• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.33-43
• /
• 2023

The National Institute of Standards and Technology (NIST), which is working on the Post-Quantum Cryptography (PQC) standardization project, announced four algorithms that have been finalized for standardization. In this paper, we demonstrate through experiments that private keys can be exposed by Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) attacks on polynomial coefficient-wise multiplication algorithms that operate in the process of generating signatures using CRYSTALS-Dilithium algorithm. As a result of the experiment on ARM-Cortex-M4, we succeeded in recovering the private key coefficient using CPA or DDLA attacks. In particular, when StandardScaler preprocessing and continuous wavelet transform applied power traces were used in the DDLA attack, the minimum number of power traces required for attacks is reduced and the Normalized Maximum Margines (NMM) value increased by about 3 times. Conseqently, the proposed methods significantly improves the attack performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.1-9
• /
• 2024

Multivariate Quadratic (MQ)-based digital signature schemes have advantages such as ease of implementation and small signature sizes, making them promising candidates for post-quantum cryptography. To enhance the efficiency of such MQ-based digital signature schemes, utilizing sparse matrices have been proposed, including HiMQ, which has been standardized by Korean Telecommunications Technology Association standard. However, HiMQ shares a similar key structure with Rainbow, which is a representative MQ-based digital signature scheme and was broken by the MinRank attack proposed in 2022. While HiMQ was standardized by a TTA and recommended parameters were provided, these parameters were based on cryptanalysis as of 2020, without considering recent attacks. In this paper, we examine attacks applicable to MQ-based digital signatures, specifically targeting HiMQ, and perform a security analysis. The most effective attack against HiMQ is the combined attack, an improved version of the MinRank attack proposed in 2022, and none of the three recommended parameters satisfy the desired security strength. Furthermore, HiMQ-128 and HiMQ-160 do not meet the minimum security strength requirement of 128-bit security level.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.3
• /
• pp.1376-1395
• /
• 2018

UOV is one of the most important signature schemes in Multivariate Public Key Cryptography (MPKC). It has a strong security guarantee and is considered to be quantum-resistant. However, it suffers from large key size and its signing procedure is relatively slow. In this paper, we propose a new secure UOV variant (Circulant UOV) with shorter private key and higher signing efficiency. We estimate that the private key size of Circulant UOV is smaller by about 45% than that of the regular UOV and its signing speed is more than 14 times faster than that of the regular UOV. We also give a practical implementation on modern x64 CPU, which shows that Circulant UOV is comparable to many other signature schemes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.129-132
• /
• 2019

현재 양자컴퓨터 개발에 대한 전폭적인 연구가 이루어지고 있다. 지금의 양자컴퓨터의 개발수준은 기존 암호 시스템에 위협이 될 정도는 아니지만, 가까운 미래에 다가올 양자컴퓨터 시대에 대한 양자내성암호가 필요한 상황이다. 이에 양자내성암호 표준화를 위해 미국 NIST는 공모전을 열었고, 본 논문에서는 양자컴퓨터 개발현황과 NIST(National Institute of Standards and Technology) 양자내성암호 공모전의 암호알고리즘 설명과 동향을 살펴보고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.232-235
• /
• 2023

ICT 기술과 IoT 기술의 급속한 발전으로 인해 인간은 네트워크와 밀접한 관계를 형성하며 이를 통해 다양한 서비스를 경험하고 있다. 그러나 ICT 기술의 발전과 함께 사이버 공격의 급증으로 인해 네트워크 보안에 대한 필요성이 대두되고 있다. 또한 양자 컴퓨팅을 활용한 다양한 공격은 기존 암호화 체계를 무너뜨려 빠른 대응 및 솔루션이 필요하다. 양자 기반 공격으로부터 안전한 네트워크 환경을 구축하기 위해 양자 키 분배 시스템 및 양자 내성 암호가 활발히 연구되고 있으며 NIST 에서 발표한 양자 내성 암호화 기법의 성능, 취약점, 실제 네트워크 상의 구현 가능성, 향후 발전 방향 등 다각적 관점에서 연구 및 분석이 진행되고 있다. 본 논문에서는 양자 기반 공격에 대해 설명하고 양자 내성 암호화 기법의 연구 동향에 대해 분석한다. 또한, 양자 중첩, 양자 불확실성 등 양자의 물리적 성질을 활용함으로써 양자 공격으로 부터 안정성을 제공할 수 있는 양자 키 분배 기법에 대해 설명한다.

• Journal of IKEEE
• /
• v.25 no.1
• /
• pp.88-94
• /
• 2021

Public-key cryptographic algorithms such as RSA and ECC, which are currently in use, have used mathematical problems that would take a long time to calculate with current computers for encryption. But those algorithms can be easily broken by the Shor algorithm using the quantum computer. Lattice-based cryptography is proposed as new public-key encryption for the post-quantum era. This cryptographic algorithm is performed in the Polynomial Ring, and polynomial multiplication requires the most processing time. Therefore, a hardware model module is needed to calculate polynomial multiplication faster. Number Theoretic Transform, which called NTT, is the FFT performed in the finite field. The logic verification was performed using HDL, and the proposed design at the transistor level using Hspice was compared and analyzed to see how much improvement in delay time and power consumption was achieved. In the proposed design, the average delay was improved by 30% and the power consumption was reduced by more than 8%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1137-1148
• /
• 2021

The main obstacle for implementing CSIDH-based cryptography is that it requires generating a kernel of a small prime order to compute the group action using Velu's formula. As this is a quite painstaking process for small torsion points, a new approach called radical isogeny is recently proposed to compute chains of isogenies from a coefficient of an elliptic curve. This paper presents an optimized implementation of radical isogenies and analyzes its ideal use in CSIDH-based cryptography. We tailor the formula for transforming Montgomery curves and Tate normal form and further optimized the radical 2- and 3- isogeny formula and a projective version of radical 5- and 7- isogeny. For CSIDH-512, using radical isogeny of degree up to 7 is 15.3% faster than standard constant-time CSIDH. For CSIDH-4096, using only radical 2-isogeny is the optimal choice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1059-1068
• /
• 2022

A Post-Quantum Cryptographic algorithm NTRU, which is designed by considering the computational power of quantum computers, satisfies the mathematically security level. However, it should consider the characteristics of side-channel attacks such as power analysis attacks in hardware implementation. In this paper, we verify that the private key can be recovered by analyzing the power signal generated during the decryption process of NTRU. To recover the private keys, the Simple Power Analysis (SPA), Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) were all applicable. There is a shuffling technique as a basic countermeasure to counter such a power side-channel attack. Neverthe less, we propose a more effective method. The proposed method can prevent CPA and DDLA attacks by preventing leakage of power information for multiplication operations by only performing addition after accumulating each coefficient, rather than performing accumulation after multiplication for each index.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.11-19
• /
• 2019

The blockchain is a technique for managing transaction data in distributed computing manner without the involvement of central trust authority. The blockchain has been used in various area such as manufacturing, culture, and public as well as finance because of its advantage of the security, efficiency and applicability. In the blockchain, it was considered safe against 51% attack because the adversary could not have more than 50% hash power. However, there have been cases caused by large-scale computing attacks such as 51% and selfish mining attack, and the frequency of these attacks is increasing. In addition, since the development of quantum computers can hold exponentially more information than their classical computer, it faces a new type of threat using quantum algorithms. In this paper, we perform the security analysis of blockchain attacks composing the large computing capabilities including quantum computing attacks. Finally, we suggest the technologies and future direction of the blockchain development in order to be safe against large-scale computing attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1099-1112
• /
• 2018

The field of post-quantum cryptography (PQC) is an active area of research as cryptographers look for public-key cryptosystems that can resist quantum adversaries. Among those categories in PQC, code-based cryptosystem provides high security along with efficiency. Recent works on code-based cryptosystems focus on the side-channel resistant implementation since previous works have indicated the possible side-channel vulnerabilities on existing algorithms. In this paper, we recovered the secret key in HyMES(Hybrid McEliece Scheme) using a single power consumption trace. HyMES is a variant of McEliece cryptosystem that provides smaller keys and faster encryption and decryption speed. During the decryption, the algorithm computes the parity-check matrix which is required when computing the syndrome. We analyzed HyMES using the fact that the joint distributions of nonlinear functions used in this process depend on the secret key. To the best of our knowledge, we were the first to propose the side-channel analysis based on joint distributions of leakages on public-key cryptosystem.