• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.11-25
• /
• 2011

The Miller algorithm is employed in the typical pairing computation such as Weil, Tate and Ate for implementing ID based cryptosystem. By analyzing the Mrabet's attack that is one of fault attacks against the Miller algorithm, this paper presents au efficient fault attack in Affine coordinate system, it is the most basic coordinates for construction of elliptic curve. The proposed attack is the effective model of a count check fault attack, it is verified to work well by practical fault injection experiments and can omit the probabilistic analysis that is required in the previous counter fault model.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.45 no.10
• /
• pp.23-30
• /
• 2008

Recently, a considerable number of studies have been conducted on pairing based cryptosystems. The efficiency of pairing based cryptosystems depends on finite fields, similar to existing public key cryptosystems. In general, pairing based ctyptosystems are defined over finite fields of chracteristic three, GF($3^m$), based on trinomials. A multiplication in GF($3^m$) is the most dominant operation. This paper proposes a new most significant digit(MSD)-first digit- serial multiplier. The proposed MSD-first digit-serial multiplier has the same area complexity compared to previous multipliers, since the modular reduction step is performed in parallel. And the critical path delay is reduced from 1MUL+(log ${\lceil}n{\rceil}$+1)ADD to 1MUL+(log ${\lceil}n+1{\rceil}$)ADD. Therefore, when the digit size is not $2^k$, the time delay is reduced by one addition.

• Journal of Broadcast Engineering
• /
• v.18 no.5
• /
• pp.758-770
• /
• 2013

In a Broadcast Encryption System, a sender sends an encrypted message to a large set of receivers at once over an insecure channel and it enables only users in a target set to decrypt the message with their private keys. In 2005, Boneh et al. proposed a fully collusion-resistant public key broadcast encryption in which the ciphertext and the privatekey sizes are constant. In general, pairing-based broadcast encryption system is efficient in bandwidth and storing aspects than non-pairing based broadcast encryption system, however, it requires many computational costs that resource-constrained devices is not suit to be applied. In this paper, we propose a Broadcast Encryption scheme(called BEWD) that user can decrypt a ciphertext more efficiently. The scheme is based on Boneh et al.scheme. More precisely, it reduces receiver's computational costs by delegating pairing computation to a proxy server which computation is required to receiver in Boneh et al.scheme. Furthermore, the scheme enables a user to check if the proxy server compute correctly. We show that our scheme is secure against selective IND-RCCA adversaries under l-BDHE assumption.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.105-107
• /
• 2007

최근에 제안되고 있는 원격 서버에 로그인하기 위한 방법은E와 패스워드뿐만 아니라 스마트카드를 함께 사용한다. 기존의 ID 와 패스워드를 사용한 인증은 공격자에 의해 추측이 가능하므로 사용자 가장 공격이 가능하다는 약점을 가지고 있다. 하지만 스마트카드와 ID, 패스워드를 사용하면 ID와 패스워드가 추측가능할지라도 스마트카드를 소지하고 있지 않다면 사용자 가장 공격 (impersonate attack)을 할 수 없다. 이 논문에서는 스마트카드와 ID, 패스워드를 함께 사용하여 원격 서버에 인증과 더불어 안전한 키 교환을 하며, 기존에 다른 논문들에서 언급한 조건들을 모두 만족하면서 안전한 키 교환까지 제안하였다. 기존의 스킴은 해쉬 기반으로 제안 되었으나 이 논문에서 제안한 스킴은 페어링 (pairing) 연산을 기반으로 제안 되었다. 또한, Computational Diffie-Hellman문제를 기반으로 스킴을 제안하여 안전성에 대한 증명이 가능하다 최근에 스마트카드를 사용한 인증에서 요구 되는 성질의 모든 조건을 만족한다는 장점을 가지고 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1465-1468
• /
• 2008

모바일 에드혹 네트워크(MANET)에서 익명 라우팅을 위해 각 노드가 익명ID를 이용하여 MAC 단에서 익명으로 서로를 인증하고 네트워크 단에서 익명 라우팅 수행하는 AODV 기반의 라우팅 기법이 제안된바 있다[4]. 하지만 기존의 제안된 방법은 익명ID가 변경될 때마다 페어링 연산을 통해 재인증을 해야 하며, 라우팅 경로 중간의 노드들은 메시지의 연결성을 없에게 위해 매홉마다 암·복호화를 반복하여 상당히 비효율적이다. 본 논문은 기존논문의 노드 인증 기법을 확장하여 실제 메시지의 교환과정에서 일어나는 홉 간 암호화 횟수를 줄이고, 임시 인증값을 이용한 노드 상호간의 빠른 인증 기법을 사용하여 노드간의 인증과 익명성을 보장하는 보다 효율적인 프로토콜을 제안한다.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.45 no.2
• /
• pp.49-54
• /
• 2008

In cryptosystems based on finite fields, a modular multiplication operation is the most crucial part of finite field arithmetic. Also, in multipliers with resource constrained environments, bit-serial output structures are used in general. This paper proposes two efficient bit-serial output multipliers with the polynomial basis representation for irreducible trinomials. The proposed multipliers have lower time complexity compared to previous bit-serial output multipliers. One of two proposed multipliers requires the time delay of $(m+1){\cdot}MUL+(m+1){\cdot}ADD$ which is more efficient than so-called Interleaved Multiplier with the time delay of $m{\cdot}MUL+2m{\cdot}ADD$. Therefore, in elliptic curve cryptosystems and pairing based cryptosystems with small characteristics, the proposed multipliers can result in faster overall computation. For example, if the characteristic of the finite fields used in cryprosystems is small then the proposed multipliers are approximately two times faster than previous ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.23-36
• /
• 2010

Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. We propose a new cryptographic notion called Identity-based online/offline signcryption. The notion of online/offline scheme can be divided into two phases, the first phase is performed offline prior to the arrival of a message to be signed or encrypted and the second phase is performed online phase after knowing the message and the public key of recipient. The Online phase does not require any heavy computations such as pairings or exponents. It is particularly suitable for power-constrained devices such as smart cards. In this paper, we propose ID-based signcryption scheme and ID-based online/offline signcryption scheme where the confidentiality and authenticity are simultaneously required to enable a secure and trustable communication environment. To our best knowledge, this is the first ID-based online/offline signcryption scheme that can be proven secure in the standard model.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.78-87
• /
• 2009

An attribute-based signature scheme is a signature scheme where a signer's private key is associate with an attribute set and a signature is associated with an access structure. Attribute-based signature schemes are useful to provide anonymity and access control for role-based systems and attribute-based systems where an identity of object is represented as a set of roles or attributes. In this paper, we formally define the definition of attribute-based signature schemes and propose the first efficient attribute-based signature scheme that requires constant number of pairing operations for verification where a policy is represented as a disjunctive normal form (DNF). To construct provably secure one, we introduce a new interactive assumption and prove that our construction is secure under the new interactive assumption and the random oracle model.