• ETRI Journal
• /
• v.31 no.2
• /
• pp.129-139
• /
• 2009

This paper provides an efficient algorithm for computing the ${\eta}_T$ pairing on supersingular elliptic curves over fields of characteristic two. In the proposed algorithm, we deploy a modified multiplication in $F_{2^{4n}}$ using the Vandermonde matrix. For F, G ${\in}$ $F_{2^{4n}}$ the proposed multiplication method computes ${\beta}{\cdot}F{\cdot}G$ instead of $F{\cdot}G$ with some ${\beta}$ ${\in}$ $F^*_{2n}$ because ${\beta}$ is eliminated by the final exponentiation of the ${\eta}_T$ pairing computation. The proposed multiplication method asymptotically requires only 7 multiplications in $F_{2^n}$ as n ${\rightarrow}$ ${\infty}$, while the cost of the previously fastest Karatsuba method is 9 multiplications in $F_{2^n}$. Consequently, the cost of the ${\eta}_T$ pairing computation is reduced by 14.3%.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38A no.9
• /
• pp.759-764
• /
• 2013

We present a square root algorithm in $F_q$ which generalizes Atkin's square root algorithm [9] for finite field $F_q$ of q elements where $q{\equiv}5$ (mod 8) and Kong et al.'s algorithm [11] for the case $q{\equiv}9$ (mod 16). Our algorithm precomputes ${\xi}$ a primitive $2^s$-th root of unity where s is the largest positive integer satisfying $2^s|q-1$, and is applicable for the cases when s is small. The proposed algorithm requires one exponentiation for square root computation and is favorably compared with the algorithms of Atkin, M$\ddot{u}$ller and Kong et al.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.898-900
• /
• 2005

모듈러 멱승은 양수 x, E, N에 대하여 $x^Emod$ N로 정의된다. 모듈러 멱승 연산은 대부분의 공개키 암호화 알고리즘과 전자서명 프로토콜에서 핵심적인 연산으로 사용되고 있으므로, 그 효율성은 암호 프로토콜의 성능에 직접적인 영향을 미친다. 따라서 모듈러 멱승 연산에 필요한 곱셈 수를 감소시키기 위하여, 슬라이딩 윈도우를 적용한 CLNW 방법이나 VLNW 방법이 가장 널리 사용되고 있다. 본 논문에서는 조합론(combinatorics)에서 많이 응용되는 그래프 모델을 모듈러 멱승 연산에 적용할 수 있음을 보이고, 일반화된 그래프 모델을 통하여 VLNW 방법보다 더 적은 곱셈 수로 모듈러 멱승을 수행하는 방법을 설명한다. 본 논문이 제안하는 방법은 전체 곱셈 수를 감소시키는 새로운 블록들을 일반화된 그래프 모델의 초기 블록 테이블에 추가할 수 있는 초기 블록 테이블의 두 가지 확장 방법들로써, 접두사 블록의 확장과 덧셈 사슬 블록의 확장이다. 이 방법들은 새로운 블록을 초기 블록 테이블에 추가하기 위해 필요한 곱셈의 수와 추가한 뒤의 전체 곱셈 수를 비교하면서 초기 블록 테이블을 제한적으로 확장하므로, 지수 E에 non-zero bit가 많이 나타날수록 VLNW 방법에 비해 좋은 성능을 보이며 이는 실험을 통하여 검증하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.105-112
• /
• 2003

In this raper, we propose two simple and efficient key agreement protocols, called SEKA-H and SEKA-E, which use a pre-shared password between two parties for mutual authentication and agreeing a common session key. The SEKA-H protocol uses a hash function to verify an agreed session key. The SEKA-E Protocol, a variant of SEKA-H, uses an exponentiation operation in the verification phase. They are secure against the man-in-the-middle attack the password guessing attack and the Denning-Sacco attack and provide the perfect forward secrecy. The SEKA-H protocol is very simple in structure and provides good efficiency compared with other well-known protocols. The SEKA-E protocol is also comparable with the previous protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.75-84
• /
• 2008

Recently, the straightforward CRT-RSA was shown to be broken by fault attacks through many experimental results. In this paper, we analyze the fault attacks against CRT-RSA and their countermeasures, and then propose a new fault infective method resistant to the various fault attacks on CRT-RSA. In our CRT-RSA algorithm, if an error is injected in exponentiation with modulo p or q, then the error is spreaded by fault infective computation in CRT recombination operation. Our countermeasure doesn't have extra error detection procedure based on decision tests and doesn't use public parameter such as e. Also, the computational cost is effective compared to the previous secure countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.87-94
• /
• 2002

This study presents an MSB(Most Significant Bit) Int multiplier using cellular automata, along with a new MSB first multiplication algorithm over GF($2^m$). The proposed architecture has the advantage of high regularity and a reduced latency based on combining the characteristics of a PBCA(Periodic Boundary Cellular Automata) and with the property of irreducible AOP(All One Polynomial). The proposed multiplier can be used in the effectual hardware design of exponentiation architecture for public-key cryptosystem.

• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.32-40
• /
• 2001

In this paper, we propose a high-speed modular multiplication algorithm which revises conventional Montgomery's algorithm. A hardware architecture is also presented to implement 1024-bit RSA cryptosystem for digital signature based on the proposed algorithm. Each iteration in our approach requires only one addition operation for two n-bit integers, while that in Montgomery's requires two addition operations for three n-bit integers. The system which is modelled in VHDL(VHSIC Hardware Description Language) is simulated in functionally through the use of $Synopsys^{TM}$ tools on a Axil-320 workstation, where Altera 10K libraries are used for logic synthesis. For FPGA implementation, timing simulation is also performed through the use of Altera MAX + PLUS II. Experimental results show that the proposed RSA cryptosystem has distinctive features that not only computation speed is faster but also hardware area is drastically reduced compared to conventional approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.727-738
• /
• 2015

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.10
• /
• pp.2750-2759
• /
• 2009

In this paper, we analyze vulnerabilities in a remote authentication protocol using smartcards which was proposed by Bindu et al. and propose an improved scheme. The proposed scheme can prevent from restricted replay attack and denial of service attack by replacing time stamp with random number. In addition, this protocol can guarantee user anonymity by transmitting encrypted user's ID using AES cipher algorithm. The computational load in our protocol is decreased by removing heavy exponentiation operations and user efficiency is enhanced due to addition of password change phase in which a user can freely change his password. Furthermore, we really implement the proposed authentication protocol using a STM smartcard and authentication server. Then we prove the correctness and effectiveness of the proposed remote authentication system.