Title :
A Practical Second-Order Fault Attack against a Real-World Pairing Implementation
Author :
Blomer, Johannes ; Gomes Da Silva, Ricardo ; Gunther, Peter ; Kramer, Juliane ; Seifert, Jean-Pierre
Author_Institution :
Univ. of Paderborn, Paderborn, Germany
Abstract :
Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these has been practically evaluated. We accomplish this task and prove that fault attacks against pairing-based cryptography are indeed possible and even practical - thus posing a serious threat. Moreover, we successfully conduct a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We inject the first fault into the computation of the Miller Algorithm and apply the second fault to completely skip the final exponentiation. We introduce a low-cost setup that allows us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation.
Keywords :
public key cryptography; AVR XMEGA A1; Miller algorithm; clock glitches; eta pairing; instruction skips; pairing-based cryptography; public-key cryptography; real-world pairing implementation; second-order fault attack; Circuit faults; Clocks; Elliptic curve cryptography; Elliptic curves; Field programmable gate arrays; Synchronization; Fault Attacks; Pairing-Based Cryptography; eta Pairing;
Conference_Titel :
Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on
Conference_Location :
Busan
DOI :
10.1109/FDTC.2014.22
