• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.709-719
• /
• 2023

Recently, Post-Quantum Cryptography (PQC), which is secure against attacks using quantum computers, has been actively studied. In 2022, the KpqC competition, a competition for domestic PQC standardization, was launched, and a total of 16 candidate algorithms were received, and the first round is underway. In this paper, we apply Alexander May's Meet-LWE attack to TiGER, a lattice-based key encapsulation mechanism that is a candidate for the first round of the KpqC competition, and analyze its concrete attack complexity. The computational results of applying the Meet-LWE attack to each of the proposed parameters of TiGER show that the proposed TiGER192 parameter, which targets 192-bit quantum security, actually achieves 170-bit classical security. In addition, we propose a parameter setting to increase the attack complexity against the Meet-LWE attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.781-793
• /
• 2020

In this paper, we propose a new RLWE-based scheme named μ-Hope that exploits Error Correcting Code(ECC) on NewHope. The previous parameters of NewHope uses 12289 as a prime modulus, and the size of the public key, private key, and ciphertext is 928-byte, 1888-byte, and 1120-byte respectively, which can be said to be larger than other RLWE based algorithms. In this paper, we propose μ-Hope, which changes modulus 12289 to 769 to reduce the size of the public key, private key, and ciphertext. Also, we adopts XE1 as an Error Correcting Code(ECC) to solve the increased decryption failure rate caused by using a small prime modulus. As a result, the size of the public key, private key, and ciphertext decreased by 38%, 37%, and 37% respectively. As the computational efficiency caused by using a small prime modulus exceeds the performance degradation by exploiting ECC, this result in 25% performance improvement for a single key exchange.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3316-3332
• /
• 2019

In a transitive signature scheme, a signer wants to authenticate edges in a dynamically growing and transitively closed graph. Using transitive signature schemes it is possible to authenticate an edge (i, k), if the signer has already authenticated two edges (i, j) and (j, k). That is, it is possible to make a signature on (i, k) using two signatures on (i, j) and (j, k). We propose the first transitive signature schemes for undirected graphs from lattices. Our first scheme is provably secure in the random oracle model and our second scheme is provably secure in the standard model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2427-2445
• /
• 2016

In contrast to traditional "store-and-forward" routing mechanisms, network coding offers an elegant solution for achieving maximum network throughput. The core idea is that intermediate network nodes linearly combine received data packets so that the destination nodes can decode original files from some authenticated packets. Although network coding has many advantages, especially in wireless sensor network and peer-to-peer network, the encoding mechanism of intermediate nodes also results in some additional security issues. For a powerful adversary who can control arbitrary number of malicious network nodes and can eavesdrop on the entire network, cryptographic signature schemes provide undeniable authentication mechanisms for network nodes. However, with the development of quantum technologies, some existing network coding signature schemes based on some traditional number-theoretic primitives vulnerable to quantum cryptanalysis. In this paper we first present an efficient network coding signature scheme in the standard model using lattice theory, which can be viewed as the most promising tool for designing post-quantum cryptographic protocols. In the security proof, we propose a new method for generating a random lattice and the corresponding trapdoor, which may be used in other cryptographic protocols. Our scheme has many advantages, such as supporting multi-source networks, low computational complexity and low communication overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.45-56
• /
• 2013

When a signer signs a message, strong designated verifier signature allows the signer to designate a verifier. Only the designated verifier can make sure that the signature is generated by the signer. In addition, no one except the designated verifier can know the signature generated by some signer. In this paper, we propose an identity-based strong designated verifier signature scheme where users' public keys are identities. Our proposed scheme is the first identity-based strong designated verifier scheme from lattices. Naturally, our proposed scheme is secure against quantum computing attacks and has low computational complexity.