T pairing might not be vulnerable against SCAs by setting the secret point to the first parameter [25]. This paper deals with SCAs for the η T pairing over . To our knowledge, the randomized-projective-coordinate method has the smallest overhead among all countermeasures against SCAs for the η T pairing. The cost of that overhead is 3nM, where M is the cost of a multiplication in . In this paper, we propose another countermeasure based on random value additions (x p ∈+∈λ) and (y p ∈+∈λ), where P∈=∈(x p ,y p ) is the input point, and λ is a random value in . The countermeasure using the random value addition was relatively slow in the case of the scalar multiplication of elliptic curve cryptosystems. However, in the case of the η T pairing, we can construct an efficient countermeasure due to the form of the function for a point P∈=∈(x p ,y p ). The overhead of our proposed scheme is just 0.5nM, which is a reduction of more than 75{\%} compared with the randomized-projective-coordinate method.",
author = "Masaaki Shirase and Tsuyoshi Takagi and Eiji Okamoto",
year = "2008",
month = "4",
day = "7",
doi = "10.1007/978-3-540-79104-1_21",
language = "English",
isbn = "3540791035",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "290--303",
booktitle = "Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings",

}

TY - GEN

T1 - An efficient countermeasure against side channel attacks for pairing computation

AU - Shirase, Masaaki

AU - Takagi, Tsuyoshi

AU - Okamoto, Eiji

PY - 2008/4/7

Y1 - 2008/4/7

N2 - Pairing-based cryptosystems have been widely researched, and several efficient hardware implementations of pairings have also been proposed. However, side channel attacks (SCAs) are serious attacks on hardware implementations. Whelan et al. pointed out that pairings except the η T pairing might not be vulnerable against SCAs by setting the secret point to the first parameter [25]. This paper deals with SCAs for the η T pairing over . To our knowledge, the randomized-projective-coordinate method has the smallest overhead among all countermeasures against SCAs for the η T pairing. The cost of that overhead is 3nM, where M is the cost of a multiplication in . In this paper, we propose another countermeasure based on random value additions (x p ∈+∈λ) and (y p ∈+∈λ), where P∈=∈(x p ,y p ) is the input point, and λ is a random value in . The countermeasure using the random value addition was relatively slow in the case of the scalar multiplication of elliptic curve cryptosystems. However, in the case of the η T pairing, we can construct an efficient countermeasure due to the form of the function for a point P∈=∈(x p ,y p ). The overhead of our proposed scheme is just 0.5nM, which is a reduction of more than 75% compared with the randomized-projective-coordinate method.

AB - Pairing-based cryptosystems have been widely researched, and several efficient hardware implementations of pairings have also been proposed. However, side channel attacks (SCAs) are serious attacks on hardware implementations. Whelan et al. pointed out that pairings except the η T pairing might not be vulnerable against SCAs by setting the secret point to the first parameter [25]. This paper deals with SCAs for the η T pairing over . To our knowledge, the randomized-projective-coordinate method has the smallest overhead among all countermeasures against SCAs for the η T pairing. The cost of that overhead is 3nM, where M is the cost of a multiplication in . In this paper, we propose another countermeasure based on random value additions (x p ∈+∈λ) and (y p ∈+∈λ), where P∈=∈(x p ,y p ) is the input point, and λ is a random value in . The countermeasure using the random value addition was relatively slow in the case of the scalar multiplication of elliptic curve cryptosystems. However, in the case of the η T pairing, we can construct an efficient countermeasure due to the form of the function for a point P∈=∈(x p ,y p ). The overhead of our proposed scheme is just 0.5nM, which is a reduction of more than 75% compared with the randomized-projective-coordinate method.

UR - http://www.scopus.com/inward/record.url?scp=41549128969&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=41549128969&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-79104-1_21

DO - 10.1007/978-3-540-79104-1_21

M3 - Conference contribution

AN - SCOPUS:41549128969

SN - 3540791035

SN - 9783540791034

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 290

EP - 303

BT - Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings

ER -