• Journal of the Korea Society of Computer and Information
• /
• v.23 no.1
• /
• pp.57-66
• /
• 2018

It is known that a single-key and a related-key attacks on AES-128 are possible for at most 7 and 8 rounds, respectively. The security of CMAC, a typical block-cipher-based MAC algorithm, has very high possibility of inheriting the security of the underlying block cipher. Since the attacks on the underlying block cipher can be applied directly to the first block of CMAC, the current security margin is not sufficient compared to what the designers of AES claimed. In this paper, we consider HMAC-DM-AES-128 as an alternative to CMAC-AES-128 and analyze its security for reduced rounds of AES-128. For 2-round AES-128, HMAC-DM-AES-128 requires the precomputation phase time complexity of $2^{97}$ AES, the online phase time complexity of $2^{98.68}$ AES and the data complexity of $2^{98}$ blocks. Our work is meaningful in the point that it is the first security analysis of MAC based on hash modes of AES.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.3
• /
• pp.105-108
• /
• 2015

In this paper, we propose a differential fault analysis on symmetric SPN block cipher with bitslice involution S-box in 2011. The target block cipher was designed using AES block cipher and has advantage about restricted hardware and software environment using the same structure in encryption and decryption. Therefore, the target block cipher must be secure for the side-channel attacks. However, to recover the 128-bit secret key of the targer block cipher, this attack requires only one random byte fault and an exhausted search of $2^8$. This is the first known cryptanalytic result on the target block cipher.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.53-64
• /
• 2002

This paper describes a design of cryptographic processor that implements the AES (Advanced Encryption Standard) block cipher algorithm, "Rijndael". An iterative looping architecture using a single round block is adopted to minimize the hardware required. To achieve high throughput rate, a sub-pipeline stage is added by dividing the round function into two blocks, resulting that the second half of current round function and the first half of next round function are being simultaneously operated. The round block is implemented using 32-bit data path, so each sub-pipeline stage is executed for four clock cycles. The S-box, which is the dominant element of the round block in terms of required hardware resources, is designed using arithmetic circuit computing multiplicative inverse in GF($2^8$) rather than look-up table method, so that encryption and decryption can share the S-boxes. The round keys are generated by on-the-fly key scheduler. The crypto-processor designed in Verilog-HDL and synthesized using 0.25-$\mu\textrm{m}$ CMOS cell library consists of about 23,000 gates. Simulation results show that the critical path delay is about 8-ns and it can operate up to 120-MHz clock Sequency at 2.5-V supply. The designed core was verified using Xilinx FPGA board and test system.

• Journal of Ubiquitous Convergence Technology
• /
• v.2 no.1
• /
• pp.12-17
• /
• 2008

In this paper, the 128bit AES block cipher algorithm OCB (Offset Code Book) mode for privacy and authenticity of high speed packet data was efficiently designed in C language level and was optimized to support the required capacity of contents server using high performance DSP. It is known that OCB mode is about two times faster than CBC-MAC mode. As an experimental result, the encryption / decryption speed of the implemented block cipher was 308Mbps, 311 Mbps respectively at 1GHz clock speed, which is 50% faster than a general design with 3.5% more memory usage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1117-1127
• /
• 2014

Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.155-157
• /
• 2016

한국 표준 블록암호 알고리듬 ARIA(Academy, Research Institute, Agency)와 미국 표준인 AES(Advanced Encryption Standard) 알고리듬은 128-비트 블록 길이를 지원하고 SPN(substitution permutation network) 구조를 특징으로 가져 서로 유사한 형태를 지닌다. 본 논문에서는 ARIA와 AES를 선택적으로 수행하는 ARIA-AES 통합 프로세서를 효율적으로 구현하였다. Verilog HDL로 설계된 ARIA-AES 통합 프로세서를 Virtex5 FPGA로 구현하여 정상 동작함을 확인하였고, $0.18{\mu}m$ 공정의 CMOS 셀 라이브러리로 100KHz의 동작주파수에서 합성한 결과 39,498 GE로 구현되었다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2093-2099
• /
• 2016

This paper describes a design of crypto-processor that supports multiple block cipher algorithms of PRESENT, ARIA, and AES. The crypto-processor integrates three cores that are PRmo (PRESENT with mode of operation), AR_AS (ARIA_AES), and AES-16b. The PRmo core implementing 64-bit block cipher PRESENT supports key length 80-bit and 128-bit, and four modes of operation including ECB, CBC, OFB, and CTR. The AR_AS core supporting key length 128-bit and 256-bit integrates two 128-bit block ciphers ARIA and AES into a single data-path by utilizing resource sharing technique. The AES-16b core supporting key length 128-bit implements AES with a reduced data-path of 16-bit for minimizing hardware. Each crypto-core contains its own on-the-fly key scheduler, and consecutive blocks of plaintext/ciphertext can be processed without reloading key. The crypto-processor was verified by FPGA implementation. The crypto-processor implemented with a $0.18{\mu}m$ CMOS cell library occupies 54,500 gate equivalents (GEs), and it can operate with 55 MHz clock frequency.

• Journal of the Korea Computer Industry Society
• /
• v.10 no.3
• /
• pp.105-114
• /
• 2009

In this paper a modified Feistel network 128 bit block cipher algorithm is proposed. The proposed algorithm has a 128, 196 or 256 bit key and it updates a selected 32 bit word from input value whole by deformed Feistel Network structure. Existing of such structural special quality is getting into block cipher algorithms and big distinction. The proposed block cipher algorithm shows much improved software speed compared with international standard block cipher algorithm AES and domestic standard block cipher algorithm SEED and ARIA. It may be utilized much in same field coming smart card that must perform in limited environment if use these special quality.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.4
• /
• pp.798-803
• /
• 2005

This paper describes a design of AES(Advanced Encryption Standard)-based CCMP core for IEEE 802.1li wireless LAN security. To maximize its performance, two AES cores ate used, one is for counter mode for data confidentiality and the other is for CBC(Cipher Block Chaining) mode for authentication and data integrity. The S-box that requires the largest hardware in AES core is implemented using composite field arithmetic, and the gate count is reduced by about $20\%$ compared with conventional LUT(Lookup Table)-based design. The CCMP core designed in Verilog-HDL has 13,360 gates, and the estimated throughput is about 168 Mbps at 54-MHz clock frequency. The functionality of the CCMP core is verified by Excalibur SoC implementation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.367-370
• /
• 2005

This paper describes a design of AES(Advanced Encryption Standard)-based CCMP core for IEEE 802.11i wireless LAN security. To maximize its performance, two AES cores are used, one is for counter mode for data confidentiality and the other is for CBC(Cipher Block Chaining)mode for authentication and data integrity. The S-box that requires the largest hardware in AES core is implemented using composite field arithmetic, and the gate count is reduced by about 25% compared with conventional LUT(Lookup Table)-based design. The CCMP core designed in Verilog-HDL has 15,450 gates, and the estimated throughput is about 128 Mbps at 50-MHz clock frequency). The functionality of the CCMP core is verified by Excalibur SoC implementation.