• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1802-1819
• /
• 2017

Correlation-enhanced collision attack has been proposed by Moradi et al. for several years. However, in practical operations, this method costs lots of time on trace acquisition, storage and averaging due to its bytewise collision detection. In this paper, we propose a bitwise collision attack based on second-order distance model. In this method, only 9 average traces are enough to finish a collision attack. Furthermore, two candidate models are given in this study to distinguish collisions, and the corresponding practical experiments are also performed. The experimental results indicate that the operation time of our attack is only 8% of that of correlation-enhanced collision attack, when the two success rates are both above 0.9.

• ETRI Journal
• /
• v.38 no.2
• /
• pp.387-396
• /
• 2016

This paper introduces a new type of collision attack on first-order masked Advanced Encryption Standards. This attack is a known-plaintext attack, while the existing collision attacks are chosen-plaintext attacks. In addition, our method requires significantly fewer power measurements than any second-order differential power analysis or existing collision attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.1
• /
• pp.296-308
• /
• 2015

Advanced Encryption Standard (AES) is widely used for protecting wireless sensor network (WSN). At the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2012, G$\acute{e}$rard et al. proposed an optimized collision attack and break a practical implementation of AES. However, the attack needs at least 256 averaged power traces and has a high computational complexity because of its byte wise operation. In this paper, we propose a novel double sieve collision attack based on bitwise collision detection, and an improved version with an error-tolerant mechanism. Practical attacks are successfully conducted on a software implementation of AES in a low-power chip which can be used in wireless sensor node. Simulation results show that our attack needs 90% less time than the work published by G$\acute{e}$rard et al. to reach a success rate of 0.9.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.795-803
• /
• 2020

In this paper, we study known-key distinguishing and partial-collision attacks on GFN-2 structures with SP F-functions and various block lengths. Firstly, we show the known-key distinguishing attack is possible up to 15 rounds. Secondly, for the case that the last round function has the shuffle operation, we show that the partial-collision attack is possible up to 14 rounds. Finally, for the case that the last round function has no shuffle operation, we show that the partial-collision attacks are possible up to 11 rounds.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.393-398
• /
• 2013

This paper introduces a new collision attack on first-order masked AES. This attack is a known plaintext attack, while the existing collision attacks are a chosen plaintext attack. In addition, our method is more efficient than the second-order power analysis and requires about 1/27.5 power measurements by comparison with the last collision attack. Some experiment results of this paper support this fact. In this paper, we also introduce a simple countermeasure, which can protect against our attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.617-628
• /
• 2022

Ascon is one of the final round candidates of the NIST lightweight cryptography contest, which has been underway since 2015, and supports hash modes Ascon-Hash and Ascon-Xof. In this paper, we develop a MILP model for collision attack on the Ascon-Hash and search for a differential trail that can be used in a quantum setting through the model. In addition, we present an algorithm that allows an attacker who can use a quantum computer to find a quantum free-start collision attack of 3-round Ascon-Hash using the discovered differential trail. This attack is meaningful in that it is the first to analyze a collision attack on Ascon-Hash in a quantum setting.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.335-344
• /
• 2016

It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.299-308
• /
• 2009

In this paper, we. present a collision attack on hash function with 2-dimensional cellular automata[1], which is useful for providing authentication on online game. This attack can find a collision message pair with $2^{28}$ computation using property of nonlinear function. We also extend basic attack with probability $2^{-28}$ to improve attack with probability 1 using Wang's analysis technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.477-489
• /
• 2014

Based on some flaws occurred for implementing a public key cryptosystem in the embedded security device, many side-channel attacks to extract the secret private key have been tried. In spite of the fact that the cryptographic exponentiation is basically composed of a sequence of multiplications and squarings, a new Square Always exponentiation algorithm was recently presented as a countermeasure against side-channel attacks based on trading multiplications for squarings. In this paper, we propose Known Power Collision Analysis and modified Doubling attacks to break the Right-to-Left Square Always exponentiation algorithm which is known resistant to the existing side-channel attacks. And we also present a Collision-based Combined Attack which is a combinational method of fault attack and power collision analysis. Furthermore, we verify that the Square Always algorithm is vulnerable to the proposed side-channel attacks using computer simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1103-1116
• /
• 2014

Collision attacks using side channel analysis confirm same intermediate value and restore sensitive data of algorithm using this point. In CHES 2011 Clavier and other authors implemented the improved attack using Blacklist so they carried out the attack successfully using less plaintext than before. However they did not refer the details of Blacklist method and just performed algorithms with the number of used plaintext. Therefore in this paper, we propose the specific method to carry out efficient collision attack. At first we define basic concepts, terms, and notations. And using these, we propose various methods. Also we describe facts that greatly influence on attack performance in priority, and then we try to improve the performance of this attack by analyzing the algorithm and structuring more efficient one.