• Journal of Platform Technology
• /
• v.11 no.1
• /
• pp.72-84
• /
• 2023

With the rise of the Internet of Things, the security of such lightweight computing environments has become a hot topic. Lightweight block ciphers that can provide efficient performance and security by having a relatively simpler structure and smaller key and block sizes are drawing attention. Due to these characteristics, they can become a target for new attack techniques. One of the new cryptanalytic attacks that have been attracting interest is Neural cryptanalysis, which is a cryptanalytic technique based on neural networks. It showed interesting results with better results than the conventional cryptanalysis method without a great amount of time and cryptographic knowledge. The first work that showed good results was carried out by Aron Gohr in CRYPTO'19, the attack was conducted on the lightweight block cipher SPECK-/32/64 and showed better results than conventional differential cryptanalysis. In this paper, we first apply the Differential Neural Distinguisher proposed by Aron Gohr to the block ciphers HIGHT and GOST to test the applicability of the attack to ciphers with different structures. The performance of the Differential Neural Distinguisher is then analyzed by replacing the neural network attack model with five different models (Multi-Layer Perceptron, AlexNet, ResNext, SE-ResNet, SE-ResNext). We then propose a Related-key Neural Distinguisher and apply it to the SPECK-/32/64, HIGHT, and GOST block ciphers. The proposed Related-key Neural Distinguisher was constructed using the relationship between keys, and this made it possible to distinguish more rounds than the differential distinguisher.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.77-86
• /
• 2005

Related-Cipher attack was introduced by Hongjun Wu in 2002. We can consider related ciphers as block ciphers with the same round function but different round number and their key schedules do not depend on the total round number. This attack can be applied to block ciphers when one uses some semi-equivalent keys in related ciphers. In this paper we introduce differential related-cipher attacks on block ciphers, which combine related-cipher attacks with differential cryptanalysis. We apply this attack to the block cipher ARIA and SC2000. Furthermore, related-cipher attack can be combined with other block cipher attacks such as linear cryptanalysis, higher-order differential cryptanalysis, and so on. In this point of view we also analyze some other block ciphers which use flexible number of rounds, SAFER++ and CAST-128.

• ETRI Journal
• /
• v.35 no.1
• /
• pp.131-141
• /
• 2013

Integral cryptanalysis, which is based on the existence of (higher-order) integral distinguishers, is a powerful cryptographic method that can be used to evaluate the security of modern block ciphers. In this paper, we focus on substitution-permutation network (SPN) ciphers and propose a criterion to characterize how an r-round integral distinguisher can be extended to an (r+1)-round higher-order integral distinguisher. This criterion, which builds a link between integrals and higher-order integrals of SPN ciphers, is in fact based on the theory of direct decomposition of a linear space defined by the linear mapping of the cipher. It can be directly utilized to unify the procedure for finding 4-round higher-order integral distinguishers of AES and ARIA and can be further extended to analyze higher-order integral distinguishers of various block cipher structures. We hope that the criterion presented in this paper will benefit the cryptanalysts and may thus lead to better cryptanalytic results.

• Journal of Korea Multimedia Society
• /
• v.6 no.2
• /
• pp.288-300
• /
• 2003

As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.509-521
• /
• 2013

Impossible Differential Cryptanalysis (IDC) uses impossible differentials to discard wrong subkeys for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differentials. This paper studies impossible differentials for Rijndael-like and 3D-like ciphers, we introduce methods to find 4-round impossible differentials of Rijndael-like ciphers and 6-round impossible differentials of 3D-like ciphers. Using our methods, various new impossible differentials of Rijndael and 3D could be searched out.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.29-40
• /
• 2005

In this paper we consider the security of recently proposed software-orienred stram cipher HELIX, SCREAM, MUGI, and PANAMA against algebraic attacks. Algebraic attack is a key recovery attack by solving an over-defined system of multi-variate equations with input-output pairs of an algorithm. The attack was firstly applied to block ciphers with some algebraic properties and then it has been mon usefully applied to stream ciphers. However it is difficult to obtain over-defined algebraic equations for a given cryptosystem in general. Here we analyze recently proposed software-oriented stream ciphers by constructing a system of equations for each cipher. furthermore we propose three design considerations of software-oriented stream ciphers.

• ETRI Journal
• /
• v.36 no.6
• /
• pp.1032-1040
• /
• 2014

The Lai-Massey scheme, proposed by Vaudenay, is a modified structure in the International Data Encryption Algorithm cipher. A family of block ciphers, named FOX, were built on the Lai-Massey scheme. Impossible differential cryptanalysis is a powerful technique used to recover the secret key of block ciphers. This paper studies the impossible differential cryptanalysis of the Lai-Massey scheme with affine orthomorphism for the first time. Firstly, we prove that there always exist 4-round impossible differentials of a Lai-Massey cipher having a bijective F-function. Such 4-round impossible differentials can be used to help find 4-round impossible differentials of FOX64 and FOX128. Moreover, we give some sufficient conditions to characterize the existence of 5-, 6-, and 7-round impossible differentials of Lai-Massey ciphers having a substitution-permutation (SP) F-function, and we observe that if Lai-Massey ciphers having an SP F-function use the same diffusion layer and orthomorphism as a FOX64, then there are indeed 5- and 6-round impossible differentials. These results indicate that both the diffusion layer and orthomorphism should be chosen carefully so as to make the Lai-Massey cipher secure against impossible differential cryptanalysis.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.8
• /
• pp.4006-4024
• /
• 2017

Internet of Things (IoT) will transform our daily life by making different aspects of life smart like smart home, smart workplace, smart health and smart city etc. IoT is based on network of physical objects equipped with sensors and actuators that can gather and share data with other objects or humans. Secure communication is required for successful working of IoT. In this paper, a total of 13 lightweight cryptographic algorithms are evaluated based on their implementation results on 8-bit, 16-bit, and 32-bit microcontrollers and their appropriateness is examined for resource-constrained scenarios like IoT. These algorithms are analysed by dissecting them into their logical and structural elements. This paper tries to investigate the relationships between the structural elements of an algorithm and its performance. Association rule mining is used to find association patterns among the constituent elements of the selected ciphers and their performance. Interesting results are found on the type of element used to improve the cipher in terms of code size, RAM requirement and execution time. This paper will serve as a guideline for cryptographic designers to design improved ciphers for resource constrained environments like IoT.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.1
• /
• pp.435-451
• /
• 2019

Impossible differential cryptanalysis is an essential cryptanalytic technique and its key point is whether there is an impossible differential path. The main factor of influencing impossible differential cryptanalysis is the length of the rounds of the impossible differential trail because the attack will be more close to the real encryption algorithm with the number becoming longer. We provide the upper bound of the longest impossible differential trails of several important block ciphers. We first analyse the national standard of the Russian Federation in 2015, Kuznyechik, which utilizes the 16-byte LFSR to achieve the linear transformation. We conclude that there is no any 3-round impossible differential trail of the Kuznyechik without the consideration of the specific S-boxes. Then we ascertain the longest impossible differential paths of several other important block ciphers by using the matrix method which can be extended to many other block ciphers. As a result, we show that, unless considering the details of the S-boxes, there is no any more than or equal to 5-round, 7-round and 9-round impossible differential paths for KLEIN, Midori64 and MIBS respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.3-16
• /
• 2008

A Wireless Sensor Network (WSN for short) is a wireless network consisting of distributed small devices which are called sensor nodes or motes. Recently, there has been an extensive research on WSN and also on its security. For secure storage and secure transmission of the sensed information, sensor nodes should be equipped with cryptographic algorithms. Moreover, these algorithms should be efficiently implemented since sensor nodes are highly resource-constrained devices. There are already some existing algorithms applicable to sensor nodes, including public key ciphers such as TinyECC and standard block ciphers such as AES. Stream ciphers, however, are still to be analyzed, since they were only recently standardized in the eSTREAM project. In this paper, we implement over the MicaZ platform nine software-based stream ciphers out of the ten in the second and final phases of the eSTREAM project, and we evaluate their performance. Especially, we apply several optimization techniques to six ciphers including SOSEMANUK, Salsa20 and Rabbit, which have survived after the final phase of the eSTREAM project. We also present the implementation results of hardware-oriented stream ciphers and AES-CFB fur reference. According to our experiment, the encryption speeds of these software-based stream ciphers are in the range of 31-406Kbps, thus most of these ciphers are fairly acceptable fur sensor nodes. In particular, the survivors, SOSEMANUK, Salsa20 and Rabbit, show the throughputs of 406Kbps, 176Kbps and 121Kbps using 70KB, 14KB and 22KB of ROM and 2811B, 799B and 755B of RAM, respectively. From the viewpoint of encryption speed, the performances of these ciphers are much better than that of the software-based AES, which shows the speed of 106Kbps.