• Journal of Advanced Navigation Technology
• /
• v.23 no.2
• /
• pp.207-213
• /
• 2019

Recently, the importance for internet of things (IoT) security has increased enormously and hardware-based compact chips are needed in IoT communication industries. In this paper, we propose low-complexity crypto-processor that unifies advanced encryption standard (AES), academy, research, institute, agency (ARIA), and CLEFIA protocols into one combined design. In the proposed crypto-processor, encryption and decryption processes are shared, and 128-bit round key generation process is combined. Moreover, the shared design has been minimized to be adapted in generic IoT devices and systems including lightweight IoT devices. The proposed crypto-processor was implemented in Verilog hardware description language (HDL) and synthesized to gate level circuit in 65nm CMOS process, which results in 11,080 gate counts. This demonstrates roughly 42% better than the aggregates of three algorithm implementations in the aspect of gate counts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.13-23
• /
• 2001

This paper implemented into hardware SEED which is the KOREA standard 128-bit block cipher. First, at the respect of hardware implementation, we compared and analyzed SEED with AES finalist algorithms - MARS, RC6, RIJNDAEL, SERPENT, TWOFISH, which are secret key block encryption algorithms. The encryption of SEED is faster than MARS, RC6, TWOFISH, but is as five times slow as RIJNDAEL which is the fastest. We propose a SEED hardware architecture which improves the encryption speed. We divided one round into three parts, J1 function block, J2 function block J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined one round into three parts, J1 function block, J2 function block, J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined it to make it more faster. G-function is implemented more easily by xoring four extended 4 byte SS-boxes. We tested it using ALTERA FPGA with Verilog HDL. If the design is synthesized with 0.5 um Samsung standard cell library, encryption of ECB and decryption of ECB, CBC, CFB, which can be pipelined would take 50 clock cycles to encrypt 384-bit plaintext, and hence we have 745.6 Mbps assuming 97.1 MHz clock frequency. Encryption of CBC, OFB, CFB and decryption of OFB, which cannot be pipelined have 258.9 Mbps under same condition.

• Journal of Communications and Networks
• /
• v.18 no.3
• /
• pp.273-287
• /
• 2016

White-box cryptography presented by Chow et al. is an obfuscation technique for protecting secret keys in software implementations even if an adversary has full access to the implementation of the encryption algorithm and full control over its execution platforms. Despite its practical importance, progress has not been substantial. In fact, it is repeated that as a proposal for a white-box implementation is reported, an attack of lower complexity is soon announced. This is mainly because most cryptanalytic methods target specific implementations, and there is no general attack tool for white-box cryptography. In this paper, we present an analytic toolbox on white-box implementations of the Chow et al.'s style using lookup tables. According to our toolbox, for a substitution-linear transformation cipher on n bits with S-boxes on m bits, the complexity for recovering the $$O\((3n/max(m_Q,m))2^{3max(m_Q,m)}+2min\{(n/m)L^{m+3}2^{2m},\;(n/m)L^32^{3m}+n{\log}L{\cdot}2^{L/2}\}\)$$, where $m_Q$ is the input size of nonlinear encodings,$m_A$ is the minimized block size of linear encodings, and $L=lcm(m_A,m_Q)$. As a result, a white-box implementation in the Chow et al.'s framework has complexity at most $O\(min\{(2^{2m}/m)n^{m+4},\;n{\log}n{\cdot}2^{n/2}\}\)$ which is much less than $2^n$. To overcome this, we introduce an idea that obfuscates two advanced encryption standard (AES)-128 ciphers at once with input/output encoding on 256 bits. To reduce storage, we use a sparse unsplit input encoding. As a result, our white-box AES implementation has up to 110-bit security against our toolbox, close to that of the original cipher. More generally, we may consider a white-box implementation of the t parallel encryption of AES to increase security.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.675-678
• /
• 2013

암호 알고리즘이 탑재된 환경에서 암호 알고리즘의 이론적 안전성이 고려되어도 환경에 의존한 부가적 정보를 활용하는 부채널 분석에 대한 안전성이 검토되어야 한다. 최근까지 부채널 분석에 대한 안전성을 고려한 대응기법으로 마스킹 기법이 적용되었으나, 이와는 상반된 개념인 하드웨어 DPL(Dual-rail with Precharge Logic) 기법을 응용한 균일한 해밍웨이트를 제공하는 소프트웨어 AES(Advanced Encryption Standard)가 제안되었다. 최근, 소프트웨어 기반 블록암호에 대해 고차 마스킹 부채널 대응법의 비효율성으로 새로운 방법에 대한 다양한 시도가 되고 있으며, 그 중 균일한 해밍웨이트를 제공하는 표현 방법이 효율적이고 안전한 새로운 대응법으로 검토되어지고 있다. 하지만, 논문에서는 균일한 해밍웨이트 데이터 표현방법 기반 부채널 대응법을 해독하는 차분전력분석 방법을 소개한다. 실험을 통해, AES 128비트 키 중 일부분이 분석됨을 확인하였다. 이는 공격자가 테이블 변환 정보를 활용할 수 있다는 다소 강력한 가정하에 실험하였기 때문이다. 앞선 가정 하에 안전성을 제공하기 위해서는 차후 추가적 대응기법이 고려되어야 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.10
• /
• pp.2207-2216
• /
• 2012

Recently, wireless Internet environment with mobile phones and wireless sensor networks with severe resource restrictions have been actively studied. Moreover, an overall security issues are essential to build a reliable and secure sensor network. One of secure solution is to develop a fast cryptographic algorithm for data encryption. Therefore, we propose a 128-bit stream cipher, AA128 which has efficient implementation of software and hardware and is suitable for real-time applications such as wireless Internet environment with mobile phones, wireless sensor networks and Digital Right Management (DRM). AA128 is stream cipher which consists of 278-bit ASR and non-linear transformation. Non-linear transformation consists of Confusion Function, Nonlinear transformation(SF0 ~ SF3) and Whitening. We show that the proposed stream cipher AA128 is faster than AES and Salsa20, and it satisfies the appropriate security requirements. Our hardware simulation result indicates that the proposed cipher algorithm can satisfy the speed requirements of real-time processing applications.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.390-393
• /
• 2006

IEEE 802.11e 과 IEEE 802.11n에서 data의 높은 전송률을 구현하기 위해 Block Ack와 frame agegation 과 같은 새로운 mechanism이 논의 되고 있다. 이러한 mechanism은 각각의 MPDU processing 마다 짧은 응답시간을 요구한다. 본 논문에서는 위의 새로운 MAC을 지원하는 IEEE 802.11i를 위한 효율적인 CCMP 설계를 제안한다. 제안된 설계에서는 한 AES-CCM core에서 MIC calculation 과 정보 암호화가 128bit씩 순차적으로 수행되어지는 mode toggling 접근을 채택했다. 본 설계에서는 응답시간이 44 clock cycle의 짧은 짧은 시간으로 줄었다. 또한 하나의 AES-CCM core를 사용하고 낮은 주파수에서 수용할만한 data throughput과 응답시간을 얻었기 때문에 하드웨어적인 복잡성과 전력 소모를 줄일수 있었다.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.3
• /
• pp.405-414
• /
• 2004

In this paper, we designed a 128-bits block cipher, Circle-g, which has 18-rounds modified Feistel structure and analyzed its secureness by the differential cryptanalysis and linear cryptanalysis. We could have full diffusion effect from the two rounds of the Circle-g. Because of the strong diffusion effect of the F-function of the algorithm, we could get a 9-rounds DC characteristic with probability 2^{-144} and a 12-rounds LC characteristic with probability 2^{-144}. For the Circle-g with 128-bit key, there is no shortcut attack, which is more efficient than the exhaustive key search, for more than 12 rounds of the algorithm.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.403-406
• /
• 2001

본 논문에서는 차세대 표준 알고리즘(AES: Advanced Encryption Standard)인 Rijndael 알고리즘의 고속화를 FPGA로 구현하였다. Rijndael 알고리즘은 미국 상무부 기술 표준국(NIST)에 의해 2000년 10월에 차세대 표준으로 선정된 블록 암호 알고리즘이다. FPGA(Field Programmable Gate Array)는 아키텍쳐의 유연성이 가장 큰 장점이며, 근래에는 성능면에서도 ASIC에 비견될 정도로 향상되었다. 본 논문에서는 128비트 키 길이와 블록 길이를 가지는 암호화(Encryption)블럭을 Xilinx VirtexE XCV812E-8-BG560 FPGA에 구현하였으며 약 15Gbits/sec의 성능(throughput)을 가진다. 이는 현재까지 발표된 FPGA Rijndael 알고리즘의 구현 사례 중 가장 빠른 방법 중의 하나이다.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.164-167
• /
• 2002

This paper presents the design of Rijndael crypto-processor with 128 bits, 192 bits and 256 bits key size. In October 2000 Rijndael cryptographic algorithm is selected as AES(Advanced Encryption Standard) by NIST(National Institute of Standards and Technology). Rijndael algorithm is strong in any known attacks. And it can be efficiently implemented in both hardware and software. We implement Rijndael algorithm in hardware, because hardware implementation gives more fast encryptioN/decryption speed and more physically secure. We implemented Rijndael algorithm for 128 bits, 192 bits and 256 bits key size with VHDL, synthesized with Synopsys, and simulated with ModelSim. This crypto-processor is implemented using on-the-fly key generation method and using lookup table for S-box/SI-box. And the order of Inverse Shift Row operation and Inverse Substitution operation is exchanged in decryption round operation of Rijndael algorithm. It brings about decrease of the total gate count. Crypto-processor implemented in these methods is applied to mobile systems and smart cards, because it has moderate gate count and high speed.

• ETRI Journal
• /
• v.39 no.1
• /
• pp.108-115
• /
• 2017

ARIA is a 128-bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential-linear cryptanalysis. We present five rounds of differential-linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential-linear attacks based on six rounds of ARIA-128 and seven rounds of ARIA-256. This is the first multidimensional differential-linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.