• ETRI Journal
• /
• 제30권1호
• /
• pp.170-172
• /
• 2008

A substitution box (S-box) plays a central role in cryptographic algorithms. In this paper, an efficient method for designing S-boxes based on chaotic maps is proposed. The proposed method is based on the mixing property of piecewise linear chaotic maps. The S-box so constructed has very low differential and linear approximation probabilities. The proposed S-box is more secure against differential and linear cryptanalysis compared to recently proposed chaotic S-boxes.

• ETRI Journal
• /
• 제42권4호
• /
• pp.619-632
• /
• 2020

Highly dispersive S-boxes are desirable in cryptosystems as nonlinear confusion sublayers for resisting modern attacks. For a near optimal cryptosystem resistant to modern cryptanalysis, a highly nonlinear and low differential probability (DP) value is required. We propose a method based on a piecewise linear chaotic map (PWLCM) with optimization conditions. Thus, the linear propagation of information in a cryptosystem appearing as a high DP during differential cryptanalysis of an S-box is minimized. While mapping from the chaotic trajectory to integer domain, a randomness test is performed that justifies the nonlinear behavior of the highly dispersive and nonlinear chaotic S-box. The proposed scheme is vetted using well-established cryptographic performance criteria. The proposed S-box meets the cryptographic performance criteria and further minimizes the differential propagation justified by the low DP value. The suitability of the proposed S-box is also tested using an image encryption algorithm. Results show that the proposed S-box as a confusion component entails a high level of security and improves resistance against all known attacks.

• Computers and Concrete
• /
• 제34권1호
• /
• pp.79-91
• /
• 2024

In symmetric cryptography, a cryptographically secure Substitution-Box (S-Box) is a key component of a block cipher. S-Box adds a confusion layer in block ciphers that provide resistance against well-known attacks. The generation of a cryptographically secure S-Box depends upon its generation mechanism. In this paper, we propose a novel framework for the construction of cryptographically secure S-Boxes. This framework uses a combination of linear fractional transformation and permutation functions. S-Boxes security is analyzed against well-known security criteria that include nonlinearity, bijectiveness, strict avalanche and bits independence criteria, linear and differential approximation probability. The S-Boxes can be used in the encryption of any grayscale digital images. The encrypted images are analyzed against well-known image analysis criteria that include pixel changing rates, correlation, entropy, and average change of intensity. The analysis of the encrypted image shows that our image encryption scheme is secure.

• ETRI Journal
• /
• 제37권5호
• /
• pp.1012-1022
• /
• 2015

Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white-box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white-box attacks. The first white-box AES (WB-AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white-box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB-AES with 230 time complexity, and Michiels and others generalized it for all substitution-linear transformation ciphers. Recently, a collision-based cryptanalysis was also reported. In this paper, we revisit Chow and others's first WB-AES implementation and present a conditional re-encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.

• 한국전자통신학회논문지
• /
• 제6권2호
• /
• pp.171-179
• /
• 2011

블록 암호는 Feistel 구조와 SPN 구조로 나눌 수 있다. Feistel 구조는 암호 및 복호 알고리즘이 같은 구조이고, SPN 구조는 암호 및 복호 알고리즘이 다르다. SPN 구조에서의 암호 및 복호 라운드 함수는 키 합산층과 S-박스에 의하여 혼돈을 수행하는 치환층 및 확산층의 세 단계로 구성된다. AES, ARIA 등 많은 SPN 구조에서 8 비트 S-박스를 사용하므로 Square 공격, 부메랑 공격, 불능 차분 공격 등이 유효하다. 본 논문에서는 암호와 복호 과정이 동일한 SPN 구조 블록 암호 알고리즘을 제안한다. SPN 구조 전체를 짝수인 N 라운드로 구성하고 1 라운드부터 N/2 라운드까지는 정함수를 적용하고, (N/2)+1 라운드부터 N 라운드까지는 역함수를 적용한다. 또한 정함수단과 역함수단 사이에 대칭 블록을 구성하는 대칭단을 삽입한다. 대칭단은 간단한 비트 슬라이스 대합 S-박스로 구성한다. 비트 슬라이스 대합 S-박스는 Square 공격, 부메랑 공격, 불능 차분 공격 등의 공격을 어렵게 한다. 본 논문에서 제안한 SPN 블록 암호는 제한적 하드웨어 및 소프트웨어 환경인 스마트카드와 전자칩이 내장된 태그와 같은 RFID 환경에서 안전하고 효율적인 암호 시스템을 구성할 수 있다.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제8권11호
• /
• pp.271-276
• /
• 2019

LUT 기반의 S-Box를 사용하는 기존의 ARIA 알고리듬은 처리속도는 빠르지만 회로의 크기가 매우 커지게 되어 저면적이 요구되는 소형의 휴대용 기기에는 적용하기 어렵다. 본 논문에서는 하드웨어 면적의 감소를 위해 개선된 합성체 S-Box를 기반으로 한 최적의 ARIA 암호프로세서 설계를 제안한다. ARIA 알고리듬에서의 키 스케쥴링 과정에서 확산 및 치환 계층에서 반복적으로 사용한다. 여기에서는 또한, 키 스케쥴링 과정에서의 사용 면적을 최소화하는 방안으로 치환과 확산 계층에서 하드웨어 자원의 공유 방법을 제안한다. 설계된 ARIA 암호프로세서는 Verilog-HDL을 이용하여 회로를 기술하였고, Xilinx XC3S1500을 타겟으로 하여 논리 합성을 수행하였다. 설계된 시스템의 기능 검증을 위해 Mentor사의 Modelsim 10.4a 툴을 이용하여 논리 및 타이밍 시뮬레이션을 수행하였다.

• Journal of Communications and Networks
• /
• 제18권3호
• /
• pp.273-287
• /
• 2016

White-box cryptography presented by Chow et al. is an obfuscation technique for protecting secret keys in software implementations even if an adversary has full access to the implementation of the encryption algorithm and full control over its execution platforms. Despite its practical importance, progress has not been substantial. In fact, it is repeated that as a proposal for a white-box implementation is reported, an attack of lower complexity is soon announced. This is mainly because most cryptanalytic methods target specific implementations, and there is no general attack tool for white-box cryptography. In this paper, we present an analytic toolbox on white-box implementations of the Chow et al.'s style using lookup tables. According to our toolbox, for a substitution-linear transformation cipher on n bits with S-boxes on m bits, the complexity for recovering the $$O\((3n/max(m_Q,m))2^{3max(m_Q,m)}+2min\{(n/m)L^{m+3}2^{2m},\;(n/m)L^32^{3m}+n{\log}L{\cdot}2^{L/2}\}\)$$, where $m_Q$ is the input size of nonlinear encodings,$m_A$ is the minimized block size of linear encodings, and $L=lcm(m_A,m_Q)$. As a result, a white-box implementation in the Chow et al.'s framework has complexity at most $O\(min\{(2^{2m}/m)n^{m+4},\;n{\log}n{\cdot}2^{n/2}\}\)$ which is much less than $2^n$. To overcome this, we introduce an idea that obfuscates two advanced encryption standard (AES)-128 ciphers at once with input/output encoding on 256 bits. To reduce storage, we use a sparse unsplit input encoding. As a result, our white-box AES implementation has up to 110-bit security against our toolbox, close to that of the original cipher. More generally, we may consider a white-box implementation of the t parallel encryption of AES to increase security.

• 정보처리학회논문지C
• /
• 제9C권4호
• /
• pp.445-452
• /
• 2002

본 논문에서는 수학적인 이론에 기반한 안전성이 증명 가능한 128 비트 블록 암호 알고리즘을 제안한다. 제안된 SPN 구조 암호 알고리즘에 사용된 active S-box가 많은 16$\times$16 선형변환을 찾았고, 안전성에 대한 증명 방법으로 차분 해독(Differential Cryptanalysis)와 선형해독(Linear Cryptanalysis)에 대하여 증명하였다. 또한 DC와 LC에 영향을 주는 128 비트 블록 암호 알고리즘의 라운드 별 active S-box의 최소 개수, 최대 차분 확률과 최대 선형확률을 구하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권9호
• /
• pp.4487-4511
• /
• 2018

A fast image encryption system based on substitution and diffusion was proposed, which includes one covering process, one substitution process and two diffusion processes. At first, Chen's chaotic system together with an external 256-bit long secret key was used to generate the key streams for image encryption, in which the initial values of Chen's chaotic system were regarded as the public key. Then the plain image was masked by the covering process. After that the resulting image was substituted with the disturbed S-Box of AES. Finally, the substituted image was diffused twice with the add-modulo operations as the core to obtain the cipher image. Simulation analysis and comparison results with AES and some existing image cryptosystems show that the proposed image cryptosystem possesses the merits of fast encryption/decryption speed, good statistical characteristics, strong sensitivity and etc., and can be used as a candidate system of network security communication.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2002년도 ITC-CSCC -1
• /
• pp.164-167
• /
• 2002

This paper presents the design of Rijndael crypto-processor with 128 bits, 192 bits and 256 bits key size. In October 2000 Rijndael cryptographic algorithm is selected as AES(Advanced Encryption Standard) by NIST(National Institute of Standards and Technology). Rijndael algorithm is strong in any known attacks. And it can be efficiently implemented in both hardware and software. We implement Rijndael algorithm in hardware, because hardware implementation gives more fast encryptioN/decryption speed and more physically secure. We implemented Rijndael algorithm for 128 bits, 192 bits and 256 bits key size with VHDL, synthesized with Synopsys, and simulated with ModelSim. This crypto-processor is implemented using on-the-fly key generation method and using lookup table for S-box/SI-box. And the order of Inverse Shift Row operation and Inverse Substitution operation is exchanged in decryption round operation of Rijndael algorithm. It brings about decrease of the total gate count. Crypto-processor implemented in these methods is applied to mobile systems and smart cards, because it has moderate gate count and high speed.