• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권3호
• /
• pp.972-985
• /
• 2022

In the year 2020, a new lightweight block cipher µ² is proposed. It has both good software and hardware performance, and it is especially suitable for constrained resource environment. However, the security evaluation on µ² against impossible differential cryptanalysis seems missing from the specification. To fill this gap, an impossible differential cryptanalysis on µ² is proposed. In this paper, firstly, some cryptographic properties on µ² are proposed. Then several longest 7-round impossible differential distinguishers are constructed. Finally, an impossible differential cryptanalysis on µ² reduced to 10 rounds is proposed based on the constructed distinguishers. The time complexity for the attack is about 2^69.63 10-round µ² encryptions, the data complexity is O(2⁴⁸), and the memory complexity is 2^63.57 Bytes. The reported result indicates that µ² reduced to 10 rounds can't resist against impossible differential cryptanalysis.

• ETRI Journal
• /
• 제39권1호
• /
• pp.108-115
• /
• 2017

ARIA is a 128-bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential-linear cryptanalysis. We present five rounds of differential-linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential-linear attacks based on six rounds of ARIA-128 and seven rounds of ARIA-256. This is the first multidimensional differential-linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.

• 정보보호학회논문지
• /
• 제17권1호
• /
• pp.121-125
• /
• 2007

차분 공격 및 선형 공격은 강력한 블록 암호 분석 기법으로 블록 암호 알고리즘의 안전성을 평가하는 중요한 도구로 여겨지고 있다. 따라서 블록 암호 설계자들은 차분 공격과 선형 공격에 안전한 블록 암호를 설계하고자 노력해 왔다. 본 논문에서는 세 가지의 새로운 블록 암호 구조를 소개하며, 한 라운드 함수의 최대 차분 구확률(최대 선형 확률)이 p(q)이고 라운드 함수가 전단사 함수일 때, 세 가지의 블록 암호 구조의 차분 확률(선형 확률)의 상한 값이 $p^2(q^2),\;2p^2(2q^2)$으로 유계할 최소 라운드를 증명한다.

• 한국정보통신설비학회:학술대회논문집
• /
• 한국정보통신설비학회 2008년도 정보통신설비 학술대회
• /
• pp.155-158
• /
• 2008

In 1989, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic computations even if these are executed inside tamper-resistant devices such as smart card. Since 1989, many papers were published to improve resistance of DPA. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods to protect iterated block ciphers such as DES against Differential Power Attack. The idea is to randomize the first few and last few rounds(3 $\sim$ 4 round) of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds. This paper show how to combine truncated differential cryptanalysis applied to the first few rounds of the cipher with power attacks to extract the secret key from intermediate unmasked values.

• 정보보호학회논문지
• /
• 제10권4호
• /
• pp.107-112
• /
• 2000

본 논문에서는 DES(Data Encryption Standard)를 변형하여 설계된 HEA(Hangul Encryption Algorithm)을 차분분석 관점에서의 안전성에 대하여 고찰하고자 한다. HEA는 한글 64음절(1,024 비트) 입 ·출력이 되도록 설계된 56비트 키를 사 용하고 DES와 동일한 8개의 S-box를 적용한 16라운드 Fiestel 구조의 블록 암호알고리즘이다. 본 논문에서는 기존의 DES에 적용한 차분분석 기법이 동일하게 HEA에도 적용됨을 보이고 10라운드로 축소된 HEA 경우 선택평문공격(chosen plaintext attack)이 가능하며 일정한 확률에 의해 분석됨을 증명하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권2호
• /
• pp.600-616
• /
• 2021

SIMON and SPECK are two families of lightweight block ciphers that have excellent performance on hardware and software platforms. At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits. In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. We firstly prove theoretically that SIMON is a non-Markov cipher, which means that the results based on conventional differential cryptanalysis may be inaccurate. Then we train a residual neural network to get the 7-, 8-, 9-round neural distinguishers for SIMON32/64. To prove the effectiveness for our distinguishers, we perform the distinguishing attack and key-recovery attack against 15-round SIMON32/64. The results show that the real ciphertexts can be distinguished from random ciphertexts with a probability close to 1 only by 2^8.7 chosen-plaintext pairs. For the key-recovery attack, the correct key was recovered with a success rate of 23%, and the data complexity and computation complexity are as low as 2⁸ and 2^20.1 respectively. All the results are better than the existing literature. Furthermore, we briefly discussed the effect of different residual network structures on the training results of neural distinguishers. It is hoped that our findings will provide some reference for future research.

• 정보보호학회논문지
• /
• 제8권1호
• /
• pp.65-70
• /
• 1998

K. Nyberg and L.R. Knudsen showed a prototype of a DES-like cipher$^{[1]}$ which has a provable security against differential cryptanalysis. But in the last year, at FSE'97 T. Jakobsen ane L.R.Knudsen broked it by using higher order differential attack and interpolation attack$^{[2]}$ . Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis$^{[3]}$ and it was suspected to have a large complexity for its implementation.Inthis paper the two improved results for the dfficidnt hardware and software implementation.

• 정보보호학회논문지
• /
• 제9권3호
• /
• pp.63-74
• /
• 1999

본 논문에서 제안하는 HEA(Hangul Encryption Algorithm)는 초성, 중성, 종성의 다차원구조로 이루어진 한글의 특성을 이용하여 조합형 한글 음절을 암호화하여 조합형 한글 음절을 생 성한다. HEA 에서는 암호화 결과가 모두 한글 터미널에 표시가능한 한글이므로 출력 내용이 표시가능해 야 하는 메일 시스템 등에 유용하게 사용될 수 있다. HEA는 DES에 기반하고 있으며 키전수 탐색 differential cryptanalysis linear cryptanalysis 에대하여 DES와 유사한 안전도를 가지며 암호문의 음 소별 임의성, 평문-암호문 연쇄효과 키-암호문 연쇄효과도 갖는다. In this paper we present a Hangul Encryption Algorithm (HEA) which encrypts composition Hangul syllables into composition Hangul syllables using the non-linear structure of Hangul. Since ciphertexts generated by HEA are displayable characters HEA can be used in applications such as Privacy Enhanced mail (PEM) where ciphertexts should be displayable characters. HEA is based on DES and it can be shown that HEA is as safe as DES against the exhaustive key search differential cryptanalysis and linear cryptanalysis. HEA also has randomness of phonemes of ciphertexts and satisfies plaintext-ciphetext avalanche effect and key-ciphertext avalanche effect.

• 정보보호학회논문지
• /
• 제11권3호
• /
• pp.45-52
• /
• 2001

본 논문에서는 SPN 구조 블록 암호의 안전성을 평가하는 알고리즘을 제안한다. 먼저, practical security를 이용하여 차분 공격과 선형 공격에 대한 안전성을 측정하는데 문제점이 있는 SPN 구조 블록 암호의 예를 제시한다. 다음으로, SPN 구조 블록 암호의 최대 차분 확률(maximum differential probability)과 linear hull 최대 선형 확률(maximum linear hull probability)을 측정하는 알고리즘을 제안하고, 이 알고리즘의 수행 효율성을 높이는 가속화 방법을 제안한다. 마지막으로, 제안한 알고리즘을 사용하여 블록 암호 E2의 라운드 함수 F의 최대 차분 확률 및 linear hull의 최대 선형 확률을 계산한다.

• 한국컴퓨터산업학회논문지
• /
• 제5권3호
• /
• pp.405-414
• /
• 2004

본 논문에서는 18-라운드 변형된 Feistel 구조를 갖는 128-bit 블록 암호알고리즘 Circle-g를 설계하고, 차분공격(differential cryptanalysis)과 선형공격(linear cryptanalysis)을 통해 안정성을 분석하였다. Circle-g의 f-함수는 2-라운드만에 완전 확산(diffusion)이 일어나도록 설계되었다. 이러한 우수한 확산효과로 인해 9-라운드 차분특성이 구성될 확률은 2^{-144}로, 12-라운드 선형특성이 구성될 확률은 2^{-144}로 분석되었다. 결과적으로 Circle-g는 128-bit 비밀키를 적용하였을 경우 12-라운드 이상이면 차분공격이나 선형공격은 전수(exhaustive)조사 방법보다 효율성이 떨어지는 것으로 분석되었다.