International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 18 July 2014

Johannes Blömer, Ricardo Gomes da Silva, Peter Günther, Juliane Krämer, Jean-Pierre Seifert
ePrint Report ePrint Report
Several fault attacks against pairing-based

cryptography have been described theoretically in recent

years. Interestingly, none of these have been practically

evaluated. We accomplished this task and prove that fault

attacks against pairing-based cryptography are indeed

possible and are even practical -- thus posing a serious

threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation

of the eta pairing on an AVR XMEGA A1. We injected

the first fault into the computation of the Miller Algorithm

and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that

allowed us to generate multiple independent faults in one

computation. The setup implements these faults by clock

glitches which induce instruction skips. With this setup we

conducted the first practical fault attack against a complete

pairing computation.

Expand

Additional news items may be found on the IACR news page.