• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.29-40
• /
• 2005

In this paper we consider the security of recently proposed software-orienred stram cipher HELIX, SCREAM, MUGI, and PANAMA against algebraic attacks. Algebraic attack is a key recovery attack by solving an over-defined system of multi-variate equations with input-output pairs of an algorithm. The attack was firstly applied to block ciphers with some algebraic properties and then it has been mon usefully applied to stream ciphers. However it is difficult to obtain over-defined algebraic equations for a given cryptosystem in general. Here we analyze recently proposed software-oriented stream ciphers by constructing a system of equations for each cipher. furthermore we propose three design considerations of software-oriented stream ciphers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.43-54
• /
• 2002

McEliece introduced a public-key cryptosystem based on Algebraic codes, specially binary classical Goppa which have a good decoding algorithm and vast number of inequivalent codes with given parameters. And the advantage of this system low cost of their encryption and decryption procedures compared with other public-key systems specially RSA, ECC based on DLP(discrete logarithm problem). But in [1], they resent new attack based on probabilistic algorithm to find minimum weight codeword, so for a sufficient security level, much larger parameter size [2048, 1608,81]is required. Then the big size of public key make McEliece PKC more inefficient. So in this paper, we will propose New Type PKC using q-ary Hyperelliptic code so that with smaller parameter(1 over 3) but still work factor as hi인 as McEliece PKC and faster encryption, decryption can be maintained.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.71-77
• /
• 2004

It was proved that Hen is an algebraic ,elation of degree [n(l+1]/2] for an (n, 1)-combine. which consists of n LFSRs and l memory bits. For the summation generator with $2^k$ LFSRs which uses k memory bits, we show that there is a non-trivial relation of degree at most $2^k$ using k+1 consecutive outputs. In general, for the summation generator with n LFSRs, we can construct a non-trivial algebraic relation of degree at most 2$^{{2^{[${log}_2$}n]}}$ using [${log}_2$＋1 consecutive outputs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.119-125
• /
• 2005

We propose a new code-based publick key encryption scheme. It is obtained by modifying the Augot and Finiasz scheme proposed at Eurocrypt 2003. We replace the Reed-Solomon codes with general algebraic-geometry codes and employ Guruswami-Sudan decoding algorithm for decryption. The scheme is secure against Colon's attack or Kiayias and Yung's attack to which the Augot and Finiasz scheme is vulnerable. Considering basic attacks aprlied to the Augot and Finiasz scheme, we claim that the proposed scheme provides similar security levels as the Augot and Finiasz scheme was claimed to provide for given key lengths.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.65-70
• /
• 1998

K. Nyberg and L.R. Knudsen showed a prototype of a DES-like cipher$^{[1]}$ which has a provable security against differential cryptanalysis. But in the last year, at FSE'97 T. Jakobsen ane L.R.Knudsen broked it by using higher order differential attack and interpolation attack$^{[2]}$ . Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis$^{[3]}$ and it was suspected to have a large complexity for its implementation.Inthis paper the two improved results for the dfficidnt hardware and software implementation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.7
• /
• pp.1462-1470
• /
• 2003

According to the necessity about information security as well as the advance of IT system and the spread of the Internet, a variety of cryptography algorithms are being developed and put to practical use. In addition the technique about cryptography attack also is advanced, and the algorithms which are strong against its attack are being studied. If the linear transformation matrix in the block cipher algorithm such as Substitution Permutation Networks(SPN) produces the Maximum Distance Separable(MDS) code, it has strong characteristics against the differential attack and linear attack. In this paper, we propose a new algorithm which cm estimate that the linear transformation matrix produces the MDS code. The elements of input code of linear transformation matrix over GF$({2_n})$ can be interpreted as variables. One of variables is transformed as an algebraic formula with the other variables, with applying the formula to the matrix the variables are eliminated one by one. If the number of variables is 1 and the all of coefficient of variable is non zero, then the linear transformation matrix produces the MDS code. The proposed algorithm reduces the calculation time greatly by diminishing the number of multiply and reciprocal operation compared with the conventional algorithm which is designed to know whether the every square submatrix is nonsingular.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1001-1011
• /
• 2017

A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

• Journal of Information Processing Systems
• /
• v.7 no.4
• /
• pp.691-706
• /
• 2011

Since security and privacy problems in RFID systems have attracted much attention, numerous RFID authentication protocols have been suggested. One of the various design approaches is to use light-weight logics such as bitwise Boolean operations and addition modulo $2^m$ between m-bits words. Because these operations can be implemented in a small chip area, that is the major requirement in RFID protocols, a series of protocols have been suggested conforming to this approach. In this paper, we present new attacks on these lightweight RFID authentication protocols by using the Gr$\ddot{o}$bner basis. Our attacks are superior to previous ones for the following reasons: since we do not use the specific characteristics of target protocols, they are generally applicable to various ones. Furthermore, they are so powerful that we can recover almost all secret information of the protocols. For concrete examples, we show that almost all secret variables of six RFID protocols, LMAP, $M^2AP$, EMAP, SASI, Lo et al.'s protocol, and Lee et al.'s protocol, can be recovered within a few seconds on a single PC.