• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.73-79
• /
• 2000

We show how to reduce the number of multiplications required for an exponentiation by using a window method and a factor method. This method requires 599 multiplications for a 512-bit integer exponent while the window method with window size 5 requires 607 multiplications. This method requires fewest multiplications among practical exponentiation algo- rithms.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.476-484
• /
• 2008

Most string problems and their solutions are relevant to diverse applications such as pattern matching, data compression, recently bioinformatics, and so on. However, there have been few works on the relations between string problems and cryptographic problems. In this paper, we consider the following string reconstruction problems and show how these problems can be applied to cryptography. Given a string x of length n over a constant-sized alphabet ${\sum}$ and a set W of strings of lengths at most an integer $k({\leq}n)$, the first problem is to find the sequence of strings in W that reconstruct x by the minimum number of concatenations. We propose an O(kn+L)-time algorithm for this problem, where L is the sum of all lengths of strings in a given set, using suffix trees and a shortest path algorithm for directed acyclic graphs. The other is a dynamic version of the first problem and we propose an $O(k^3n+L)$-time algorithm. Finally, we show that exponentiation problems that arise in cryptography can be successfully reduced to these problems and propose a new solution for exponentiation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.33-41
• /
• 2010

Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1091-1102
• /
• 2014

The power analysis attack is a cryptanalytic technique to retrieve an user's secret key using the side-channel power leakage occurred during the execution of cryptographic algorithm embedded on a physical device. Especially, many power analysis attacks have targeted on an exponentiation algorithm which is composed of hundreds of squarings and multiplications and adopted in public key cryptosystem such as RSA. Recently, a new correlation power attack, which is tried when two modular multiplications have a same input, is proposed in order to recover secret key. In this paper, after reviewing the principle of side-channel attack based on input collisions in modular multiplications, we analyze the vulnerability of some exponentiation algorithms having regularity property. Furthermore, we present an improved exponentiation countermeasure to resist against the input collision-based CPA(Correlation Power Analysis) attack and existing side channel attacks and compare its security with other countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.585-591
• /
• 2013

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

• The KIPS Transactions:PartC
• /
• v.18C no.1
• /
• pp.1-6
• /
• 2011

The performance and practicality of cryptosystem for encryption, decryption, and primality test is primarily determined by the implementation efficiency of the modular exponentiation of $a^b$(mod n). To compute $a^b$(mod n), the standard binary squaring still seems to be the best choice. But, the d-ary, (d=2,3,4,5,6) method is more efficient in large b bits. This paper suggests m-numeral system modular exponentiation. This method can be apply to$b{\equiv}0$(mod m), $2{\leq}m{\leq}16$. And, also suggests the another method that is exit the algorithm in the case of the result is 1 or a.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.1C
• /
• pp.21-27
• /
• 2009

We present an efficient exponentiation algorithm for a finite field $GF(2^n)$ determined by an optimal normal basis of type II using signed digit representation of the exponents. Our signed digit representation uses a non-adjacent form (NAF) for $GF(2^n)$. It is generally believed that a signed digit representation is hard to use when a normal basis is given because the inversion of a normal element requires quite a computational delay. However our result shows that a special normal basis, called an optimal normal basis (ONB) of type II, has a nice property which admits an effective exponentiation using signed digit representations of the exponents.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.3C
• /
• pp.256-262
• /
• 2002

This paper presents a novel radix-4 modular multiplication algorithm based on the sign estimation technique (3). The sign estimation technique detects the sign of a number represented in the form of a carry-sum pair. It can be implemented with 5-bit carry look-ahead adder. The hardware speed of the cryptosystem is dependent on the performance modular multiplication of large numbers. Our algorithm requires only (n/2+3) clock cycle for n bit modulus in performing modular multiplication. Our algorithm out-performs existing algorithm in terms of required clock cycles by a half, It is efficient for modular exponentiation with large modulus used in RSA cryptosystem. Also, we use high-speed adder (7) instead of CPA (Carry Propagation Adder) for modular multiplication hardware performance in fecal stage of CSA (Carry Save Adder) output. We apply RL (Right-and-Left) binary method for modular exponentiation because the number of clock cycles required to complete the modular exponentiation takes n cycles. Thus, One 1024-bit RSA operation can be done after n(n/2+3) clock cycles.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.41-47
• /
• 2016

The times of multiplication for encryption and decryption of cryptosystem is primarily determined by implementation efficiency of the modular exponentiation of $a^b$(mod m). The most frequently used among standard modular exponentiation methods is a standard binary method, of which n-ary($2{\leq}n{\leq}6$) is most popular. The n-ary($1{\leq}n{\leq}6$) is a square-and-multiply method which partitions $b=b_kb_{k-1}{\cdots}b_1b_{0(2)}$ into n fixed bits from right to left and squares n times and multiplies bit values. This paper proposes a variable-length partition algorithm that partitions $b_{k-1}{\cdots}b_1b_{0(2)}$ from left to right. The proposed algorithm has proved to reduce the multiplication frequency of the fixed-length partition n-ary method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.111-117
• /
• 2003

The XTR public key system has advantage of short key length and fast computing speed. So, the XTR is used usefully in complicated operation. In this paper, we propose a new algorithm of double exponentiation operation and a proxy signature protocol based on the XTR. The double exponentiation operation should be executed to apply XTR for the proxy signature protocol. But this algorithm is inappropriate, because two secret key has to be blown in existent operation algorithm. New algorithm enable double exponentiation operation with proxy signer's secret key and public information. And the XTR is used to generation and verification of proxy at proxy signature protocol. Therefore proxy signature based on the XTR has basic advantage of the XTR. These advantage can be used in internet as well as mobile.