Fault Attack against Miller's algorithm


We complete the study of [23] and [27] about Miller’s algorithm. Miller’s algorithm is a central step to compute the Weil, Tate and Ate pairings. The aim of this article is to analyze the weakness of Miller’s algorithm when it undergoes a fault attack. We prove that Miller’s algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution of a nonlinear system. We highlight the fact that putting the secret as the first argument of the pairing is not a countermeasure. This article is an extensed version of the article [15].


1 Figures and Tables

Download Full PDF Version (Non-Commercial Use)