• Journal of the Korea Society of Computer and Information
• /
• v.18 no.4
• /
• pp.123-129
• /
• 2013

The performance and practicality of cryptosystem for encryption, decryption, and primality test are primarily determined by the implementation efficiency of the modular exponentiation of $a^b$ (mod m). To compute $a^b$ (mod m), the standard binary squaring (square-and-multiply) still seems to be the best choice. However, in large b bits, the preprocessed n-ary, ($n{\geq}2$ method could be more efficient than binary squaring method. This paper proposes a square-and-divide and unpreprocessed n-ary square-and-divide modular exponentiation method. Results confirmed that the square-and-divide method is the most efficient of trial number in a case where the value of b is adjacent to $2^k+2^{k-1}$ or to. $2^{k+1}$. It was also proved that for b out of the beforementioned range, the unpreprocessed n-ary square-and-divide method yields higher efficiency of trial number than the general preprocessed n-ary method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.261-269
• /
• 2014

There are many researches on fast exponentiation algorithm which is used to implement a public key cryptosystem such as RSA. On the other hand, the malicious attacker has tried various side-channel attacks to extract the secret key. In these attacks, an attacker uses the power consumption or electromagnetic radiation of cryptographic devices which is measured during computation of exponentiation algorithm. In this paper, we propose a novel simple power analysis attack on m-ary exponentiation implementation. The core idea of our attack on m-ary exponentiation with pre-computation process is that an attacker controls the input message to identify the power consumption patterns which are related with secret key. Furthermore, we implement the m-ary exponentiation on evaluation board and apply our simple power analysis attack to it. As a result, we verify that the secret key can be revealed in experimental environment.

• Journal of the Institute of Electronics Engineers of Korea SC
• /
• v.41 no.1
• /
• pp.33-40
• /
• 2004

The divide-and-conquer method is efficiently used in parallel multiplier over finite field $GF(2^n)$. Leone Proposed optimal stop condition for iteration of Karatsuba-Ofman algerian(KOA). Ernst et al. suggested Multi-Segment Karatsuba(MSK) method. In this paper, we analyze the complexity of a parallel MSK multiplier based on the method. We propose a new parallel MSK multiplier whose space complexity is same to each other. Additionally, we propose optimal stop condition for iteration of the new MSK method. In some finite fields, our proposed multiplier is more efficient than the KOA.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.43 no.3 s.309
• /
• pp.76-81
• /
• 2006

Recently, Finite field is applied the cryptography in the modern multimedia communication. Especially, block codes such as Elliptic Curve Cryptosystem and Reed-Solomon code among the error correcting codes are defined with finite field. Also, finite field algorithm is conducting the research actively because many kind of application parts need the real time operating ability therefore the exclusive hardware have been implementing. In this paper, we proposed the inverse finite field algorithm over GF($2^8$) using finite composite field and implemented in a hardware, and then compare this hardware with the currently used 'Itoh and Tsujii' hardware in respect to structure, area and computation time. Furthermore, this hardware was inserted into the AES SubBytes block and implemented on FPGA emulator board to confirm that the superiority of the proposed algorithm through the performance evaluation.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.3
• /
• pp.49-59
• /
• 2018

Smart grid system has been deployed fast despite of legal, business and technology problems in many countries. One important problem in deploying the smart grid system is to protect private smart meter readings from the unbelievable parties while the major smart meter functions are untouched. Privacy-preserving involves some challenges such as hardware limitations, secure cryptographic schemes and secure signal processing. In this paper, we focused particularly on the smart meter reading aggregation,which is the major research field in the smart meter privacy-preserving. We suggest a noisy weighted aggregation scheme to guarantee differential privacy. The noisy weighted values are generated in such a way that their product is one and are used for making the veiled measurements. In case that a Diffie-Hellman generator is applied to obtain the noisy weighted values, the noisy values are transformed in such a way that their sum is zero. The advantage of Diffie and Hellman group is usually to use 512 bits. Thus, compared to Paillier cryptosystem series which relies on very large key sizes, a significant performance can be obtained.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1109-1122
• /
• 2016

Certificateless public key cryptography is a technique that can solve the certificate management problem of a public key cryptosystem and clear the key escrow issue of ID-based cryptography using the public key in user ID. Although the studies were actively in progress, many existing schemes have been designed without taking into account the safety of the secret value with the decryption key exposure attacks. If previous secret values and decryption keys are exposed after replacing public key, a valid private key can be calculated by obtaining the partial private key corresponding to user's ID. In this paper, we propose a new security model which ensures the security against the key exposure attacks and show that several certificateless public key encryption schemes are insecure in the proposed security model. In addition, we design a certificateless public key encryption scheme to be secure in the proposed security model and prove it based on the DBDH(Decisional Bilinear Diffie-Hellman) assumption.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.147-152
• /
• 2016

Wireless sensor networks that are easy to deploy and install are ideal for building a system that monitors the condition of the equipment in a factory environment where wiring is difficult. The ZigBee has characteristics of low price and low power compared with other wireless communication protocols and is suitable for a monitoring system requiring a plurality of nodes. ZigBee communication requires encryption security between devices because all protocol layers are based on OTM trusted by each other. In the communication between nodes, node authentication must be guaranteed and exposure of confidential information managed by each node should be minimized. The facilities of the factory are regular and stationary in distribution location. In order to protect the information gathered from the sensor in the factory environment and the actuator control information connected to the sensor node, we propose a cryptosystem based on the two - dimensional grid - based key distribution method similar to the distribution environment of the facility.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.1
• /
• pp.50-58
• /
• 2003

Among finite field arithmetic operations, the $AB^2$ operation is known as an efficient basic operation for public key cryptosystems over $GF(2^m)$,Division/Inversion is computed by performing the repetitive AB$^2$ multiplication. This paper presents two new $AB^2$algorithms and their systolic realizations in finite fields $GF(2^m)$.The proposed algorithms are based on the MSB-first scheme using standard basis representation and the proposed systolic architectures for $AB^2$ multiplication have a low hardware complexity and small latency compared to the conventional approaches. Additionally, since the proposed architectures incorporate simplicity, regularity, modularity, and pipelinability, they are well suited to VLSI implementation and can be easily applied to inversion architecture. Furthermore, these architectures will be utilized for the basic architecture of crypto-processor.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.3
• /
• pp.593-600
• /
• 2018

Cellular automata (CA) have been applied to effective cryptographic system design. CA is superior in randomness to LFSR due to the fact that its state is updated simultaneously by local interaction. To apply these CAs to the cryptosystem, a study has been performed how to synthesize CA corresponding to given polynomials. In this paper, we analyze the recurrence relations of the characteristic polynomial of the 90 UCA and the characteristic polynomial of the 90/150 CA whose transition rule is <$00{\cdots}001$>. And we synthesize the 90/150 CA corresponding to the trinomials $x^{2^n}+x+1(n{\geq}2)$ satisfying f(x)=f(x+1) using the 90 UCA transition rule blocks and the special transition rule block. We also analyze the properties of the irreducible factors of trinomials $x^{2^n}+x+1$ and propose a 90/150 CA synthesis algorithm corresponding to $x^{2^n}+x^{2^m}+1(n{\geq}2,n-m{\geq}2)$.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.6
• /
• pp.348-353
• /
• 2010

A threshold decryption scheme is a multi-party public key cryptosystem that allows any sufficiently large subset of participants to decrypt a ciphertext, but disallows the decryption otherwise. When performing a threshold decryption, a third party is often involved to guarantee fairness among the participants. To maintain the security of the protocol as high as possible, it is desirable to lower the level of trust and the amount of information given to the third party. In this paper, we present a threshold decryption scheme which allows the anonymity of the participants as well as the fairness by employing a semi-trusted third party (STTP) which follows the protocol properly with the exception that it keeps a record of all its intermediate computations. Our solution preserves the security and fairness of the previous scheme and reveals no information about the identities of the participants and the plaintext even though an attacker is allowed to access the storage of the STTP.