• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.467-476
• /
• 2017

In this paper, we analyze Generalized Feistel Network(GFN) Type I, Type II, Type III that round function use SP update function, secret S-box and $k{\times}k$ MDS matirx. In this case an attacker has no advantage about S-box. For each type of GFN, we analyze and restore secret S-box in 9, 6, 6 round using the basis of integral cryptanalysis with chosen plaintext attack. Also we restore secret S-box in 16 round of GFN Type I with chosen ciphertext attack. In conclusion, we need $2^{2m}$ data complexity and ${\frac{2^{3m}}{32k}},{\frac{2^{3m}}{24k}},{\frac{2^{3m}}{36k}}$ time complexity to restore m bit secret S-box in GFN Type I, Type II, Type III.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.15-24
• /
• 2018

In this paper, we explain a method of appproximating the differentials probability using a SAT solver. It is possible to increase the probability by constructing the differential characteristic which already known to differentials with a SAT solver. We apply our method to SPECK32 and SPECK48. As a result, we introduced a SPECK32's 10-round differentials with a probability of$2^{-30.39}$, and SPECK48's 12-round differentials with probability of $2^{-46.8}$. Both differentials are new and longer round and higher probability than previous ones. Using the differentials presented in this paper, we improved attacks of SPECK32/64 to 15 round, SPECK48/72 to 16 round, SPECK48/96 to 17 round, which attack 1 more rounds of previous works.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.709-717
• /
• 2012

The round reduction on block cipher is a fault injection attack in which an attacker inserts temporary errors in cryptographic devices and extracts a secret key by reducing the number of operational round. In this paper, we proposed an improved round reduction method to retrieve master keys by injecting a fault during operation of loop statement in the Triple DES. Using laser fault injection experiment, we also verified that the proposed attack could be applied to a pure microprocessor ATmega 128 chip in which the Triple DES algorithm was implemented. Compared with previous attack method which is required 9 faulty-correct cipher text pairs and some exhaustive searches, the proposed one could extract three 56-bit secret keys with just 5 faulty cipher texts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1217-1223
• /
• 2020

The Block cipher CHAM is lightweight block cipher for low-end processors, developed by National Security Research Institute from Korea. The mode of operation is necessity for efficient operation of block cipher, among them, the counter (CTR) mode has good efficiency because it is easy to implement and supporting parallel operation. In this paper, we propose the optimized implementation for block cipher CHAM-CTR. The proposed implementation can be skipped some rounds by pre-computation. Thus it has better calculating speed than existing CHAM. Also, this implementation pre-load some of round keys to registers, before entering round functions. It makes reduced 160cycles loading time for round key load. Finally, proposed implementation achieved higher performance about 6.8%, and 4.5% for fixed-key scenario, and variable-key scenario, respectively.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.2
• /
• pp.1-9
• /
• 2010

Feistel and SPN are the two main structures in a block cipher. Feistel is a symmetric structure which has the same structure in encryption and decryption, but SPN is not a symmetric structure. In this paper, we propose a SPN which has a symmetric structure in encryption and decryption. The whole operations of proposed algorithm are composed of the even numbers of N rounds where the first half of them, 1 to N/2 round, applies a right function and the last half of them, (N+1)/2 to N round, employs an inverse function. And a symmetry layer is located in between the right function layer and the inverse function layer. In this paper, AES encryption and decryption function are selected for the right function and the inverse function, respectively. The symmetric layer is composed with simple matrix and round key addition. Due to the simplicity of the symmetric SPN structure in hardware implementation, the proposed modified AES is believed to construct a safe and efficient cipher in Smart Card and RFID environments where electronic chips are built in.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.869-879
• /
• 2023

Sparkle is one of the finalists in the Lightweight Cryptography Standardization Process conducted by NIST. It is a nonlinear permutation and serves as a core component for the authenticated encryption algorithm Schwaemm and the hash function Esch. In this paper, we provide specific forms of input and output differences for 6 rounds of Sparkle384 and 7 rounds of Sparkle512, and make formulas for the complexity of finding input pairs that satisfy these differentials. Due to the significantly lower complexity compared to similar tasks for random permutations with the same input and output sizes, they can be valid distinguishing attacks. The numbers(6 and 7) of attacked rounds are very close to the minimum numbers(7 and 8) of really used rounds.

• The monthly packaging world
• /
• s.15
• /
• pp.86-89
• /
• 1994

이 글은 국립환경연구원과 한국환경영향평가학회가 세계 환경의 날을 맞이하여 지난 6월 3일 '지속 가능한 개발과 환경영향 평가' 라는 주제로 연 세미나에서 발표된 내용을 옮긴 것이다. 우루과이라운드에 이어 그보다 더 강력할 것으로 예상되는 '그린라운드'가 세계 무역시장에 새롭게 대두될 전망인데, 이 글은 이와 관련해 국제표준화기구에서 추진하고 있는 환경표준화의 현황과 이것이 우리에게 미치는 영향, 그리고 우리 기업의 대응전략과 자세 등에 대해 고찰하고 있

• 정보화사회
• /
• s.78
• /
• pp.30-35
• /
• 1994

세계무역기구(WTO)가 지난 4월 15일 정식으로 출범함에 따라 후속조치로 추진되고 있는 기술라운드(TR)와 경쟁정책라운드(CR)가 주요이슈로 떠오르고 있다. 그 어느 때보다 자체 기술력과 자생력에 의한 경쟁력 배양이 시급하게 요구돼 국내연구개발 현황을 점검, 육성방안을 제시한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.266-268
• /
• 2003

본 논문에서는 정규 기저 표현(normal bases representation)을 갖는 GF(2$^n$) 상에서의 병렬 멱승 연산에 있어서, 프로세서 수가 고정된 경우에 라운드 수를 개선하는 방안에 대하여 기술한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.875-888
• /
• 2021

In this paper, we search integral distinguishers of lightweight block cipher PIPO and propose a key recovery attack on 8-round PIPO-64/128 with the obtained 6-round distinguishers. The lightweight block cipher PIPO proposed in ICISC 2020 is designed to provide the efficient implementation of high-order masking for side-channel attack resistance. In the proposal, various attacks such as differential and linear cryptanalyses were applied to show the sufficient security strength. However, the designers leave integral attack to be conducted and only show that it is unlikely for PIPO to have integral distinguishers longer than 5-round PIPO without further analysis on Division Property. In this paper, we search integral distinguishers of PIPO using a MILP-aided Division Property search method. Our search can show that there exist 6-round integral distinguishers, which is different from what the designers insist. We also consider linear operation on input and output of distinguisher, respectively, and manage to obtain totally 136 6-round integral distinguishers. Finally, we present an 8-round PIPO-64/128 key recovery attack with time complexity 2^124.5849 and memory complexity of 2⁹³ with four 6-round integral distinguishers among the entire obtained distinguishers.