• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3815-3833
• /
• 2021

MILP-based automatic search is the most common method in analyzing the security of cryptographic algorithms. However, this method brings many issues such as low efficiency due to the large size of the model, and the difficulty in finding the contradiction of the impossible differential distinguisher. To analyze the security of ESF algorithm, this paper introduces a simplified MILP-based search model of the differential distinguisher by reducing constrains of XOR and S-box operations, and variables by combining cyclic shift with its adjacent operations. Also, a new method to find contradictions of the impossible differential distinguisher is proposed by introducing temporary variables, which can avoid wrong and miss selection of contradictions. Based on a 9-round impossible differential distinguisher, 15-round attack of ESF can be achieved by extending forward and backward 3-round in single-key setting. Compared with existing results, the exact lower bound of differential active S-boxes in single-key setting for 10-round ESF are improved. Also, 2108 9-round impossible differential distinguishers in single-key setting and 14 12-round impossible differential distinguishers in related-key setting are obtained. Especially, the round of the discovered impossible differential distinguisher in related-key setting is the highest, and compared with the previous results, this attack achieves the highest round number in single-key setting.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.5
• /
• pp.1082-1088
• /
• 2005

Generating fast round key in AES Rijndael algorithm using three key sizes, such as 128, 192, and 256-bit keys is a critical factor to develop high throughput AES processors. In this paper, we propose on-the-fly round key generator which is applicable to the pipelined and non-pipelined AES processor in which cipher and decipher nodes must be implemented on a chip. The proposed round key generator has modular and area-and-time efficient structure implemented with simple connection of two key expander modules, such as key_exp_m and key_exp_s module. The round key generator for non-pipelined AES processor with support of three key lengths and cipher/decipher modes has about 7.8-ns delay time under 0.25um 2.5V CMOS standard cell library and consists of about 17,700 gates.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.297-301
• /
• 2013

Key agreement protocols allow multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. Since Joux first published the pairing-based one round tripartite key agreement protocol, many authenticated protocols have been proposed. Unfortunately, many of them have been broken while others have been shown to be deficient in some desirable security attributes. In 2004, Cheng et al. presented two protocols aimed at strengthening Shim's certificate-based and Zhang et al.'s tripartite identity-based protocols. This paper reports that 1) In Cheng et al.'s identity-based protocol, an adversary can extract long-term private keys of all the parties involved; and 2) Cheng et al.'s certification-based protocol is weak against key integrity attacks. This paper suggests possible remedies for the security flaws in both protocols and then presents a modified Cheng et al.'s identity-based, one-round tripartite protocol that is more secure than the original protocol.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5717-5730
• /
• 2019

LBlock-s is the core block cipher of authentication encryption algorithm LAC, which uses the same structure of LBlock and an improved key schedule algorithm with better diffusion property. Using the differential properties of the key schedule algorithm and the cryptanalytic technique which combines impossible boomerang attacks with related-key attacks, a 15-round related-key impossible boomerang distinguisher is constructed for the first time. Based on the distinguisher, an attack on 22-round LBlock-s is proposed by adding 4 rounds on the top and 3 rounds at the bottom. The time complexity is about only 2^68.76 22-round encryptions and the data complexity is about 2⁵⁸ chosen plaintexts. Compared with published cryptanalysis results on LBlock-s, there has been a sharp decrease in time complexity and an ideal data complexity.

• Journal of the Korean Data and Information Science Society
• /
• v.23 no.6
• /
• pp.1203-1212
• /
• 2012

In this paper, we consider the development of round key generator of DES (data encryption standard) based on Microsoft Excel Macro, which was adopted as the FIPS (federal information processing standard) of USA in 1977. Simple introduction to DES is given. Algorithms for round key generator are adapted to excel macro. By repeating the 16 round which is consisted of diffusion (which hide the relation between plain text and cipher text) and the confusion (which hide the relation between cipher key and cipher text) with Microsoft Excel Macro, we can easily get the desired DES round keys.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.15-25
• /
• 2002

In this paper a design of high performance cryptographic processor which implements AES Rijndael algorithm is described. To eliminate performance degradation due to round-key computation delay of conventional processor, the on-the-fly precomputation of round key based on modified round structure is adopted. And on-the-fly round key generator which supports 128, 192, and 256-bit key has modular structure. The designed processor has iterative structure which uses 1 clock cycle per round and supports three operation modes, such as ECB, CBC, and CTR mode which is a candidate for new AES modes of operation. The cryptographic processor designed in Verilog-HDL and synthesized using 0.251$\mu\textrm{m}$ CMOS cell library consists of about 51,000 gates. Simulation results show that the critical path delay is about 7.5ns and it can operate up to 125Mhz clock frequency at 2.5V supply. Its peak performance is about 1.45Gbps encryption or decryption rate under 128-bit key ECB mode.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.3
• /
• pp.74-80
• /
• 2012

Recently at SCIS2011, Nakatsu et. al. proposed multi-round Correlation Power Analysis(CPA) on Hardware Advanced Encryption Standard(AES) to improve the performance of CPA with limited number of traces. In this paper, we propose, Multi-Round CPA to retrieve master key using CPA of 1round and 2round on Hardware DES. From the simulation result for the proposed attack method, we could extract 56-bit master key using the 300 power traces of Hardware DES in DPA contes. And it was proved that we can search more master key using multi-round CPA than using single round CPA in limited environments.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.12
• /
• pp.2333-2340
• /
• 2016

A LEA (Lightweight Encryption Algorithm) crypto-processor was designed, which supports three master key lengths of 128/ 192/256-bit, ECB and CTR modes of operation. To achieve high throughput rate, the round transformation block was designed with 128 bits datapath and a pipelined structure of 16 stages. Encryption/decryption is carried out through 12/14/16 pipelined stages according to the master key length, and each pipelined stage performs round transformation twice. The key scheduler block was optimized to share hardware resources that are required for encryption, decryption, and three master key lengths. The round keys generated by key scheduler are stored in 32 round key registers, and are repeatedly used in round transformation until master key is updated. The pipelined LEA processor was verified by FPGA implementation, and the estimated performance is about 8.3 Gbps at the maximum clock frequency of 130 MHz.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.11
• /
• pp.5639-5653
• /
• 2016

Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.977-983
• /
• 2009

Recently, several DDP, DDO and COS-based block ciphers have been proposed for hardware implementations with low cost. However, most of them are vulnerable to related-keyt attacks. A 12-round block cipher SCOS-3 is desinged to eliminate the weakness of DDP, DDO and COS-based block ciphers. In this paper, we propose a related-key differential attack on an 11-round reduced SCOS-3. The attack on an 11-round reduced SCOS-3 requires $2^{58}$ related-key chosen plaintexts and $2^{117.54}$ 11-round reduced SCOS-3 encryptions. This work is the first known attack on SCOS-3. Therefore, SCOS-3 is still vulnerable to related-key attacks.