• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.2
• /
• pp.171-179
• /
• 2011

Feistel and SPN are the two main structures in a block cipher. Feistel is a symmetric structure which has the same structure in encryption and decryption, but SPN is not a symmetric structure. Encrypt round function and decrypt round function in SPN structure have three parts, round key addition and substitution layer with S-box for confusion and permutation layer for defusion. Most SPN structure for example ARIA and AES uses 8 bit S-Box at substitution layer, which is vulnerable to Square attack, Boomerang attack, Impossible differentials cryptanalysis etc. In this paper, we propose a SPN which has a symmetric structure in encryption and decryption. The whole operations of proposed algorithm are composed of the even numbers of N rounds where the first half of them, 1 to N/2 round, applies a right function and the last half of them, (N+1)/2 to N round, employs an inverse function. And a symmetry layer is located in between the right function layer and the inverse function layer. The symmetric layer is composed with a multiple simple bit slice involution S-Boxes. The bit slice involution S-Box symmetric layer increases difficult to attack cipher by Square attack, Boomerang attack, Impossible differentials cryptanalysis etc. The proposed symmetric SPN block cipher with bit slice involution S-Box is believed to construct a safe and efficient cipher in Smart Card and RFID environments where electronic chips are built in.

• Journal of Korea Multimedia Society
• /
• v.1 no.1
• /
• pp.90-97
• /
• 1998

In this paper, we propose a new variable length block cipher. It has a variable key length from 128-bit to 256-bit and uses a variable number of rounds. In each round, the proposed algorithm uses the double involution structure which consists of tow steps and two different F functions. In addition, the proposed algorithm has two different key schedulings for providing the strength against known attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.1
• /
• pp.280-295
• /
• 2015

Block cipher ARIA was first proposed by some South Korean experts in 2003, and later, it was established as a Korean Standard block cipher algorithm by Korean Agency for Technology and Standards. In this paper, we focus on the security evaluation of ARIA block cipher against the recent zero-correlation linear cryptanalysis. In addition, Partial-sum technique and FFT (Fast Fourier Transform) technique are used to speed up the cryptanalysis, respectively. We first introduce some 4-round linear approximations of ARIA with zero-correlation, and then present some key-recovery attacks on 6/7-round ARIA-128/256 with the Partial-sum technique and FFT technique. The key-recovery attack with Partial-sum technique on 6-round ARIA-128 needs $2^{123.6}$ known plaintexts (KPs), $2^{121}$ encryptions and $2^{90.3}$ bytes memory, and the attack with FFT technique requires $2^{124.1}$ KPs, $2^{121.5}$ encryptions and $2^{90.3}$ bytes memory. Moreover, applying Partial-sum technique, we can attack 7-round ARIA-256 with $2^{124.6}$ KPs, $2^{203.5}$ encryptions and $2^{152}$ bytes memory and 7-round ARIA-256 employing FFT technique, requires $2^{124.7}$ KPs, $2^{209.5}$ encryptions and $2^{152}$ bytes memory. Our results are the first zero-correlation linear cryptanalysis results on ARIA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.495-504
• /
• 2012

This paper presents various speed optimization techniques for software implementation of the HIGHT block cipher on CPUs and GPUs. We considered 32-bit and 64-bit operating systems for CPU implementations. After we applied the bit-slicing and byte-slicing techniques to HIGHT, the encryption speed recorded 1.48Gbps over the intel core i7 920 CPU with a 64-bit operating system, which is up to 2.4 times faster than the previous implementation. We also implemented HIGHT on an NVIDIA GPU equipped with CUDA, and applied various optimization techniques, such as storing most frequently used data like subkeys and the F lookup table in the shared memory; and using coalesced access when reading data from the global memory. To our knowledge, this is the first result that implements and optimizes HIGHT on a GPU. We verified that the byte-slicing technique guarantees a speed-up of more than 20%, resulting a speed which is 31 times faster than that on a CPU.

• The KIPS Transactions:PartC
• /
• v.18C no.5
• /
• pp.287-292
• /
• 2011

Using an expanded DES key, we suggest a block cipher algorithm to generate and to use a variable P box. We also present an efficient way for the implementation of variable P box at each round. Using counter examples on Differential Cryptanalysis(DC) and Linear Cryptanalysis(LC), we show that the suggested algorithm is strong enough to overcome those attacks. Compared with the real key bits of triple DES(3DES), the new algorithm is much safer in the points of the exhaustive attack. The results of computer simulations show that the new algorithm is almost 3 times faster than 3DES regarding the cipher process time.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.4
• /
• pp.231-239
• /
• 2007

This paper presents the trade-off relationship between area and performance in the hardware design space exploration for the Korean national standard 128-bit block cipher algorithm SEED. In this paper, we compare the following four hardware design types of SEED algorithm : (1) Design 1 that is 16 round fully pipelining approach, (2) Design 2 that is a one round looping approach, (3) Design 3 that is a G function sharing and looping approach, and (4) Design 4 that is one round with internal 3 stage pipelining approach. The Design 1, Design 2, and Design 3 are the existing design approaches while the Design 4 is the newly proposed design in this paper. Our new design employs the pipeline between three G-functions and adders consisting of a F function, which results in the less area requirement than Design 2 and achieves the higher performance than Design 2 and Design 3 due to pipelining and module sharing techniques. We design and implement all the comparing four approaches with real hardware targeting FPGA for the purpose of exact performance and area analysis. The experimental results show that Design 4 has the highest performance except Design 1 which pursues very aggressive parallelism at the expanse of area. Our proposed design (Design 4) shows the best throughput/area ratio among all the alternatives by 2.8 times. Therefore, our new design for SEED is the most efficient design comparing with the existing designs.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.7
• /
• pp.1462-1470
• /
• 2003

According to the necessity about information security as well as the advance of IT system and the spread of the Internet, a variety of cryptography algorithms are being developed and put to practical use. In addition the technique about cryptography attack also is advanced, and the algorithms which are strong against its attack are being studied. If the linear transformation matrix in the block cipher algorithm such as Substitution Permutation Networks(SPN) produces the Maximum Distance Separable(MDS) code, it has strong characteristics against the differential attack and linear attack. In this paper, we propose a new algorithm which cm estimate that the linear transformation matrix produces the MDS code. The elements of input code of linear transformation matrix over GF$({2_n})$ can be interpreted as variables. One of variables is transformed as an algebraic formula with the other variables, with applying the formula to the matrix the variables are eliminated one by one. If the number of variables is 1 and the all of coefficient of variable is non zero, then the linear transformation matrix produces the MDS code. The proposed algorithm reduces the calculation time greatly by diminishing the number of multiply and reciprocal operation compared with the conventional algorithm which is designed to know whether the every square submatrix is nonsingular.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.77-87
• /
• 2001

This paper describes a design of cryptographic processor that implements the Rijndael cipher algorithm, the Advanced Encryption Standard algorithm. It can execute both encryption and decryption, and supports only 128-bit block and 128-bit keys. As the processor is implemented only one round, it must iterate 11 times to perform an encryption/decryption. We implemented the ByteSub and InvByteSub transformation using the algorithm for minimizing the increase of area which is caused by different encryption and decryption. It could reduce the memory size by half than implementing, with only ROM. We estimate that the cryptographic processor consists of about 15,000 gates, 32K-bit ROM and 1408-bit RAM, and has a throughput of 1.28 Gbps at 110 MHz clock based on Samsung 0.5um CMOS standard cell library. To our knowledge, this offers more reduced memory size compared to previously reported implementations with the same performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.23-32
• /
• 2008

The computing power of graphics processing units(GPU) has already surpassed that of CPU and the gap between their powers is getting wider. Thus, research on GPGPU which applies GPU to general purpose becomes popular and shows great success especially in the field of parallel data processing. Since the implementation of cryptographic algorithm using GPU was started by Cook et at. in 2005, improved results using graphic libraries such as OpenGL and DirectX have been published. In this paper, we present skills and results of implementing block ciphers using CUDA library announced by NVIDIA in 2007. Also, we discuss a general method converting source codes of block ciphers on CPU to those on GPU. On NVIDIA 8800GTX GPU, the resulting speeds of block cipher AES, ARIA, and DES are 4.5Gbps, 7.0Gbps, and 2.8Gbps, respectively which are faster than the those on CPU.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.371-381
• /
• 2013

An encryption algorithm is executed to supply data confidentiality using a secret key which is embedded in a crypto device. However, the fault injection attack has been developed to extract the secret key by injecting errors during the encryption processes. Especially, an attacker can find the secret key of block cipher ARIA using about 33 faulty outputs. In this paper, we proposed a countermeasure resistant to the these fault injection attacks by checking the difference value between input and output informations. Using computer simulation, we also verified that the proposed countermeasure has excellent fault detection rate and negligible computational overhead.