• Title/Summary/Keyword: scalar multiplication

Search Result 102, Processing Time 0.024 seconds

A countermeasure using secret-key blinding for hardware fault cryptanalysis on elliptic curve scalar multiplication (타원곡선 스칼라 곱셈에 대한 비밀키 blinding을 적용한 hardware fault cryptanalysis 대응방법)

  • 여일연;이경근;김환구;문상재
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.132-138
    • /
    • 2001
  • 본 논문에서는 타원곡선 스칼라 곱셈에 대하여 새로운 형태의 hardware fault cryptanalysis를 적용해 보고, 이에 대한 대응방법으로서 비밀키 blinding방법을 제안하고 있다. 또한 비밀키 blinding 방법을 사용함으로써 늘어나는 연산량을 기존의 대응 방법과 비교하고, 이러한 비밀키 blinding방법이 사용될 수 있는 범위에 대해 다루고 있다.

  • PDF

Cryptanalysis of the Randomized Signed-Scalar Multiplication (랜덤 부호화 스칼라 곱 알고리즘 분석)

  • 한동국;김태현;장상운;박영호
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.07a
    • /
    • pp.83-88
    • /
    • 2003
  • 부채널 공격(side channel attack)을 막는 새로운 접근방법으로 생각되는 랜덤 부호화 스칼라 곱 알고리즘은 Ha와 Moon에 의해서 제안되었다. 그러나 이 방법은 여전히 논쟁의 여지가 있다. 본 논문에서는 Ha-Moon 알고리즘이 기존의 세 가지 단순 전력 소모량 분석(simple power analysis, SPA)에 안전함을 보인다. 그리고 정수론의 성질을 이용하여 두 가지 중요한 정리를 제시하고 이 정리들을 이용하여 Ha-Moon 알고리즘에 적용할 수 있는 공격 알고리즘을 개발한다. 예를 들면, 163-비트 키들에 대하여 제안 알고리즘은 20개의 전력 소모량을 이용하여 키 복잡도 Ο(2$^{8}$ )를 가지고 공격할 수 있다.

  • PDF

An Improved Scalar Multiplication on Elliptic Curves over Optimal Extension Fields (최적확장체에서 정의되는 타원곡선 상에서 효율적인 스칼라 곱셈 알고리즘)

  • 정병천;이재원;홍성민;김환준;김영수;황인호;윤현수
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2000.10a
    • /
    • pp.593-595
    • /
    • 2000
  • 본 논문에서는 최적확장체(Optimal Extension Field; OEF)에서 정의되는 타원곡선 상에서 효율적인 스칼라 곱셈 알고리즘을 제안한다. 이 스칼라 곱셈 알고리즘은 프로비니어스 사상(Frobenius map)을 이용하여 스칼라 값을 Horner의 방법으로 Base-Ф 전개하고, 이 전개된 수식을 일괄처리 기법(batch-processing technique)을 사용하여 연산한다. 이 알고리즘을 적용할 경우, Kobayashi 등이 제안한 스칼라 곱셈 알고리즘보다 40% 정도의 성능향상을 보인다.

  • PDF

Random Point Blinding Methods for Koblitz Curve Cryptosystem

  • Baek, Yoo-Jin
    • ETRI Journal
    • /
    • v.32 no.3
    • /
    • pp.362-369
    • /
    • 2010
  • While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side-channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.

An Experiment in MESD Attacks on Scalar Multiplication Using a Randomized Folding Scheme for ECC (타원곡선 암호시스템에서 Randomized Folding 기법에 대한 MESD 공격 실험)

  • 정지은;김창균;이훈재;문상재
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.185-189
    • /
    • 2003
  • 최근 스마트카드에 대한 수요가 증가함에 따라 스마트카드에 대한 보안상의 문제가 대두되고 있다. 스마트카드의 안전성을 위협하는 공격 방법 중 전력공격은 가장 강력한 공격으로 많은 연구가 되고 있다. 본 논문에서는 전력분석 공격의 한 방법인 MESD 공격에 대해 알아보고 이에 대한 대응 방법으로 제안된 RSM 알고리듬에 대해 알아본다. 또한 이 알고리듬의 연산 속도 향상을 위해 folding 기법을 사용한 알고리듬에 대해서도 알아보고 MESD 공격에 안전한지를 실험을 통해 검증한다.

  • PDF

APPROXIMATE IDENTITY OF CONVOLUTION BANACH ALGEBRAS

  • Han, Hyuk
    • Journal of the Chungcheong Mathematical Society
    • /
    • v.33 no.4
    • /
    • pp.497-504
    • /
    • 2020
  • A weight ω on the positive half real line [0, ∞) is a positive continuous function such that ω(s + t) ≤ ω(s)ω(t), for all s, t ∈ [0, ∞), and ω(0) = 1. The weighted convolution Banach algebra L1(ω) is the algebra of all equivalence classes of Lebesgue measurable functions f such that ‖f‖ = ∫0∞|f(t)|ω(t)dt < ∞, under pointwise addition, scalar multiplication of functions, and the convolution product (f ⁎ g)(t) = ∫0t f(t - s)g(s)ds. We give a sufficient condition on a weight function ω(t) in order that L1(ω) has a bounded approximate identity.

Subspace-based Power Analysis on the Random Scalar Countermeasure (랜덤 스칼라 대응기법에 대한 부분 공간 기반 전력 분석)

  • Kim, Hee-Seok;Han, Dong-Guk;Hong, Seok-Hie;Yi, Ok-Yeon
    • Journal of the Institute of Electronics Engineers of Korea SP
    • /
    • v.47 no.1
    • /
    • pp.139-149
    • /
    • 2010
  • Random scalar countermeasures, which carry out the scalar multiplication by the ephemeral secret key, against the differential power analysis of ECIES and ECDH have been known to be secure against various power analyses. However, if an attacker can find this ephemeral key from the one power signal, these countermeasures can be analyzed. In this paper, we propose a new power attack method which can do this analysis. Proposed attack method can be accomplished while an attacker compares the elliptic curve doubling operations and we use the principle component analysis in order to ease this comparison. When we have actually carried out the proposed power analysis, we can perfectly eliminate the error of existing function for the comparison and find a private key from this elimination of the error.

A Public-key Cryptography Processor supporting P-224 ECC and 2048-bit RSA (P-224 ECC와 2048-비트 RSA를 지원하는 공개키 암호 프로세서)

  • Sung, Byung-Yoon;Lee, Sang-Hyun;Shin, Kyung-Wook
    • Journal of IKEEE
    • /
    • v.22 no.3
    • /
    • pp.522-531
    • /
    • 2018
  • A public-key cryptography processor EC-RSA was designed, which integrates a 224-bit prime field elliptic curve cryptography (ECC) defined in the FIPS 186-2 as well as RSA with 2048-bit key length into a single hardware structure. A finite field arithmetic core used in both scalar multiplication for ECC and exponentiation for RSA was designed with 32-bit data-path. A lightweight implementation was achieved by an efficient hardware sharing of the finite field arithmetic core and internal memory for ECC and RSA operations. The EC-RSA processor was verified by FPGA implementation. It occupied 11,779 gate equivalents (GEs) and 14 kbit RAM synthesized with a 180-nm CMOS cell library and the estimated maximum clock frequency was 133 MHz. It takes 867,746 clock cycles for ECC scalar multiplication resulting in the estimated throughput of 34.3 kbps, and takes 26,149,013 clock cycles for RSA decryption resulting in the estimated throughput of 10.4 kbps.

A Research on Effective Wi-Fi Easy Connect Protocol Improvement Method Applicable to Wired and Wireless Environments (유·무선 환경에 적용 가능한 효율적인 Wi-Fi Easy Connect 프로토콜 개선방안 연구)

  • Ho-jei Yu;Chan-hee Kim;Sung-sik Im;Seo-yeon Kim;Dong-woo Kim;Soo-hyun Oh
    • Convergence Security Journal
    • /
    • v.23 no.1
    • /
    • pp.45-54
    • /
    • 2023
  • Recently, with the development of the Internet of Things, research on protocols that can easily connect devices without a UI to the network has been steadily conducted. To this end, the Wi-Fi Alliance announced Wi-Fi Easy Connect, which can connect to a network using a QR code. However, since Wi-Fi Easy Connect requires a large amount of computation for safety, it is difficult to apply to low-power and miniaturized IoT devices. In addition, Wi-Fi Easy Connect considering scalability is designed to operate in a wired environment, but problems such as duplicate encryption occur because it does not consider a security environment like TLS. Therefore, in this paper, we analyze the Wi-Fi Easy Connect protocol and propose a protocol that can operate efficiently in the TLS environment. It was confirmed that the proposed protocol satisfies the existing security requirements and at the same time reduces about 67% of ECC scalar multiplication operations with a large amount of computation.

AN EFFICIENT AND SECURE STRONG DESIGNATED VERIFIER SIGNATURE SCHEME WITHOUT BILINEAR PAIRINGS

  • Islam, Sk Hafizul;Biswas, G.P.
    • Journal of applied mathematics & informatics
    • /
    • v.31 no.3_4
    • /
    • pp.425-441
    • /
    • 2013
  • In literature, several strong designated verifier signature (SDVS) schemes have been devised using elliptic curve bilinear pairing and map-topoint (MTP) hash function. The bilinear pairing requires a super-singular elliptic curve group having large number of elements and the relative computation cost of it is approximately two to three times higher than that of elliptic curve point multiplication, which indicates that bilinear pairing is an expensive operation. Moreover, the MTP function, which maps a user identity into an elliptic curve point, is more expensive than an elliptic curve scalar point multiplication. Hence, the SDVS schemes from bilinear pairing and MTP hash function are not efficient in real environments. Thus, a cost-efficient SDVS scheme using elliptic curve cryptography with pairingfree operation is proposed in this paper that instead of MTP hash function uses a general cryptographic hash function. The security analysis shows that our scheme is secure in the random oracle model with the hardness assumption of CDH problem. In addition, the formal security validation of the proposed scheme is done using AVISPA tool (Automated Validation of Internet Security Protocols and Applications) that demonstrated that our scheme is unforgeable against passive and active attacks. Our scheme also satisfies the different properties of an SDVS scheme including strongness, source hiding, non-transferability and unforgeability. The comparison of our scheme with others are given, which shows that it outperforms in terms of security, computation cost and bandwidth requirement.