• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.477-489
• /
• 2014

Based on some flaws occurred for implementing a public key cryptosystem in the embedded security device, many side-channel attacks to extract the secret private key have been tried. In spite of the fact that the cryptographic exponentiation is basically composed of a sequence of multiplications and squarings, a new Square Always exponentiation algorithm was recently presented as a countermeasure against side-channel attacks based on trading multiplications for squarings. In this paper, we propose Known Power Collision Analysis and modified Doubling attacks to break the Right-to-Left Square Always exponentiation algorithm which is known resistant to the existing side-channel attacks. And we also present a Collision-based Combined Attack which is a combinational method of fault attack and power collision analysis. Furthermore, we verify that the Square Always algorithm is vulnerable to the proposed side-channel attacks using computer simulation.

• The KIPS Transactions:PartC
• /
• v.18C no.1
• /
• pp.1-6
• /
• 2011

The performance and practicality of cryptosystem for encryption, decryption, and primality test is primarily determined by the implementation efficiency of the modular exponentiation of $a^b$(mod n). To compute $a^b$(mod n), the standard binary squaring still seems to be the best choice. But, the d-ary, (d=2,3,4,5,6) method is more efficient in large b bits. This paper suggests m-numeral system modular exponentiation. This method can be apply to$b{\equiv}0$(mod m), $2{\leq}m{\leq}16$. And, also suggests the another method that is exit the algorithm in the case of the result is 1 or a.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.1C
• /
• pp.21-27
• /
• 2009

We present an efficient exponentiation algorithm for a finite field $GF(2^n)$ determined by an optimal normal basis of type II using signed digit representation of the exponents. Our signed digit representation uses a non-adjacent form (NAF) for $GF(2^n)$. It is generally believed that a signed digit representation is hard to use when a normal basis is given because the inversion of a normal element requires quite a computational delay. However our result shows that a special normal basis, called an optimal normal basis (ONB) of type II, has a nice property which admits an effective exponentiation using signed digit representations of the exponents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.19-26
• /
• 1997

In this paper, we propose an RSA multisignature scheme with no bit expansion in which the signing order is not restricted. In this scheme we use RSA moduli with the same bit length. the most 1 bits of which are same. The proposed scheme is based on these RSA moduli and a repeated exponentiation of Levine and Brawley. Kiesler and Harn first utilize the repeated exponentiation technique in their multisignature scheme, which requires 1.5m exponentiations for signing, where m is the number of signers. However, the proposed scheme requires (equation omitted) m exponentiation. So if l is sufficiently large (l $\geq$ 32), then we can neglect the vaue (equation omitted

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.3-11
• /
• 2000

In this paper, we design modular multiplication systolic array and exponentiation processor having n bits message black. This processor uses Montgomery algorithm and LR binary square and multiply algorithm. This processor consists of 3 divisions, which are control unit that controls computation sequence, 5 shift registers that save input and output values, and modular exponentiation unit. To verify the designed exponetion processor, we model and simulate it using VHDL and MAX+PLUS II. Consider a message block length of n=512, the time needed for encrypting or decrypting such a block is 59.5ms. This modular exponentiation unit is used to RSA cryptosystem.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.143-153
• /
• 2002

In this paper, we propose a multiplication scheme based on cellular automata and propose high speed multiplication scheme and exponentiation scheme using a optimal normal basis. And then EIGamal signature scheme is implemented by proposed schemes. A proposed multiplication and exponentiation scheme based on cellular automata can be used in restricted computing environments such that basis is frequently changed and cryptosystem and multimedia applications that are required high speed operations.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.22 no.5
• /
• pp.1036-1044
• /
• 1997

We modify the montgomery modeular multikplication to extract the common parts in common-multiplicand multi-plications. Since the modified method computes the common parts in two modular multiplications once rather than twice, it can speed up the exponentiations and reduce the amount of storage tables in m-ary or windowexponentiation. It can be also applied to an exponentiation mehod by folding the exponent in half. This method is well-suited to the memory limited environments such as IC card due to its speed and requirement of small memory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.39-52
• /
• 1998

본 논문에서는 모듈러 지수승시에 요구되는 모듈러 곱셈의 반복 횟수를 줄이기 위해 SM(m)기법을 제안하며 지수를 SM(m)표현과 시스톨릭 SM(m) 표현으로 변환한다.그리고 변환된 스스톨릭 SM(m) 표현으로부터 모듈러 지수연산을 위한 선형시스톨릭 어레이를 제시한다. 제안된 기법은 기존의 방법보다 소프트웨어로 구현시에 선 계산기에 필요한 기업 장소의 크기를 줄였으며, 선형 시스톨릭 어레이로 구현시에 기존의 방법들보다 처리기의 개수를 감소시키며, 처리기내에 필요한 기억 장소의 크기를 줄였다. 수정된 부호화 디지트 기법과 비교하면 처리기의 개수를 24%정도 줄일 수 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.4
• /
• pp.123-129
• /
• 2013

The performance and practicality of cryptosystem for encryption, decryption, and primality test are primarily determined by the implementation efficiency of the modular exponentiation of $a^b$ (mod m). To compute $a^b$ (mod m), the standard binary squaring (square-and-multiply) still seems to be the best choice. However, in large b bits, the preprocessed n-ary, ($n{\geq}2$ method could be more efficient than binary squaring method. This paper proposes a square-and-divide and unpreprocessed n-ary square-and-divide modular exponentiation method. Results confirmed that the square-and-divide method is the most efficient of trial number in a case where the value of b is adjacent to $2^k+2^{k-1}$ or to. $2^{k+1}$. It was also proved that for b out of the beforementioned range, the unpreprocessed n-ary square-and-divide method yields higher efficiency of trial number than the general preprocessed n-ary method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.335-344
• /
• 2016

It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.