• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.509-521
• /
• 2013

Impossible Differential Cryptanalysis (IDC) uses impossible differentials to discard wrong subkeys for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differentials. This paper studies impossible differentials for Rijndael-like and 3D-like ciphers, we introduce methods to find 4-round impossible differentials of Rijndael-like ciphers and 6-round impossible differentials of 3D-like ciphers. Using our methods, various new impossible differentials of Rijndael and 3D could be searched out.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1944-1956
• /
• 2016

The Digital Video Broadcasting-Common Scrambling Algorithm is an ETSI-designated algorithm designed for protecting MPEG-2 signal streams, and it is universally used. Its structure is a typical hybrid symmetric cipher which contains stream part and block part within a symmetric cipher, although the entropy is 64 bits, there haven't any effective cryptanalytic results up to now. This paper studies the security level of CSA against impossible differential cryptanalysis, a 20-round impossible differential for the block cipher part is proposed and a flaw in the cipher structure is revealed. When we attack the block cipher part alone, to recover 16 bits of the initial key, the data complexity of the attack is O(2^44.5), computational complexity is O(2^22.7) and memory complexity is O(2^10.5) when we attack CSA-BC reduced to 21 rounds. According to the structure flaw, an attack on CSA with block cipher part reduced to 21 rounds is proposed, the computational complexity is O(2^21.7), data complexity is O(2^43.5) and memory complexity is O(2^10.5), we can recover 8 bits of the key accordingly. Taking both the block cipher part and stream cipher part of CSA into consideration, it is currently the best result on CSA which is accessible as far as we know.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5717-5730
• /
• 2019

LBlock-s is the core block cipher of authentication encryption algorithm LAC, which uses the same structure of LBlock and an improved key schedule algorithm with better diffusion property. Using the differential properties of the key schedule algorithm and the cryptanalytic technique which combines impossible boomerang attacks with related-key attacks, a 15-round related-key impossible boomerang distinguisher is constructed for the first time. Based on the distinguisher, an attack on 22-round LBlock-s is proposed by adding 4 rounds on the top and 3 rounds at the bottom. The time complexity is about only 2^68.76 22-round encryptions and the data complexity is about 2⁵⁸ chosen plaintexts. Compared with published cryptanalysis results on LBlock-s, there has been a sharp decrease in time complexity and an ideal data complexity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.107-115
• /
• 2004

SHACAL-2 is a 256 bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. UP to now, no security flaws have been found in SHACAL-2. In this paper, we discuss the security of SHACAL-2 against an impossible differential attack. We propose two types of 14 round impossible characteristics and using them we attack 30 round SHACAL-2 with 512 bit 18y. This attack requires 744 chosen plaintexs and has time complexity of 2$^{495.1}$ 30 round SHACAL-2 encryptions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.10
• /
• pp.3624-3637
• /
• 2014

At SAC 2004, Junod and Vaudenay designed the FOX family based on the Lai-Massey scheme. They noted that it was impossible to find any useful differential characteristic or linear trail after 8 rounds of FOX64 or FOX128. In this paper, we provide the lower bound of differentially active S-boxes in consecutive rounds of the Lai-Massey scheme that has SPS as its F-function, and we propose the necessary conditions for the reachability of the lower bound. We demonstrate that similar results can be obtained with respect to the lower bound of linearly active S-boxes by proving the duality in the Lai-Massey scheme. Finally, we apply these results to FOX64 and FOX128 and prove that it is impossible to find any useful differential characteristics or linear trail after 6 rounds of FOX64. We provide a more precise security bound for FOX128.

• 제어로봇시스템학회:학술대회논문집
• /
• 1989.10a
• /
• pp.943-946
• /
• 1989

The channel irregularity of Successive Approximation ADC is very large in comparison with other type of ADCs. This characteristic makes it impossible to apply the Successive Approximation ADC to the field of radiation pulse height analysis or the measurement of probability density function. In this paper, an analysis of differential non-linearity of this ADC-is presented. It is made clear that the small deviation of resistance causes very large differential non-linearity.

• Journal of Mechanical Science and Technology
• /
• v.19 no.spc1
• /
• pp.364-370
• /
• 2005

A stable walking pattern generation method for a biped robot is presented in this paper. In general, the ZMP (zero moment point) equations, which are expressed as differential equations, are solved to obtain a stable walking pattern. However, the number of differential equations is less than that of unknown coordinates in the ZMP equations. It is impossible to integrate the ZMP equations directly since one or more constraint equations are involved in the ZMP equations. To overcome this difficulty, DAE (differential and algebraic equation) solution method is employed. The proposed method has enough flexibility for various kinematic structures. Walking simulation for a virtual biped robot is performed to demonstrate the effectiveness and validity of the proposed method. The method can be applied to the biped robot for stable walking pattern generation.

• Journal of the Korean Chemical Society
• /
• v.17 no.2
• /
• pp.122-125
• /
• 1973

A study on the endothermic peak of transformation of the pyrolusite was made by using differential thermal curves for analytical reproducibility, and it was done in quantity on range from 50 mg to 450 mg of pyrolusite species. The separation of ${\alpha}-MnO_2$ peak was impossible due to the overlapping between $\alpha$ and pyrolusite peaks, and the pyrolusite was determined among the species, ${\gamma}-MnO_2$ and ${\delta}-MnO_2$, with an error ranging from $5{\%}$ to $10{\%}$.

• Journal of the Korea institute for structural maintenance and inspection
• /
• v.24 no.1
• /
• pp.133-141
• /
• 2020

Korea Infrastructure Safety and Technology Corporation (KISTEC) specifies that the safety inspection and precise safety diagnosis of concrete structures shall be conducted in accordance with the 'Special Law on Safety Management of Infrastructure'. The detailed safety inspection and precise safety diagnosis guidelines presented by KISTEC, however, gives only the grade of members and structures, and thus it is impossible to quantify remaining service life (RSL) of the structures and to quantitatively reflect the effect of differential settlements on the RSL. Therefore, this study aims to develop a RSL evaluation model considering the differential settlements. To this end, a simple equation was proposed based on the correlations between differential settlements and angular distortion, by which the angular distortion of structures was then reflected in nominal strengths of structural members. In addition, the effects of the differential settlements on the RSL of structures were analyzed in detail by using the safety diagnosis results of actual concrete structure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.569-575
• /
• 2024

The 64-bit block cipher IIoTBC is an encryption algorithm designed for the security of industrial IoT devices and uses an 128-bit secret key. The IIoTBC's encryption algorithm varies depending on whether the MCU size used in IoT is 8-bit or 16-bit. This paper deals with a differential attack on IIoTBC when the MCU size is 8-bit. It attacks 15-round out of the entire 32-round using IIoTBC's 14-round differential characteristic. At this time, the number of required plaintexts and encryption are 2⁵⁷ and 2^122.4, respectively. The differential characteristic presented in this paper has a longer round than the existing 13-round impossible differential characteristic, and the attack using this is the result of the first key recovery attack on IIoTBC.