• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.5
• /
• pp.512-516
• /
• 2008

A conference-key agreement protocol is essential for computer network conferences that need secure communications. Especially, the fault-tolerant conference-key agreement can make a shared conference-key even if some make conferees disturb the key agreement processes. However, the performance of the previous fault-tolerant conference-key agreement protocols is decreasing significantly when the number of fake conferees is increasing. In this paper, we propose an efficient fault-tolerant conference key agreement protocol. Our scheme is based on the ID-based one round tripartite conference key agreement protocol. Simulation results show our scheme's efficiency against Yi's method especially when the number of fake conferees is large.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.600-616
• /
• 2021

SIMON and SPECK are two families of lightweight block ciphers that have excellent performance on hardware and software platforms. At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits. In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. We firstly prove theoretically that SIMON is a non-Markov cipher, which means that the results based on conventional differential cryptanalysis may be inaccurate. Then we train a residual neural network to get the 7-, 8-, 9-round neural distinguishers for SIMON32/64. To prove the effectiveness for our distinguishers, we perform the distinguishing attack and key-recovery attack against 15-round SIMON32/64. The results show that the real ciphertexts can be distinguished from random ciphertexts with a probability close to 1 only by 2^8.7 chosen-plaintext pairs. For the key-recovery attack, the correct key was recovered with a success rate of 23%, and the data complexity and computation complexity are as low as 2⁸ and 2^20.1 respectively. All the results are better than the existing literature. Furthermore, we briefly discussed the effect of different residual network structures on the training results of neural distinguishers. It is hoped that our findings will provide some reference for future research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.27-35
• /
• 2008

In this paper we show that the full-round SCO-1[12] is vulnerable to the related-key differential attack. The attack on the full-round SCO-1 requires $2^{61}$ related-key chosen ciphertexts and $2^{120.59}$ full-round SCO-1 decryptions. This work is the first known attack on SCO-1.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.37-47
• /
• 2004

The security of personal informations has been an important issue since the field of smart card applications has been expanded explosively. The security of smart card is based on cryptographic algorithms, which are highly required to be implemented into hardware for higher speed and stronger security. In this paper, a SEED cryptographic processor is designed by employing one round key generation block which generates 16 round keys without key registers and one round function block which is used iteratively. Both the round key generation block and the F function are using only one G function block with one 5${\times}$l MUX sequentially instead of 5 G function blocks. The proposed SEED processor has been implemented such that each round operation is divided into seven sub-rounds and each sub-round is executed per clock. Functional simulation of the proposed cryptographic processor has been executed using the test vectors which are offered by Korea Information Security Agency. In addition, we have evaluated the proposed SEED processor by executing VHDL synthesis and FPGA board test. The die area of the proposed SEED processor decreases up to approximately 40% compared with the conventional processor.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.795-803
• /
• 2020

In this paper, we study known-key distinguishing and partial-collision attacks on GFN-2 structures with SP F-functions and various block lengths. Firstly, we show the known-key distinguishing attack is possible up to 15 rounds. Secondly, for the case that the last round function has the shuffle operation, we show that the partial-collision attack is possible up to 14 rounds. Finally, for the case that the last round function has no shuffle operation, we show that the partial-collision attacks are possible up to 11 rounds.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.77-85
• /
• 2002

We present the impossible differential cryptanalysis of the block cipher XTEA[7] and TEA[6]. The core of the design principle of these block ciphers is an easy implementation and a simplicity. But this simplicity dose not offer a large diffusion property. Our impossible differential cryptanalysis of reduced-round versions of XTEA and TEA is based on this fact. We will show how to construct a 12-round impossible characteristic of XTEA. We can then derive 128-bit user key of the 14-round XTEA with $2^{62.5}$ chosen plaintexts and $2^{85}$ encryption times using the 12-round impossible characteristic. In addition, we will show how to construct a 10-round impossible characteristic or TEA. Then we can derive 128-bit user key or the 11-round TEA with $2^{52.5}$ chosen plaintexts and $2^{84}$ encryption times using the 10-round impossible characteristic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.41-55
• /
• 2005

A group key agreement protocol allows a group of user to share a key which may later be used to achieve certain cryptographic goals. In this paper, we propose a new scalable two-round ID-based group key agreement protocol which would be well fit to a Pay-TV system, additionally. to the fields of internet stock quotes, audio and music deliveries, software updates and the like. Our protocol improves the three round poop key agreement protocol of Nam et al., resulting in upgrading the computational efficiency by using the batch verification technique in pairing-based cryptography. Also our protocol simplifies the key agreement procedures by utilizing ID-based system. We prove the security of our protocol under the Computational Diffie-Hellman assumption and the Bilinear Decisional Diffie-Hellman assumption. Also we analyze its efficiency.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11C
• /
• pp.1023-1029
• /
• 2006

In this Paper, we present a novel authentication and key exchange(AKE) protocol for inter-NSP(provider) roaming in IEEE 802.16e networks. The proposed protocol allows performing both user and device authentication jointly by using two different authentication credentials and Provides user anonymity and session key establishment. Also, this protocol requires only two round number message exchange between foreign network and home network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4548-4559
• /
• 2018

Conditional differential attack against NFSR-based cryptosystems proposed by Knellwolf et al. in Asiacrypt 2010 has been widely used for analyzing round-reduced Grain v1. In this paper, we present improved conditional differential attacks on Grain v1 based on a factorization simplification method, which makes it possible to obtain the expressions of internal states in more rounds and analyze the expressions more precisely. Following a condition-imposing strategy that saves more IV bits, Sarkar's distinguishing attack on Grain v1 of 106 rounds is improved to a key recovery attack. Moreover, we show new distinguishing attack and key recovery attack on Grain v1 of 107 rounds with lower complexity O($2^{34}$) and appreciable theoretical success probability 93.7%. Most importantly, our attacks can practically recover key expressions with higher success probability than theoretical results.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.39 no.11
• /
• pp.33-43
• /
• 2002

This paper describes a design of cryptographic processor that implements the AES (Advanced Encryption Standard) block cipher algorithm "Rijndael". To achieve high throughput rate, a sub-pipeline stage is inserted into a round transformation block, resulting that two consecutive round functions are simultaneously operated. For area-efficient and low-power implementation, the round transformation block is designed to share the hardware resources for encryption and decryption. An efficient on-the-fly key scheduler is devised to supports the three master-key lengths of 128-b/192-b/256-b, and it generates round keys in the first sub-pipeline stage of each round processing. The Verilog-HDL model of the cryptoprocessor was verified using Xilinx FPGA board and test system. The core synthesized using 0.35-${\mu}m$ CMOS cell library consists of about 25,000 gates. Simulation results show that it has a throughput of about 520-Mbits/sec with 220-MHz clock frequency at 2.5-V supply.