【 摘 要 】

This paper presents an efficient differential power analysis (DPA) countermeasure for the Eta_T pairing algorithm over GF(2ⁿ). The proposed algorithm is based on a random value addition (RVA) mechanism. An RVA-based DPA countermeasure for the Eta_T pairing computation over GF(3ⁿ) was proposed in 2008. This paper examines the security of this RVA-based DPA countermeasure and defines the design principles for making the countermeasure more secure. Finally, the paper proposes an efficient RVA-based DPA countermeasure for the secure computation of the Eta_T pairing over GF(2ⁿ). The proposed countermeasure not only overcomes the security flaws in the previous RVA-based method but also exhibits the enhanced performance. Actually, on the 8-bit ATmega128L and 16-bit MSP430 processors, the proposed method can achieve almost 39% and 43% of performance improvements, respectively, compared with the best-known countermeasure.

【 授权许可】

   

【 预 览 】

附件列表

Files	Size	Format	View
20150520120817474.pdf	444KB	PDF	download

【 参考文献 】

• [1]P.S.L.M. Barreto et al., "Efficient Algorithms for Pairing-Based Cryptosystems," CRYPTO, LNCS 2442, 2002, pp. 354-368.
• [2]S.D. Galbraith, K. Harrison, and D. Soldera, "Implementing the Tate Pairing," ANTS V, LNCS 2369, 2002, pp. 324-337.
• [3]I. Duursma and H.S. Lee, "Tate Pairing Implementation for Hyperelliptic Curves y2=xp-x+d," Asiacrypt, LNCS 2894, 2003, pp. 111-123.
• [4]S. Kwon, "Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields," ACISP, LNCS 3574, 2005, pp. 134-145.
• [5]P.S.L.M. Barreto et al., "Efficient Pairing Computation on Supersingular Abelian Varieties," Designs Codes Cryptography, vol. 42, no. 3, 2007, pp. 239-271.
• [6]F. Hess, N. Smart, and F. Vercauteren, "The Eta Pairing Revisited," IEEE Trans. Inf. Theory, vol. 52, no. 10, 2006, pp. 4595-4602.
• [7]P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," CRYPTO, LNCS 1666, 1999, pp. 388-397.
• [8]D. Page and F. Vercauteren, "Fault and Side-Channel Attacks on Pairing Based Cryptography," Cryptology ePrint Archive, Report 2004/283, 2005.
• [9]M. Scott, "Computing the Tate Pairing," CT-RSA 2005, LNCS 3376, 2005, pp. 293-304.
• [10]C. Whelan and M. Scott, "Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?" VIETCRYPT, LNCS 4341, 2006, pp. 99-114.
• [11]T.H. Kim et al., "Power Analysis Attacks and Countermeasures on ?T Pairing over Binary Fields," ETRI J., vol. 30, no. 1, 2008, pp. 68-80.
• [12]D.H. Choi, D.-G. Han, and H. W. Kim, "Construction of Efficient and Secure Pairing Algorithm and Its Application," J. Commun. Netw., vol. 10, no. 4, 2008, pp. 437-443.
• [13]E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," CHES, LNCS 3156, 2004, pp. 135-152.
• [14]M. Shirase, T. Takagi, and E. Okamoto, "An Efficient Countermeasure against Side Channel Attacks for Pairing Computation," ISPEC, LNCS 4991, 2008, pp. 290-303.
• [15]J.S. Coron, "Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems," CHES, LNCS 1717, 1999, pp. 292-302.
• [16]J.D. Golić and C. Tymen, "Multiplicative Masking and Power Analysis of AES," CHES, LNCS 2523, 2003, pp. 198-212.
• [17]J.D. Golić, "Techniques for Random Masking in Hardware," IEEE Trans. Circuits Syst. I, vol. 54, no. 2, 2007, pp. 291-300.
• [18]T. Messerges, "Using Second-Order Power Analysis to Attack DPA Resistant Software," CHES, LNCS 1965, 2000, pp. 238-251.
• [19]L.B. Oliveira et al., "TinyPBC: Pairings for authenticated Identity-Based Non-interactive Key Distribution in Sensor Networks," Elsevier, Computer Communications, vol. 34, 2011, pp. 485-493.
• [20]S.C. Seo et al., "TinyECCK: Efficient Elliptic Curve Cryptography Implementation over GF(2m) on 8-Bit Micaz Mote," IEICE Trans.Syst., vol. 91-D, no. 5, 2010, pp. 1338-1347.