• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.151-162
• /
• 1995

보다 짧은 길이의 덧셈/뺄셈 사슬($addition_{traction-chain}$)을 찾는 문제는 정수론을 기반으로 하는 많은 암호시스템들에 있어서 중요한 문제이다. 특히, RSA에서의 모듈라멱승(modular exponentiation)이나 타원 곡선(elliptic curve)에서의 곱셈 연산시간은 덧셈사슬(addition-chain) 또는 덧셈/뺄셈 사슬의 길이와 정비례한다 본 논문에서는 덧셈/뻘셈 사슬을 구하는 새로운 알고리즘을 제안하고, 그 성능을 분석하여 기존의 방법들과 비교한다. 본 논문에서 제안하는 알고리즘은 작은윈도우(small-window) 기법을 기반으로 하고, 뺄셈을사용해서 윈도우의 개수를 최적화함으로써 덧셈/뺄셈 사슬의 길이를 짧게 한다. 본 논문에서 제안하는 알고리즘은 512비트의 정수에 대해 평균길이 595.6의 덧셈/뺄셈 사슬을 찾는다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.25-31
• /
• 2014

When the public key e and the composite number n=pq are disclosed but not the private key d in an asymmetric-key RSA, message decryption is carried out by obtaining ${\phi}(n)=(p-1)(q-1)=n+1-(p+q)$ and subsequently computing $d=e^{-1}(mod{\phi}(n))$. The most commonly used decryption algorithm is integer factorization of n/p=q or $a^2{\equiv}b^2$(mod n), a=(p+q)/2, b=(q-p)/2. But many of the RSA numbers remain unfactorable. This paper therefore applies baby-step giant-step discrete logarithm and $2^k$-ary modular exponentiation to directly obtain ${\phi}(n)$. The proposed algorithm performs a reverse baby-step and $2^k$-ary adult-step. As a results, it reduces the execution time of basic adult-step to $1/2^k$ times and the memory $m={\lceil}\sqrt{n}{\rceil}$ to l, $a^l$ > n, hence obtaining ${\phi}(n)$ by executing within l times.

• Journal of KIISE:Information Networking
• /
• v.30 no.4
• /
• pp.474-483
• /
• 2003

The secret sharing is the basic concept of the threshold cryptosystem and has an important position in the modern cryptography. At 1995, Jarecki proposed the proactive secret sharing to be a solution of existing the mobile adversary and also proposed the share renewal scheme for (k, n) threshold scheme. For n participants in the protocol, his method needs O($n^2$) modular exponentiation per one participant. It is very high computational cost and is not fit for the scalable cryptosystem. In this paper, we propose the efficient share renewal scheme that need only O(n) modular exponentiation per participant. And we prove our scheme is secure if less that ${\frac}\frac{1}{2}n-1$ adversaries exist and they static adversary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.81-93
• /
• 2000

In a methodological approach to improve the processing performance of modulo exponentiation which is the primary arithmetic in RSA crypto algorithm, we present a new RSA hardware architecture based on high-radix modulo multiplication and CRT(Chinese Remainder Theorem). By implementing the modulo multiplier using radix-16 arithmetic, we reduced the number of PE(Processing Element)s by quarter comparing to the binary arithmetic scheme. This leads to having the number of clock cycles and the delay of pipelining flip-flops be reduced by quarter respectively. Because the receiver knows p and q, factors of N, it is possible to apply the CRT to the decryption process. To use CRT, we made two s/2-bit multipliers operating in parallel at decryption, which accomplished 4 times faster performance than when not using the CRT. In encryption phase, the two s/2-bit multipliers can be connected to make a s-bit linear multiplier for the s-bit arithmetic operation. We limited the encryption exponent size up to 17-bit to maintain high speed, We implemented a linear array modulo multiplier by projecting horizontally the DG of Montgomery algorithm. The H/W proposed here performs encryption with 15Mbps bit-rate and decryption with 1.22Mbps, when estimated with reference to Samsung 0.5um CMOS Standard Cell Library, which is the fastest among the publications at present.

• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.32-40
• /
• 2001

In this paper, we propose a high-speed modular multiplication algorithm which revises conventional Montgomery's algorithm. A hardware architecture is also presented to implement 1024-bit RSA cryptosystem for digital signature based on the proposed algorithm. Each iteration in our approach requires only one addition operation for two n-bit integers, while that in Montgomery's requires two addition operations for three n-bit integers. The system which is modelled in VHDL(VHSIC Hardware Description Language) is simulated in functionally through the use of $Synopsys^{TM}$ tools on a Axil-320 workstation, where Altera 10K libraries are used for logic synthesis. For FPGA implementation, timing simulation is also performed through the use of Altera MAX + PLUS II. Experimental results show that the proposed RSA cryptosystem has distinctive features that not only computation speed is faster but also hardware area is drastically reduced compared to conventional approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.81-88
• /
• 2010

Sun et al. proposed a new design of wearable token system for security of mobile devices, such as a notebook and PDA. In this paper, we show that Sun et al.'s system is vulnerable to off-line password guessing attack and man in the middle attack based on known plain-text attack. We propose an improved scheme which overcomes the weaknesses of Sun et al.'s system. The proposed protocol requires to perform one modular multiplication in the wearable token, which has low computation ability, and modular exponentiation in the mobile devices, which have sufficient computing resources. Our protocol has no security problem, which threatens Sun's system, and known vulnerabilities. That is, the proposed protocol overcomes the security problems of Sun's system with minimal overheads.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.1_2
• /
• pp.112-117
• /
• 2004

In this paper, we propose a suitable multiplication architecture for cellular automata in a finite field $GF(2^m)$. Proposed least significant bit first multiplier is based on irreducible all one Polynomial, and has a latency of (m+1) and a critical path of $ 1-D_{AND}＋1-D{XOR}$.Specially it is efficient for implementing VLSI architecture and has potential for use as a basic architecture for division, exponentiation and inverses since it is a parallel structure with regularity and modularity. Moreover our architecture can be used as a basic architecture for well-known public-key information service in $GF(2^m)$ such as Diffie-Hellman key exchange protocol, Digital Signature Algorithm and ElGamal cryptosystem.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.898-900
• /
• 2005

모듈러 멱승은 양수 x, E, N에 대하여 $x^Emod$ N로 정의된다. 모듈러 멱승 연산은 대부분의 공개키 암호화 알고리즘과 전자서명 프로토콜에서 핵심적인 연산으로 사용되고 있으므로, 그 효율성은 암호 프로토콜의 성능에 직접적인 영향을 미친다. 따라서 모듈러 멱승 연산에 필요한 곱셈 수를 감소시키기 위하여, 슬라이딩 윈도우를 적용한 CLNW 방법이나 VLNW 방법이 가장 널리 사용되고 있다. 본 논문에서는 조합론(combinatorics)에서 많이 응용되는 그래프 모델을 모듈러 멱승 연산에 적용할 수 있음을 보이고, 일반화된 그래프 모델을 통하여 VLNW 방법보다 더 적은 곱셈 수로 모듈러 멱승을 수행하는 방법을 설명한다. 본 논문이 제안하는 방법은 전체 곱셈 수를 감소시키는 새로운 블록들을 일반화된 그래프 모델의 초기 블록 테이블에 추가할 수 있는 초기 블록 테이블의 두 가지 확장 방법들로써, 접두사 블록의 확장과 덧셈 사슬 블록의 확장이다. 이 방법들은 새로운 블록을 초기 블록 테이블에 추가하기 위해 필요한 곱셈의 수와 추가한 뒤의 전체 곱셈 수를 비교하면서 초기 블록 테이블을 제한적으로 확장하므로, 지수 E에 non-zero bit가 많이 나타날수록 VLNW 방법에 비해 좋은 성능을 보이며 이는 실험을 통하여 검증하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.3-10
• /
• 2008

The choice of basis for representation of element in $GF(2^m)$ affects the efficiency of a multiplier. Among them, a multiplier using redundant representation efficiently supports trade-off between the area complexity and the time complexity since it can quickly carry out modular reduction. So time of a previous multiplier using redundant representation is faster than time of multiplier using others basis. But, the weakness of one has a upper space complexity compared to multiplier using others basis. In this paper, we propose a new efficient multiplier with consideration that polynomial exponentiation operations are frequently used in cryptographic hardwares. The proposed multiplier is suitable fer left-to-right exponentiation environment and provides efficiency between time and area complexity. And so, it has both time delay of $T_A+({\lceil}{\log}_2m{\rceil})T_x$ and area complexity of (2m-1)(m+s). As a result, the proposed multiplier reduces $2(ms+s^2)$ compared to the previous multiplier using equally-spaced polynomials in area complexity. In addition, it reduces $T_A+({\lceil}{\log}_2m+s{\rceil})T_x$ to $T_A+({\lceil}{\log}_2m{\rceil})T_x$ in the time complexity.($T_A$:Time delay of one AND gate, $T_x$:Time delay of one XOR gate, m:Degree of equally spaced irreducible polynomial, s:spacing factor)