• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.8
• /
• pp.1471-1479
• /
• 2017

This paper describes a design of RSA public-key cryptography processor supporting key length of 2,048 bits. A modular multiplier that is core arithmetic function in RSA cryptography was designed using word-based Montgomery multiplication algorithm, and a modular exponentiation was implemented by using Left-to-Right (LR) binary exponentiation algorithm. A computation of a modular multiplication takes 8,386 clock cycles, and RSA encryption and decryption requires 185,724 and 25,561,076 clock cycles, respectively. The RSA processor was verified by FPGA implementation using Virtex5 device. The RSA cryptographic processor synthesized with 100 MHz clock frequency using a 0.18 um CMOS cell library occupies 12,540 gate equivalents (GEs) and 12 kbits memory. It was estimated that the RSA processor can operate up to 165 MHz, and the estimated time for RSA encryption and decryption operations are 1.12 ms and 154.91 ms, respectively.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1439-1444
• /
• 2013

Recently, as the use of the applications like online banking and stock trading is increasing by the rapid development of the network, security of data content is becoming more and more important. Accordingly, public key or symmetric key encryption algorithm is widely used in open networks such as the internet for the protection of data. Generally, public key cryptographic systems is based on two famous number theoretic problems namely factoring or discrete logarithm problem. So, public key cryptographic systems is relatively slow compared to symmetric key cryptography systems. Among public key cryptographic systems, the advantage of ECC compared to RSA is that it offers equal security for a far smaller key. For this reason, ECC is faster than RSA. In this paper, we propose a efficient key generation method for elliptic curve cryptography system based on the real number field.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3815-3833
• /
• 2021

MILP-based automatic search is the most common method in analyzing the security of cryptographic algorithms. However, this method brings many issues such as low efficiency due to the large size of the model, and the difficulty in finding the contradiction of the impossible differential distinguisher. To analyze the security of ESF algorithm, this paper introduces a simplified MILP-based search model of the differential distinguisher by reducing constrains of XOR and S-box operations, and variables by combining cyclic shift with its adjacent operations. Also, a new method to find contradictions of the impossible differential distinguisher is proposed by introducing temporary variables, which can avoid wrong and miss selection of contradictions. Based on a 9-round impossible differential distinguisher, 15-round attack of ESF can be achieved by extending forward and backward 3-round in single-key setting. Compared with existing results, the exact lower bound of differential active S-boxes in single-key setting for 10-round ESF are improved. Also, 2108 9-round impossible differential distinguishers in single-key setting and 14 12-round impossible differential distinguishers in related-key setting are obtained. Especially, the round of the discovered impossible differential distinguisher in related-key setting is the highest, and compared with the previous results, this attack achieves the highest round number in single-key setting.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.6
• /
• pp.736-743
• /
• 2020

Modular multiplication is one of the most important arithmetic operations in public-key cryptography such as elliptic curve cryptography (ECC) and RSA, and the performance of modular multiplier is a key factor influencing the performance of public-key cryptographic hardware. An efficient hardware implementation of word-based Montgomery modular multiplication algorithm is described in this paper. Our modular multiplier was designed to support eleven field sizes for prime field GF(p) and binary field GF(2k) as defined by SEC2 standard for ECC, making it suitable for lightweight hardware implementations of ECC processors. The proposed architecture employs pipeline scheme between the partial product generation and addition operation and the modular reduction operation to reduce the clock cycles required to compute modular multiplication by 50%. The hardware operation of our modular multiplier was demonstrated by FPGA verification. When synthesized with a 65-nm CMOS cell library, it was realized with 33,635 gate equivalents, and the maximum operating clock frequency was estimated at 147 MHz.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.15-26
• /
• 2001

Visual cryptography is a simple method in which secret information can be directly decoded in human visual system without any cryptographic computations. When the secret image is scattered to n random shares(slides), this scheme has some week point such as pixel expansion and contrast degradation. Therefore, it is necessary to reduce the pixel expansion and improve the contrast in recovered image. In this paper, we propose a new construction method for (k, n) visual cryptography using the cumulative matrix. In case k is odd, we can construct the cumulative matrix perfectly. For even k, the contrast of special pair in decoded image can be achieved best by permitting multiple contract. The proposed method is more simple than that of S. Droste\`s in construction and the average contrast of decoded image is improved for the most part. Also, we show that the basis matrices depending on the cumulative matrix are able to be applied for the general access structure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1137-1148
• /
• 2021

The main obstacle for implementing CSIDH-based cryptography is that it requires generating a kernel of a small prime order to compute the group action using Velu's formula. As this is a quite painstaking process for small torsion points, a new approach called radical isogeny is recently proposed to compute chains of isogenies from a coefficient of an elliptic curve. This paper presents an optimized implementation of radical isogenies and analyzes its ideal use in CSIDH-based cryptography. We tailor the formula for transforming Montgomery curves and Tate normal form and further optimized the radical 2- and 3- isogeny formula and a projective version of radical 5- and 7- isogeny. For CSIDH-512, using radical isogeny of degree up to 7 is 15.3% faster than standard constant-time CSIDH. For CSIDH-4096, using only radical 2-isogeny is the optimal choice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1149-1156
• /
• 2021

The Grover algorithm, which accelerates the brute force attack, is applicable to key recovery of symmetric key cryptography, and NIST uses the Grover attack cost for symmetric key cryptography to estimate the post-quantum security strength. In this paper, we estimate the attack cost of Grover's algorithm by implementing DES as a quantum circuit. NIST estimates the post-quantum security strength based on the attack cost of AES for symmetric key cryptography using 128, 192, and 256-bit keys. The estimated attack cost for DES can be analyzed to see how resistant DES is to attacks from quantum computers. Currently, since there is no post-quantum security index for symmetric key ciphers using 64-bit keys, the Grover attack cost for DES using 64-bit keys estimated in this paper can be used as a standard. ProjectQ, a quantum programming tool, was used to analyze the suitability and attack cost of the quantum circuit implementation of the proposed DES.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.183-191
• /
• 2023

Cryptographic algorithms require extensive computational resources and rely on complex mathematical principles for security. However, IoT devices have limited resources, leading to insufficient computing power. As a result, lightweight cryptography has emerged, which uses fewer computational resources. NIST organized a competition to standardize lightweight cryptography and TinyJAMBU, one of the algorithms in the competition, is a permutation-based algorithm that repeats many permutation operations. In this paper, we implement TinyJAMBU on an 8-bit AVR processor with a proposedtechnique that includes a reverse shift method and precomputing some operations in a fixed key and nonce environment. Our techniques showed a maximum performance improvement of 7.03 times in permutation operations and 5.87 times in the TinyJAMBU algorithm, improving up to 9.19 times in a fixed key and nonce environment.

• International Journal of Internet, Broadcasting and Communication
• /
• v.16 no.1
• /
• pp.17-28
• /
• 2024

As listed as one of the most important requirements for Post-Quantum Cryptography standardization process by National Institute of Standards and Technology, the resistance to various side-channel attacks is considered very critical in deploying cryptosystems in practice. In fact, cryptosystems can easily be broken by side-channel attacks, even though they are considered to be secure in the mathematical point of view. The timing attack(TA) and the simple power analysis attack(SPA) are such side-channel attack methods which can reveal sensitive information by analyzing the timing behavior or the power consumption pattern of cryptographic operations. Thus, appropriate measures against such attacks must carefully be considered in the early stage of cryptosystem's implementation process. The Montgomery multiplier is a commonly used and classical gadget in implementing big-number-based cryptosystems including RSA and ECC. And, as recently proposed as an alternative of building blocks for implementing post quantum cryptography such as lattice-based cryptography, the big-number multiplier including the Montgomery multiplier still plays a role in modern cryptography. However, in spite of its effectiveness and wide-adoption, the multiplier is known to be vulnerable to TA and SPA. And this paper proposes a new countermeasure for the Montgomery multiplier against TA and SPA. Briefly speaking, the new measure first represents a multiplication operand without 0 digits, so the resulting multiplication operation behaves in a very regular manner. Also, the new algorithm removes the extra final reduction (which is intrinsic to the modular multiplication) to make the resulting multiplier more timing-independent. Consequently, the resulting multiplier operates in constant time so that it totally removes any TA and SPA vulnerabilities. Since the proposed method can process multi bits at a time, implementers can also trade-off the performance with the resource usage to get desirable implementation characteristics.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.2
• /
• pp.795-800
• /
• 2012

Recently, as communication is evolved by leaps and bounds through wired/wireless networks, variety of services are routinely made through communication networks. Accordingly, technology that is for protecting data and personal information is required essentially, and study of security technology is actively being make progress to solve these information protection problems. In this paper, to expand selection scope of the key of elliptic curve cryptography, arithmetic items of real number based elliptic curve algorithm among various cryptographic algorithms was studied. The result of an experiment, we could know that elliptic curve cryptography using the real number can choose more various keys than existing elliptic curve cryptography using integer and implement securer cryptographic system.