• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.190-194
• /
• 2003

이 논문에서는 블록 암호 알고리즘인 XTEA에 관한 연관키를 이용한 차분공격에 대하여 설명한다. 이것은 XTEA 알고리즘이 TEA가 갖고 있는 취약한 키 스케줄을 보완하여 Kelsey 등이 제안한 연관키 공격에 대응하기 위하여 설계되었지만, 26 라운드로 줄인 XTEA 또한 우리의 연관키를 이용한 차분공격에 안전하지 못하다는 것을 보여준다. 또한 키 스케줄에 의하여 다양하게 변화된 라운드의 XTEA에 관한 연관키 공격이 가능하다. 이 때 필요한 선택평문과 암호화 과정은 각각 2$^{18.5}$ 과 2$^{115.21}$ 이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.13-24
• /
• 2009

CLEFIA is a 128-bit block cipher which is proposed by SONY corporation and ARIA is a 128-bit block cipher which is selected as a standard cryptographic primitive. In this paper, we introduce new multiple impossible differential cryptanalysis and apply it to CLEFIA using 9-round impossible differentials proposed in [7], and apply it to ARIA using 4-round impossible differentials proposed in [11]. Our cryptanalytic results on CLEFIA and ARIA are better than previous impossible differential attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.77-86
• /
• 2005

Related-Cipher attack was introduced by Hongjun Wu in 2002. We can consider related ciphers as block ciphers with the same round function but different round number and their key schedules do not depend on the total round number. This attack can be applied to block ciphers when one uses some semi-equivalent keys in related ciphers. In this paper we introduce differential related-cipher attacks on block ciphers, which combine related-cipher attacks with differential cryptanalysis. We apply this attack to the block cipher ARIA and SC2000. Furthermore, related-cipher attack can be combined with other block cipher attacks such as linear cryptanalysis, higher-order differential cryptanalysis, and so on. In this point of view we also analyze some other block ciphers which use flexible number of rounds, SAFER++ and CAST-128.

• Journal of Advanced Navigation Technology
• /
• v.19 no.1
• /
• pp.48-52
• /
• 2015

In this paper, we propose a differential fault analysis on SSB having same structure in encryption and decryption proposed in 2011. The target algorithm was designed using advanced encryption standard and has advantage about hardware implementations. The differential fault analysis is one of side channel attacks, combination of the fault injection attacks with the differential cryptanalysis. Because SSB is suitable for hardware, it must be secure for the differential fault analysis. However, using proposed differential fault attack in this paper, we can recover the 128 bit secret key of SSB through only one random byte fault injection and an exhausted search of $2^8$. This is the first cryptanalytic result on SSB having same structure in encryption and decryption.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.4
• /
• pp.523-532
• /
• 2003

In this paper, we designed a 128-bit block cipher, Lambda, which has 16-round extended Feistel structure and analyzed its secureness by the differential cryptanalysis and linear cryptanalysis. We could have full diffusion effect from the two rounds of the Lambda. Because of the strong diffusion effect of the algorithm, we could get a 8-round differential characteristic with probability $2^{-192}$ and a linear characteristic with probability $2^{-128}$. For the Lambda with 128-bit key, there is no shortcut attack, which is more efficient than the exhaustive key search, for more than 8 rounds of the algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.109-115
• /
• 2010

Differential Power Analysis (DPA) is well known as one of efficient physical side-channel attack methods using leakage power consumption traces. However, since the power traces usually include the components irrelevant to the encryption, the efficiency of the DPA attack may be degraded. To enhance the performance of DPA, we introduce a pre-processing technique which extracts the encryption-related parts from the measured power consumption signals. Experimental results show that the DPA attack with the use of the proposed pre-processing method detects correct cipher keys with much smaller number of signals compared to that of the conventional DPA attack.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.112-115
• /
• 2007

최근 부채널 공격으로 스마트 카드 같은 장치의 비밀키를 알아낼 수 있음이 알려지면서 많은 알고리즘에 대한 부채널 공격과 대웅 방안이 연구되고 있다. 차분전력분석은 부채널 공격의 일종으로 암호화 연산 중 발생하는 전력 소모 곡선을 통계적으로 분석하여 키를 알아내는 공격이다. 본 논문에서는 Hocker 형태의 IC칩 차분전력분석공격에 대한 실험 분석 모델을 설정한 후 이를 검증하고자 축소형 모델로 실험한다 실험 분석을 위하여 선정된 장치에 DES 암호알고리즘을 어셈블리로 구현한 후 8비트 마이크로프로세서 형 칩에 탑재하여 암호 알고리즘 실행 시에 발생되는 차분 전력 신호를 분석한다. 그리고 차분전력분석 공격에서 중요한 기술인 분류함수 설정에 따른 분석 성공 여부에 따른 비교를 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.45-52
• /
• 2001

In this paper, we examine the method for evaluating the security of SPN structures against differential cryptanalysis and linear cryptanalysis. We present an example of SPN structures in which there is a considerable difference between the differential probabilities and the characteristic probabilities. Then we 7pose an algorithm for estimating the maximum differential probabilities and the maximum linear hull probabilities of SPN structures and an useful method for accelerating the proposed algorithm. By using this method, we obain the maximum differential probabilities and the maximum linear probabilities of round function F of block cipher E2.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.749-752
• /
• 2024

연합학습은 클라이언트가 중앙 서버에 원본 데이터를 주지 않고도 학습할 수 있도록 설계된 분산된 머신러닝 방법이다. 그러나 클라이언트와 중앙 서버 사이에 모델 업데이트 정보를 공유한다는 점에서 여전히 추론 공격(Inference Attack)과 오염 공격(Poisoning Attack)의 위험에 노출되어 있다. 이러한 공격을 방어하기 위해 연합학습에 차분프라이버시(Differential Privacy)를 적용하는 방안이 연구되고 있다. 차분 프라이버시는 데이터에 노이즈를 추가하여 민감한 정보를 보호하면서도 유의미한 통계적 정보 쿼리는 공유할 수 있도록 하는 기법으로, 노이즈를 추가하는 위치에 따라 전역적 차분프라이버시(Global Differential Privacy)와 국소적 차분 프라이버시(Local Differential Privacy)로 나뉜다. 이에 본 논문에서는 차분 프라이버시를 적용한 연합학습의 최신 연구 동향을 전역적 차분 프라이버시를 적용한 방향과 국소적 차분 프라이버시를 적용한 방향으로 나누어 검토한다. 또한 이를 세분화하여 차분 프라이버시를 발전시킨 방식인 적응형 차분 프라이버시(Adaptive Differential Privacy)와 개인화된 차분 프라이버시(Personalized Differential Privacy)를 응용하여 연합학습에 적용한 방식들에 대하여 특징과 장점 및 한계점을 분석하고 향후 연구방향을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.119-127
• /
• 2003

Impossible differential cryptanalysis(IDC) introduced by Biham et. ${al}^{[4]}$ uses impossible differential characteristics. There-fore, a security of a block cipher against IDC is measured by impossible differential characteristics. In this paper, we pro-vide a wildly applicable method to find various impossible differential characteristics of block cipher structures not using the specified form of a round function. Using this method, we can find various impossible differential characteristics for Nyberg's generalized Feistel network and a generalized RC6-like structure. Throughout the paper, we assume round functions used in block cipher structures are bijective.ctive.