• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.33-41
• /
• 2012

A differential fault analysis(DFA) is one of the most important side channel attacks on block ciphers. Most block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. PRESENT is a 64-bit block cipher with 80/128-bit secret keys and has a 31-round SP-network. So far, several DFAs on PRESENT have been proposed. These attacks recovered 80, 128-bit secret keys of PRESENT with 8~64 fault injections. respectively. In this paper, we propose an improved DFA on PRESENT-80/128. Our attack can reduce the complexity of exhaustive search of PRESENT-80(resp. 128) to on average 1.7(resp. $2^{22.3}$) with 2(resp. 3) fault injections, From these results, our attack results are superior to known DFAs on PRESENT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.35-44
• /
• 2011

The PP-1/64-128 block cipher support variety data block and secret key size. Also, it is suitable for hardware implementation and can much easier to apply Concurrent Error Detection(CED) for cryptographic chips compared to other block ciphers, because it has same encryption and decryption process. In this paper, we proposed truncated differential cryptanalysis of PP-1/64-128. the attack on PP-1/64-128 block cipher requires $2^{50.16}$ chosen plaintexts, $2^{46.16}$ bytes memory spaces and $2^{50.45}$ PP-1/64-128 encryption to retrieve secret key. This is the best result of currently known PP-1/64-128 differential cryptanalysis.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.437-440
• /
• 2009

We propose a fast stream cipher ASC16 for software implementation. ASC16 has a very simple structure with ASR(Arithmetic Shift Register), NLF(Non-Linear Filter), and NLB(Non-Linear Block), and is executed by a word. It is a stream cipher for wireless communication, which makes 32bit key streams using s-box with non-linear transformation. The processed result is almost same as SSC2, 32bit output stream cipher, developed by Zhang, Carroll, and Chan. The period is longer than SSC2, and it causes the difficulty of Correlation attack and raises security very much. The proposed ASC16 is efficiently used in the process of a fast cipher in the limited environment such as wireless communication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1296-1302
• /
• 2016

A hardware implementation of ultra-lightweight block cipher algorithm PRESENT that was specified as a block cipher standard for lightweight cryptography ISO/IEC 29192-2 is described in this paper. Two types of crypto-core that support master key size of 80-bit are designed, one is for encryption-only function, and the other is for encryption and decryption functions. The designed PR80 crypto-cores implement the basic cipher mode of operation ECB (electronic code book), and it can process consecutive blocks of plaintext/ciphertext without reloading master key. The PR80 crypto-cores were designed in soft IP with Verilog HDL, and they were verified using Virtex5 FPGA device. The synthesis results using $0.18{\mu}m$ CMOS cell library show that the encryption-only core has 2,990 GE and the encryption/decryption core has 3,687 GE, so they are very suitable for IoT security applications requiring small gate count. The estimated maximum clock frequency is 500 MHz for the encryption-only core and 444 MHz for the encryption/decryption core.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.47-57
• /
• 2003

In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC) and show that we can attack full-round CIKS-1 with \ulcorner56-bit key through the canonical extension of our attack. A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduling which consist in data dependent transformation of the round subkeys. Taking into accout the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p=3/4 for 16 parallel modulo $2^2$ additions to construct one-round linear approximation and derive one-round linear approximation with the probability P=1/2+$2^{-17}$ by Piling-up lemma. Then we present 3-round linear approximation with 1/2+$2^{-17}$ using this one-round approximation and attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion we present that our attack requires $2^{38}$chosen plaintexts with a probability of success of 99.9% and about $2^{67-7}$encryption times to recover the last round key.(But, for the full-round CIKS-1, our attack requires about $2^{166}$encryption times)

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1111-1120
• /
• 2008

Cellular automata(CA) is often applied to design cryptosystems because it has good diffusion and local interaction effects. Recently, a 128-bit CA-based block cipher, called CAB1, and a 64-bit reversible CA-based block cipher, called CAB2, were proposed in KMMS'02 and CEC'04, respectively. In this paper, we introduce cryptanalytic results on CAB1 and CAB2. Firstly, we propose a differential attack on CAB1, which requires $2^{31.41}$ chosen plaintexts with about $2^{13.41}$ encryptions. Secondly, we show that CAB2 has a security of 184 bits using the statistical weakness. Note that the designers of CAB2 insist that it has a security of 224 bits. These are the first known cryptanalytic results on them.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.2
• /
• pp.351-358
• /
• 2016

This paper describes an efficient hardware implementation of lightweight block cipher algorithm CLEFIA. The CLEFIA crypto-processor supports for three master key lengths of 128/192/256-bit, and it is based on the modified generalized Feistel network (GFN). To minimize hardware complexity, a unified processing unit with 8 bits data-path is designed for implementing GFN that computes intermediate keys to be used in round key scheduling, as well as carries out round transformation. The GFN block in our design is reconfigured not only for performing 4-branch GFN used for round transformation and intermediate round key generation of 128-bit, but also for performing 8-branch GFN used for intermediate round key generation of 256-bit. The CLEFIA crypto-processor designed in Verilog HDL was verified by using Virtex5 XC5VSX50T FPGA device. The estimated throughput is 81.5 ~ 60 Mbps with 112 MHz clock frequency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1295-1305
• /
• 2017

There is SEED cryptosystem in domestic block cipher standard. This code was drafted by the Korea Information Security Agency (KISA) in October 1998 and underwent a public verification process in December of the same year, which resulted in the final amendment to improve safety and performance. Unlike DES, it is a 128-bit block cipher that has been passed through various processes and established in 2005 as an international standard. It is a block cipher with a pastel structure like DES, but the input bit block has been increased to 128 bits, double DES. In this paper, first, we introduce the general algorithm of SEED cryptosystem and analyzed mathematically generating principle of key-value which is used in F-function. Secondly, we developed a table that calculates the exponent of the primitive element ${\alpha}$ corresponding to the 8-bit input value of the S-function and finally analyzed calculating principle of S-function designed in G-function through the new theorem and example. Through this course, we hope that it is to be suggest the ideas and background theory needed in developing new cryptosystem to cover the weakness of SEED cryptosystem.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.4
• /
• pp.588-594
• /
• 2021

SIMON, a lightweight block cipher developed by the US National Security Agency, is a family of block ciphers optimized for hardware implementation. It supports many kinds of standards to operate in various environments. The counter mode of operation is one of the operational modes. It provides to encrypt plaintext which is longer than the original size. The counter mode uses a constant(Nonce) and Counter value as an input value. Since Nonce is the identical for all blocks, so it always has same result when operates with other constant values. With this feature, it is possible to skip some instructions of round function by pre-computation. In general, the input value of SIMON is affected by the counter. However in an 8-bit environment, it is calculated in 8-bit units, so there is a part that can be pre-computed. In this paper, we focus the part that can be pre-calculated, and compare with previous works.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.67-75
• /
• 2001

3GPP proposed f8 and f9 algorithms based on the block cipher KASUMI to provide the data confidentiality and integrity over a radio access link for IMT-2000(W-CDMA). Also 3GPP proposed Milenage algorithm based on the block cipher Rijndael to provide an example set for 3GPP authentication and key generation functions. In order to analyze the security of 3GPP algorithms, we must go ahead an analysis of security of KASUMI and Rijndael. Since S-box is an important point of security of block cipher, in this paper we analyze the S-boxes of KASUMI and Rijndael and compare the S-boxes of KASUMI with the S-box of Rijndael. Although KASUMI S9-box is bad for AC and SAC, we find that AC of KASUMI FI function containing S7-box and S9-box is equal to AC of Rijndael S-box and SAC of KASUMI FI function is better than SAC of Rijndael S-box.