• Title/Summary/Keyword: 경량 블록암호

Search Result 94, Processing Time 0.023 seconds

An Integrated Cryptographic Processor Supporting ARIA/AES Block Ciphers and Whirlpool Hash Function (ARIA/AES 블록암호와 Whirlpool 해시함수를 지원하는 통합 크립토 프로세서 설계)

  • Kim, Ki-Bbeum;Shin, Kyung-Wook
    • Journal of IKEEE
    • /
    • v.22 no.1
    • /
    • pp.38-45
    • /
    • 2018
  • An integrated cryptographic processor that efficiently integrates ARIA, AES block ciphers and Whirlpool hash function into a single hardware architecture is described. Based on the algorithm characteristics of ARIA, AES, and Whirlpool, we optimized the design so that the hardware resources of the substitution layer and the diffusion layer were shared. The round block was designed to operate in a time-division manner for the round transformation and the round key expansion of the Whirlpool hash, resulting in a lightweight hardware implementation. The hardware operation of the integrated ARIA-AES-Whirlpool crypto-processor was verified by Virtex5 FPGA implementation, and it occupied 68,531 gate equivalents (GEs) with a 0.18um CMOS cell library. When operating at 80 MHz clock frequency, it was estimated that the throughputs of ARIA, AES block ciphers, and Whirlpool hash were 602~787 Mbps, 682~930 Mbps, and 512 Mbps, respectively.

Analysis of Grover Attack Cost and Post-Quantum Security Strength Evaluation for Lightweight Cipher SPARKLE SCHWAEMM (경량암호 SPARKLE SCHWAEMM에 대한 Grover 공격 비용 분석 및 양자 후 보안 강도 평가)

  • Yang, Yu Jin;Jang, Kyung Bae;Kim, Hyun Ji;Song, Gyung Ju;Lim, Se Jin;Seo, Hwa Jeong
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.11 no.12
    • /
    • pp.453-460
    • /
    • 2022
  • As high-performance quantum computers are expected to be developed, studies are being actively conducted to build a post-quantum security system that is safe from potential quantum computer attacks. When the Grover's algorithm, a representative quantum algorithm, is used to search for a secret key in a symmetric key cryptography, there may be a safety problem in that the security strength of the cipher is reduced to the square root. NIST presents the post-quantum security strength estimated based on the cost of the Grover's algorithm required for an attack of the cryptographic algorithm as a post-quantum security requirement for symmetric key cryptography. The estimated cost of Grover's algorithm for the attack of symmetric key cryptography is determined by the quantum circuit complexity of the corresponding encryption algorithm. In this paper, the quantum circuit of the SCHWAEMM algorithm, AEAD family of SPARKLE, which was a finalist in NIST's lightweight cryptography competition, is efficiently implemented, and the quantum cost to apply the Grover's algorithm is analyzed. At this time, the cost according to the CDKM ripple-carry adder and the unbounded Fan-Out adder is compared together. Finally, we evaluate the post-quantum security strength of the lightweight cryptography SPARKLE SCHWAEMM algorithm based on the analyzed cost and NIST's post-quantum security requirements. A quantum programming tool, ProjectQ, is used to implement the quantum circuit and analyze its cost.

Key Recovery Attacks on Fantomas and Robin Using Related-Key Differentials (연관키 차분 특성을 이용한 Fantomas와 Robin의 키 복구 공격)

  • Kim, Hangi;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.4
    • /
    • pp.803-807
    • /
    • 2018
  • The Fantomas and the Robin are the block ciphers included in the LS-designs, the family of block ciphers. They are designed to efficiently apply the masking technique, which is a side-channel analysis countermeasure technique, using L-boxes and S-boxes capable of bit slice implementation. In this paper, we show that the key recovery attacks of Fantomas and Robin through the related-key differential analysis are possible with $2^{56}$ and $2^{72}$ time complexity, $2^{56}$ and $2^{69}$ chosen plaintext respectively.

Fault Injection Attack on Lightweight Block Cipher CHAM (경량 암호 알고리듬 CHAM에 대한 오류 주입 공격)

  • Kwon, Hongpil;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1071-1078
    • /
    • 2018
  • Recently, a family of lightweight block ciphers CHAM that has effective performance on resource-constrained devices is proposed. The CHAM uses a stateless-on-the-fly key schedule method which can reduce the key storage areas. Furthermore, the core design of CHAM is based on ARX(Addition, Rotation and XOR) operations which can enhance the computational performance. Nevertheless, we point out that the CHAM algorithm may be vulnerable to the fault injection attack which can reveal 4 round keys and derive the secret key from them. As a simulation result, the proposed fault injection attack can extract the secret key of CHAM-128/128 block cipher using about 24 correct-faulty cipher text pairs.

A Study of Implementing Efficient Rotation for ARX Lightweight Block Cipher on Low-level Microcontrollers (저사양 마이크로 컨트롤러에서 ARX 경량 암호를 위한 효율적인 Rotation 구현 방법 연구)

  • Kim, Minwoo;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.623-630
    • /
    • 2016
  • Heterogeneous IoT devices must satisfy a certain level of security for mutual connections and communications. However, a performance degradation of cryptographic algorithms in resource constrained devices is inevitable and so an optimization or efficient implementation method is necessary. In this paper, we study an efficient implementation method for rotation operations regarding registers for running ARX lightweight block ciphers. In a practical sense, we investigate the performance of modified rotation operations through experiments using real experiment devices. We show the improved performance of modified rotation operations and discover the significant difference in measured performance between simulations and real experiments, particularly for 16-bit MSP microcontrollers.

Optimal Implementation of Lightweight Block Cipher PIPO on CUDA GPGPU (CUDA GPGPU 상에서 경량 블록 암호 PIPO의 최적 구현)

  • Kim, Hyun-Jun;Eum, Si-Woo;Seo, Hwa-Jeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1035-1043
    • /
    • 2022
  • With the spread of the Internet of Things (IoT), cloud computing, and big data, the need for high-speed encryption for applications is emerging. GPU optimization can be used to validate cryptographic analysis results or reduced versions theoretically obtained by the GPU in a reasonable time. In this paper, PIPO lightweight encryption implemented in various environments was implemented on GPU. Optimally implemented considering the brute force attack on PIPO. In particular, the optimization implementation applying the bit slicing technique and the GPU elements were used as much as possible. As a result, the implementation of the proposed method showed a throughput of about 19.5 billion per second in the RTX 3060 environment, achieving a throughput of about 122 times higher than that of the previous study.

Measurements of Encryption and Decryption Times of AES and LEA Algorithms on an Arduino MCU (아두이노를 이용한 AES와 LEA의 암복호화 속도 측정)

  • Kwon, Yeongjun;Shin, Hyungsik
    • Journal of IKEEE
    • /
    • v.23 no.3
    • /
    • pp.971-977
    • /
    • 2019
  • This paper presents an experimental result showing the encryption and decryption times of the AES and LEA algorithms. AES and LEA algorithms are international and Korean standards for block ciphers, respectively. Through experiments, this paper investigates the applicability of the LEA algorithm for light weight IoT devices. In order to measure the encryption and decryption times, 256-bit and 128-bit secret keys were randomly generated for AES and LEA, respectively. Under our test environment using an Arduino microcontroller, the AES algorithm takes about 45ms for encryption and decryption processes, whereas the LEA algorithm takes about 4ms. Even though processing times of each algorithm may vary much under different implementation and test environments, this experimental result shows that the LEA algorithm can be applied to many light weight IoT devices for security goals.

Side Channel Attacks on SIMON Family with Reduced Masked Rounds (축소 마스킹이 적용된 경량 블록 암호 알고리즘 SIMON 패밀리에 대한 부채널 공격)

  • Kim, Jihun;Hong, Kiwon;Kim, Soram;Cho, Jaehyung;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.923-941
    • /
    • 2017
  • A side-channel attack is a method of attacking a cipher based on physical information of a cryptographic device. The masking method, which is a typical method overcoming this attack, is a method of calculating an arbitrary masking value at the round intermediate value through rounds. Thus, it is difficult to guess the intermediate value by the side-channel attack, but if the masking operation is applied to all rounds of the encryption algorithm, the encryption process may become overloaded. Therefore, it is practical to use a reduced-round masking technique that applies a masking technique to only a part of the cipher for lightweight equipment such as Internet of Things(IoT) and wearable devices. In this paper, we describe a Hamming weight filtering for SIMON family with reduced-round masking technique and it is shown that first round key recovery is possible through actual programming.

S-PRESENT Cryptanalysis through Know-Plaintext Attack Based on Deep Learning (딥러닝 기반의 알려진 평문 공격을 통한 S-PRESENT 분석)

  • Se-jin Lim;Hyun-Ji Kim;Kyung-Bae Jang;Yea-jun Kang;Won-Woong Kim;Yu-Jin Yang;Hwa-Jeong Seo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.193-200
    • /
    • 2023
  • Cryptanalysis can be performed by various techniques such as known plaintext attack, differential attack, side-channel analysis, and the like. Recently, many studies have been conducted on cryptanalysis using deep learning. A known-plaintext attack is a technique that uses a known plaintext and ciphertext pair to find a key. In this paper, we use deep learning technology to perform a known-plaintext attack against S-PRESENT, a reduced version of the lightweight block cipher PRESENT. This paper is significant in that it is the first known-plaintext attack based on deep learning performed on a reduced lightweight block cipher. For cryptanalysis, MLP (Multi-Layer Perceptron) and 1D and 2D CNN(Convolutional Neural Network) models are used and optimized, and the performance of the three models is compared. It showed the highest performance in 2D convolutional neural networks, but it was possible to attack only up to some key spaces. From this, it can be seen that the known-plaintext attack through the MLP model and the convolutional neural network is limited in attackable key bits.

MILP-Aided Division Property and Integral Attack on Lightweight Block Cipher PIPO (경량 블록 암호 PIPO의 MILP-Aided 디비전 프로퍼티 분석 및 인테그랄 공격)

  • Kim, Jeseong;Kim, Seonggyeom;Kim, Sunyeop;Hong, Deukjo;Sung, Jaechul;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.875-888
    • /
    • 2021
  • In this paper, we search integral distinguishers of lightweight block cipher PIPO and propose a key recovery attack on 8-round PIPO-64/128 with the obtained 6-round distinguishers. The lightweight block cipher PIPO proposed in ICISC 2020 is designed to provide the efficient implementation of high-order masking for side-channel attack resistance. In the proposal, various attacks such as differential and linear cryptanalyses were applied to show the sufficient security strength. However, the designers leave integral attack to be conducted and only show that it is unlikely for PIPO to have integral distinguishers longer than 5-round PIPO without further analysis on Division Property. In this paper, we search integral distinguishers of PIPO using a MILP-aided Division Property search method. Our search can show that there exist 6-round integral distinguishers, which is different from what the designers insist. We also consider linear operation on input and output of distinguisher, respectively, and manage to obtain totally 136 6-round integral distinguishers. Finally, we present an 8-round PIPO-64/128 key recovery attack with time complexity 2124.5849 and memory complexity of 293 with four 6-round integral distinguishers among the entire obtained distinguishers.