• Title/Summary/Keyword: Algebraic Attack

Search Result 8, Processing Time 0.024 seconds

Security Analysis of Software-Oriented Stream Ciphers against Algebraic Attacks (소프트웨어 구현에 적합한 스트림 암호의 대수적 공격에 대한 안전성)

  • Sung Jaechul;Moon Dukjae;Im Hung-su;Chee Seongtaek;Lee Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.1
    • /
    • pp.29-40
    • /
    • 2005
  • In this paper we consider the security of recently proposed software-orienred stram cipher HELIX, SCREAM, MUGI, and PANAMA against algebraic attacks. Algebraic attack is a key recovery attack by solving an over-defined system of multi-variate equations with input-output pairs of an algorithm. The attack was firstly applied to block ciphers with some algebraic properties and then it has been mon usefully applied to stream ciphers. However it is difficult to obtain over-defined algebraic equations for a given cryptosystem in general. Here we analyze recently proposed software-oriented stream ciphers by constructing a system of equations for each cipher. furthermore we propose three design considerations of software-oriented stream ciphers.

McEliece Type PKC Based on Algebraic Geometry Code over Hyperelliptic Curve (초타원 곡선위에서 생성된 대수기하 부호를 이용한McEliece유형의 공개키 암호시스템)

  • 강보경;한상근
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.1
    • /
    • pp.43-54
    • /
    • 2002
  • McEliece introduced a public-key cryptosystem based on Algebraic codes, specially binary classical Goppa which have a good decoding algorithm and vast number of inequivalent codes with given parameters. And the advantage of this system low cost of their encryption and decryption procedures compared with other public-key systems specially RSA, ECC based on DLP(discrete logarithm problem). But in [1], they resent new attack based on probabilistic algorithm to find minimum weight codeword, so for a sufficient security level, much larger parameter size [2048, 1608,81]is required. Then the big size of public key make McEliece PKC more inefficient. So in this paper, we will propose New Type PKC using q-ary Hyperelliptic code so that with smaller parameter(1 over 3) but still work factor as hi인 as McEliece PKC and faster encryption, decryption can be maintained.

Algebraic Attacks on Summation Generators (Summation Generator에 대한 대수적 공격)

  • Lee, Dong-Hoon;Kim, Jae-Heon;Han, Jae-Woo;Hong, Jin;Moon, Duk-Jae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.1
    • /
    • pp.71-77
    • /
    • 2004
  • It was proved that Hen is an algebraic ,elation of degree [n(l+1]/2] for an (n, 1)-combine. which consists of n LFSRs and l memory bits. For the summation generator with $2^k$ LFSRs which uses k memory bits, we show that there is a non-trivial relation of degree at most $2^k$ using k+1 consecutive outputs. In general, for the summation generator with n LFSRs, we can construct a non-trivial algebraic relation of degree at most 2$^{{2^{[${log}_2$}n]}}$ using [${log}_2$+1 consecutive outputs.

A Public Key Encryption Scheme Using Algebraic-Geometry Codes (대수기하 부호를 이용한 공개키 암호)

  • Lee Jung-Keun;Kim Jaeheon;Park Sangwoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.6
    • /
    • pp.119-125
    • /
    • 2005
  • We propose a new code-based publick key encryption scheme. It is obtained by modifying the Augot and Finiasz scheme proposed at Eurocrypt 2003. We replace the Reed-Solomon codes with general algebraic-geometry codes and employ Guruswami-Sudan decoding algorithm for decryption. The scheme is secure against Colon's attack or Kiayias and Yung's attack to which the Augot and Finiasz scheme is vulnerable. Considering basic attacks aprlied to the Augot and Finiasz scheme, we claim that the proposed scheme provides similar security levels as the Augot and Finiasz scheme was claimed to provide for given key lengths.

The Linearity of algebraic Inversion and a Modification of Knudsen-Nyberg Cipher

  • Lee, Chang-Hyi;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.1
    • /
    • pp.65-70
    • /
    • 1998
  • K. Nyberg and L.R. Knudsen showed a prototype of a DES-like cipher$^{[1]}$ which has a provable security against differential cryptanalysis. But in the last year, at FSE'97 T. Jakobsen ane L.R.Knudsen broked it by using higher order differential attack and interpolation attack$^{[2]}$ . Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis$^{[3]}$ and it was suspected to have a large complexity for its implementation.Inthis paper the two improved results for the dfficidnt hardware and software implementation.

MDS code Creation Confirmation Algorithms in Permutation Layer of a Block Cipher (블록 암호에서 교환 계층의 MDS 코드 생성 확인 알고리즘)

  • 박창수;조경연
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.7 no.7
    • /
    • pp.1462-1470
    • /
    • 2003
  • According to the necessity about information security as well as the advance of IT system and the spread of the Internet, a variety of cryptography algorithms are being developed and put to practical use. In addition the technique about cryptography attack also is advanced, and the algorithms which are strong against its attack are being studied. If the linear transformation matrix in the block cipher algorithm such as Substitution Permutation Networks(SPN) produces the Maximum Distance Separable(MDS) code, it has strong characteristics against the differential attack and linear attack. In this paper, we propose a new algorithm which cm estimate that the linear transformation matrix produces the MDS code. The elements of input code of linear transformation matrix over GF$({2_n})$ can be interpreted as variables. One of variables is transformed as an algebraic formula with the other variables, with applying the formula to the matrix the variables are eliminated one by one. If the number of variables is 1 and the all of coefficient of variable is non zero, then the linear transformation matrix produces the MDS code. The proposed algorithm reduces the calculation time greatly by diminishing the number of multiply and reciprocal operation compared with the conventional algorithm which is designed to know whether the every square submatrix is nonsingular.

Countermeasure against Chosen Ciphertext Spa Attack of the Public-Key Cryptosystem Based on Ring-Lwe Problem (Ring-LWE 기반 공개키 암호시스템의 선택 암호문 단순전력분석 공격 대응법)

  • Park, Aesun;Won, Yoo-Seung;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1001-1011
    • /
    • 2017
  • A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

Gröbner Basis Attacks on Lightweight RFID Authentication Protocols

  • Han, Dae-Wan
    • Journal of Information Processing Systems
    • /
    • v.7 no.4
    • /
    • pp.691-706
    • /
    • 2011
  • Since security and privacy problems in RFID systems have attracted much attention, numerous RFID authentication protocols have been suggested. One of the various design approaches is to use light-weight logics such as bitwise Boolean operations and addition modulo $2^m$ between m-bits words. Because these operations can be implemented in a small chip area, that is the major requirement in RFID protocols, a series of protocols have been suggested conforming to this approach. In this paper, we present new attacks on these lightweight RFID authentication protocols by using the Gr$\ddot{o}$bner basis. Our attacks are superior to previous ones for the following reasons: since we do not use the specific characteristics of target protocols, they are generally applicable to various ones. Furthermore, they are so powerful that we can recover almost all secret information of the protocols. For concrete examples, we show that almost all secret variables of six RFID protocols, LMAP, $M^2AP$, EMAP, SASI, Lo et al.'s protocol, and Lee et al.'s protocol, can be recovered within a few seconds on a single PC.