• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.47-57
• /
• 2004

The Goldreich-Goldwasser-Halevi(GGH)'s signature scheme from Crypto '97 is cryptanalyzed, which is based on the well-blown lattice problem. We mount a chosen message attack on the signature scheme, and show the signature scheme is vulnerable to the attack. We collects n lattice points that are linearly independent each other, and constructs a new basis that generates a sub-lattice of the original lattice. The sub-lattice is shown to be sufficient to generate a valid signature. Empirical results are presented to show the effectiveness of the attack Finally, we show that the cube-like parameter used for the private-key generation is harmful to the security of the scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.951-959
• /
• 2017

Under the assumption that there is available some additional information other than plaintext-ciphertext pairs, the security of the RSA cryptosystem has been analyzed by the attack methods such as the side-channel attacks and the lattice-based attacks. Recently, based on the data retention property of the powered-off DRAMs, the so called cold boot attack was proposed in the literature, which is focusing on recovering the various cryptosystems' key from some auxiliary information. This paper is dealing with the problem of recovering the RSA private key with erasures and errors and proposes a new key recovery algorithm which is shown to have better performance than the previous one introduced by Kunihiro et al.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4203-4225
• /
• 2014

Fuzzy identity-based cryptography introduces the threshold structure into identity-based cryptography, changes the receiver of a ciphertext from exact one to dynamic many, makes a cryptographic scheme more efficient and flexible. In this paper, we propose the first fuzzy identity-based signcryption scheme in lattice-based cryptography. Firstly, we give a fuzzy identity-based signcryption scheme that is indistinguishable against chosen plaintext attack under selective identity model. Then we apply Fujisaki-Okamoto method to obtain a fuzzy identity-based signcryption scheme that is indistinguishable against adaptive chosen ciphertext attack under selective identity model. Thirdly, we prove our scheme is existentially unforgeable against chosen message attack under selective identity model. As far as we know, our scheme is the first fuzzy identity-based signcryption scheme that is secure even in the quantum environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.5
• /
• pp.2762-2777
• /
• 2017

A fuzzy identity based signature (FIBS) scheme allows a signer with identity ${\omega}$ to generate a signature which could be verified under identity ${\omega}^{\prime}$ if and only if ${\omega}$ and ${\omega}^{\prime}$ are within a certain distance of each other as judged by some metric. In this paper, we propose an efficient FIBS scheme from lattice assumption, which can resist quantum-computer attacks. Without using the Bonsai Tree technique, we utilize the lattice basis delegation technique to generate the private key, which has the advantage of keeping the lattice dimension invariant. We also prove that our proposed scheme is existentially unforgeable under an adaptive chosen message and identity attack in the random oracle model. Compared with existing scheme, our proposed scheme is much more efficient, especially in terms of communication overhead. Since our FIBS scheme possesses similar error-tolerance property, it can be well applied in post-quantum communication biometric authentication environments, where biometric identifiers such as fingerprints, voice, iris and gait are used in human identification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1001-1011
• /
• 2017

A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

• Bulletin of the Korean Mathematical Society
• /
• v.46 no.4
• /
• pp.721-741
• /
• 2009

Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We first study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. The basic lattice based technique is similar to that of Ernst et al. in Eurocrypt 2005. However, our idea of guessing a few MSBs of the secret prime p substantially reduces the requirement of MSBs or LSBs of d for the key exposure attack. Further, we consider the RSA variant proposed by Sun and Yang in PKC 2005 and show that the partial key exposure attack works significantly on this variant.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.765-777
• /
• 2022

The SABER algorithm, a PKE/KEM algorithm presented in NIST PQC Standardization Round 3, is an algorithm based on the Module-LWR problem among lattice-based problems and has a Meta-PKE structure. At this time, the secret information used in the encryption process is called a ephemeral key, and in this paper, the ephemeral key reuse attack using the Meta-PKE structure is described. For each parameter satisfying the security strengths required by NIST, we present a detailed analysis of the previous studies attacked using 4, 6, and 6 queries, and improve them, using only 3, 4, and 4 queries. In addition, we introduce how to reduce the computational complexity of recovering ephemeral keys with a single query from the brute-force complexity on the n-dimension lattice, 2^7.91×n, 2^10.51×n, 2^12.22×n to 2^4.91×n, 2^6.5×n, 2^6.22×n, for each parameter, and present the results and limitations.

• Journal of Ocean Engineering and Technology
• /
• v.12 no.2 s.28
• /
• pp.87-96
• /
• 1998

A numerical simulation was done to investigate the performance of thin wings in close vicinity to ground. The simulation is based on Vortex Lattice Method(VLM) and freely deforming wake elements are taken into account for a sudden acceleration case. The parameters covered in the simulation are angle of attack, aspect ratio, ground clearance, sweep angle and taper ratio. In addition, the effect of the wing endplate on the ground effect is included. The wing sections used for present computations are uncambered, cambered and S-types. The present computational results are compared with other published computational results and experimental data.

• International Journal of Internet, Broadcasting and Communication
• /
• v.10 no.3
• /
• pp.11-25
• /
• 2018

While being believed that decrypting any RSA ciphertext is as hard as factorizing the RSA modulus, it was also shown that, if additional information is available, breaking the RSA cryptosystem may be much easier than factoring. For example, Coppersmith showed that, given the 1/2 fraction of the least or the most significant bits of one of two RSA primes, one can factorize the RSA modulus very efficiently, using the lattice-based technique. More recently, introducing the so called cold boot attack, Halderman et al. showed that one can recover cryptographic keys from a decayed DRAM image. And, following up this result, Heninger and Shacham presented a polynomial-time attack which, given 0.27-fraction of the RSA private key of the form (p, q, d, $d_p$, $d_q$), can recover the whole key, provided that the given bits are uniformly distributed. And, based on the work of Heninger and Shacham, this paper presents a different approach for recovering RSA private key bits from decayed key information, under the assumption that some random portion of the private key bits is known. More precisely, we present the algorithm of recovering RSA private key bits from erased key material and elaborate the formula of describing the number of partially-recovered RSA private key candidates in terms of the given erasure rate. Then, the result is justified by some extensive experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3911-3924
• /
• 2016

Compared to the classical cryptography, lattice-based cryptography is more secure, flexible and simple, and it is believed to be secure against quantum computers. In this paper, an efficient signature scheme is proposed from the ring learning with errors (R-LWE), which avoids sampling from discrete Gaussians and has the characteristics of the much simpler description etc. Then, the scheme is implemented in C/C++ and makes a comparison with the RSA signature scheme in detail. Additionally, a linearly homomorphic signature scheme without trapdoor is proposed from the R-LWE assumption. The security of the above two schemes are reducible to the worst-case hardness of shortest vectors on ideal lattices. The security analyses indicate the proposed schemes are unforgeable under chosen message attack model, and the efficiency analyses also show that the above schemes are much more efficient than other correlative signature schemes.