What about Vulnerability to a Fault Attack of the Miller’s Algorithm During an Identity Based Protocol?

  • Nadia El Mrabet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


We complete the study of [16] and [20] about the Miller’s algorithm. The Miller’s algorithm is a central step to compute the Weil, Tate and Ate pairings. The aim of this article is to analyse the weakness of the Miller’s algorithm when it undergoes a fault attack. We prove that the Miller’s algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution of a nonlinear system. We show that the final exponentiation is no longer a counter measure to this attack for the Tate and Ate pairings.


Miller’s algorithm Identity Based Cryptography Fault Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abraham, D.G., Dolan, G.M., Double, G.P., Stevens, J.V.: Transaction Security System. IBM Systems Journal 30, 206–229 (1991)CrossRefGoogle Scholar
  2. 2.
    Anderson, R., Kuhn, M.: Tamper Resistance – a Cautionary Note. In: The Second USENIX Workshop on Electronic Commerce Proceedings, Okland, California, pp. 1–11 (1996)Google Scholar
  3. 3.
    Bajard, J.C., El Mrabet, N.: Pairing in cryptography: an arithmetic point de view. In: Advanced Signal Processing Algorithms, Architectures, and Implementations XVI, part of SPIE (August 2007)Google Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Joye, M.: Point multiplication on elliptic curves through isogenies. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 43–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., DeMillo, R., Lipton, R.: On the importance of checking cryptographic protocols faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. Discrete Math. Appl. Chapman & Hall/CRC, Boca Raton (2006)zbMATHGoogle Scholar
  8. 8.
    Yang, B., Wu, K., Karri, R.: Scan Based Side Channel Attack on Dedicated Hardware Implementation of Data Encryption Standard. In: Test Conference 2004, proceedings ITC 2004, pp. 339–344 (2004)Google Scholar
  9. 9.
    Edwards, H.: A normal Form for Elliptic Curve. Bulletin of the American Mathematical Society 44(3) (2007)Google Scholar
  10. 10.
    Habing, D.H.: The Use of Lasers to Simulate Radiation-Induced Transients in Semiconductor Devices and Circuits. IEEE Transactions On Nuclear Science 39, 1647–1653 (1992)CrossRefGoogle Scholar
  11. 11.
    Ionica, S., Joux, A.: Another approach to pairing computation in Edwards coordinates. In: INDOCRYPT 2008 [11], pp. 400–413 (2008),
  12. 12.
    Koblitz, N., Menezes, A.J.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Macwilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes II. North-Holland Mathematical Library, vol. 16. North-Holland, Amsterdam (1998)zbMATHGoogle Scholar
  14. 14.
    Menezes, A.: An introduction to pairing-based cryptography. Notes from lectures given in Santander, Spain (2005),
  15. 15.
    Miller, V.: The Weil pairing and its efficient calculation. Journal of Cryptology 17, 235–261 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Dan, P., Frederik, V.: Fault and Side Channel Attacks on Pairing based Cryptography. IEEE Transactions on Computers 55(9), 1075–1080 (2006)CrossRefGoogle Scholar
  17. 17.
    PARI/GP, version 2.1.7, Bordeaux (2005),
  18. 18.
    Shamir, A.: Identity Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  19. 19.
    Whelan, C., Scott, M.: Side Channel Analysis of Practical Pairing Implementation: Which Path is More Secure? In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 99–114. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Whelan, C., Scott, M.: The Importance of the Final Exponentiation in Pairings When Considering Fault Attacks. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 225–246. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Nadia El Mrabet
    • 1
  1. 1.LIRMM Laboratory, I3M, CNRSUniversity MontpellierMontpellierFrance

Personalised recommendations