• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.171-173
• /
• 2016

128-비트의 마스터 키를 지원하는 블록암호 AES-128을 IoT 보안에 적합하도록 경량화하여 구현하였다. 키 스케줄러와 라운드 블록을 8 비트 데이터 패스로 구현하고, 다양한 최적화 방법을 적용함으로써 하드웨어를 최소화시켰으며, 100 MHz 클록 주파수에서 4,400 GE의 작은 게이트로 구현되었다. Verilog HDL로 설계된 AES 크립토 코어를 Vertex5 XC5VSX50T FPGA 디바이스에 구현하여 올바로 동작함을 확인하였다.

• Journal of information and communication convergence engineering
• /
• v.9 no.6
• /
• pp.683-688
• /
• 2011

The wireless sensor network (WSN) is well known for an enabling technology for the ubiquitous environment such as real-time surveillance system, habitat monitoring, home automation and healthcare applications. However, the WSN featuring wireless communication through air, a resource constraints device and irregular network topology, is threatened by malicious nodes such as eavesdropping, forgery, illegal modification or denial of services. For this reason, security in the WSN is key factor for utilizing the sensor network into the commercial way. There is a series of symmetric cryptography proposed by laboratory or industry for a long time. Among of them, recently proposed HUMMINGBIRD algorithm, motivated by the design of the well-known Enigma machine, is much more suitable to resource constrained devices, including smart card, sensor node and RFID tags in terms of computational complexity and block size. It also provides resistance to the most common attacks such as linear and differential cryptanalysis. In this paper, we implements ultra-lightweight cryptography, HUMMINGBIRD algorithm into the resource constrained device, sensor node as a perfectly customized design of sensor node.

• ETRI Journal
• /
• v.45 no.6
• /
• pp.1090-1102
• /
• 2023

Authenticated multiple key agreement (AMKA) protocols provide participants with multiple session keys after one round of authentication. Many schemes use Diffie-Hellman or authenticated key agreement schemes that rely on hard integer factorizations that are vulnerable to quantum algorithms. Lattice cryptography provides quantum resistance to authenticated key agreement protocols, but the certificate always incurs excessive public key infrastructure management overhead. Thus, a lightweight lattice-based secure system is needed that removes this overhead. To answer this need, we provide a two-party lattice- and identity-based AMKA scheme based on bilateral short integer or computational bilateral inhomogeneous small integer solutions, and we provide a security proof based on the random oracle model. Compared with existing AMKA protocols, our new protocol has higher efficiency and stronger security.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.10
• /
• pp.111-117
• /
• 2018

CHAM is a lightweight block cipher, proposed in ICISC 2017. CHAM-n/k has the n-bit block and the k-bit key, and designers recommend CHAM-64/128, CHAM-128/128, and CHAM-128/256. In this paper, we study how to make optimal software implementation of CHAM such that it has high encryption speed on CPUs with high computing power. The best performances of our CHAM implementations are 1.6 cycles/byte for CHAM-64/128, 2.3 cycles/byte for CHAM-128/128, and 3.8 cycles/byte for CHAM-128/256. The comparison with existing software implementation results for well-known block ciphers shows that our results are competitive.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.9
• /
• pp.1382-1391
• /
• 2022

White-box cryptography can respond to white-box attacks that can access and modify memory by safely hiding keys in the lookup table. However, because the size of lookup tables is large and the speed of encryption is slow, it is difficult to apply them to devices that require real-time while having limited resources, such as IoT(Internet of Things) devices. In this work, we propose a scheme for collecting short-length plaintexts and processing them at once, utilizing the characteristics that white-box ciphers process encryption on a lookup table size basis. As a result of comparing the proposed method, assuming that the table sizes of the Chow and XiaoLai schemes were 720KB(Kilobytes) and 18,000KB, respectively, memory usage reduced by about 29.9% and 1.24% on average in the Chow and XiaoLai schemes. The latency was decreased by about 3.36% and about 2.6% on average in the Chow and XiaoLai schemes, respectively, at a Traffic Load Rate of 15 Mbps(Mega bit per second) or higher.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.607-615
• /
• 2022

The SITM (See-In-The-Middle) proposed in CHES 2020 is a methodology for side-channel assisted differential cryptanalysis. This technique analyzes the power traces of unmasked middle rounds in partial masked SPN block cipher implementation, and performs differential analysis with the side channel information. Blockcipher GIFT is a lightweight blockcipher proposed in CHES 2017, designed to correct the well-known weaknesses of block cipher PRESENT and provide the efficient implementation. In this paper, we propose SITM attacks on partial masked implementation of GIFT-128. This attack targets 4-round and 6-round masked implementation of GIFT-128 and time/data complexity is 2^14.01 /2^14.01, 2¹⁶ /2¹⁶. In this paper, we compare the masterkey recovery logic available in SITM attacks, establishing a criterion for selecting more efficient logic depending on the situation. Finally, We introduce how to apply the this attack to GIFT-COFB, one of the finalist candidates in NIST lightweight cryptography standardization process.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.3
• /
• pp.1-7
• /
• 2018

The IoT environment provides an infinite variety of services using many different devices and networks. The development of the IoT environment is directly proportional to the level of security that can be provided. In some ways, lightweight cryptography is suitable for IoT environments, because it provides security, higher throughput, low power consumption and compactness. However, it has the limitation that it must form a new cryptosystem and be used within a limited resource range. Therefore, it is not the best solution for the IoT environment that requires diversification. Therefore, in order to overcome these disadvantages, this paper proposes a method suitable for the IoT environment, while using the existing block cipher algorithm, viz. the lightweight cipher algorithm, and keeping the existing system (viz. the sensing part and the server) almost unchanged. The proposed BCL architecture can perform encryption for various sensor devices in existing wire/wireless USNs (using) lightweight encryption. The proposed BCL architecture includes a pre/post-processing part in the existing block cipher algorithm, which allows various scattered devices to operate in a daisy chain network environment. This characteristic is optimal for the information security of distributed sensor systems and does not affect the neighboring network environment, even if hacking and cracking occur. Therefore, the BCL architecture proposed in the IoT environment can provide an optimal solution for the diversified IoT environment, because the existing block cryptographic algorithm, viz. the lightweight cryptographic algorithm, can be used.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.584-586
• /
• 2017

In this paper we provide a unified crypto core that integrates lightweight symmetric cryptography and authentication. The crypto core implements a unified 128 bit key architecture of PRESENT encryption algorithm and a new lightweight encryption algorithm. The crypto core also consist of an authentication unit which neglects the use of hashing algorithms. Four algorithms are used for authentication which come from the Hopper-Blum (HB) and Hopper-Blum-Munilla-Penado (HB-MP) family of lightweight authentication algorithms: HB, HB+, HB-MP and HB-MP+. A unified architecture of these algorithms is implemented in this paper. The unified cryptosystem is designed using Verilog HDL, simulated with Modelsim SE and synthesized with Xilinx Design Suite 14.3. The crypto core synthesized to 1130 slices at 189Mhz frequency on Spartan6 FPGA device.

• Journal of IKEEE
• /
• v.22 no.3
• /
• pp.522-531
• /
• 2018

A public-key cryptography processor EC-RSA was designed, which integrates a 224-bit prime field elliptic curve cryptography (ECC) defined in the FIPS 186-2 as well as RSA with 2048-bit key length into a single hardware structure. A finite field arithmetic core used in both scalar multiplication for ECC and exponentiation for RSA was designed with 32-bit data-path. A lightweight implementation was achieved by an efficient hardware sharing of the finite field arithmetic core and internal memory for ECC and RSA operations. The EC-RSA processor was verified by FPGA implementation. It occupied 11,779 gate equivalents (GEs) and 14 kbit RAM synthesized with a 180-nm CMOS cell library and the estimated maximum clock frequency was 133 MHz. It takes 867,746 clock cycles for ECC scalar multiplication resulting in the estimated throughput of 34.3 kbps, and takes 26,149,013 clock cycles for RSA decryption resulting in the estimated throughput of 10.4 kbps.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.12
• /
• pp.1609-1617
• /
• 2019

Described in this paper is a design of hardware accelerator for implementing public-key cryptographic protocols (PKCPs) based on Elliptic Curve Cryptography (ECC) and RSA. It supports five elliptic curves (ECs) over GF(p) and three key lengths of RSA that are defined by NIST standard. It was designed to support four point operations over ECs and six modular arithmetic operations, making it suitable for hardware implementation of ECC- and RSA-based PKCPs. In order to achieve small-area implementation, a finite field arithmetic circuit was designed with 32-bit data-path, and it adopted word-based Montgomery multiplication algorithm, the Jacobian coordinate system for EC point operations, and the Fermat's little theorem for modular multiplicative inverse. The hardware operation was verified with FPGA device by implementing EC-DH key exchange protocol and RSA operations. It occupied 20,800 gate equivalents and 28 kbits of RAM at 50 MHz clock frequency with 180-nm CMOS cell library, and 1,503 slices and 2 BRAMs in Virtex-5 FPGA device.