• ETRI Journal
• /
• v.37 no.1
• /
• pp.165-174
• /
• 2015

In this paper, we focus on a novel technique called the cube-linear attack, which is formed by combining cube attacks with linear attacks. It is designed to recover the secret information in a probabilistic polynomial and can reduce the data complexity required for a successful attack in specific circumstances. In addition to the different combination strategies of the two attacks, two cube-linear schemes are discussed. Applying our method of a cube-linear attack to a reduced-round Trivium, as an example, we get better linear cryptanalysis results. More importantly, we believe that the improved linear cryptanalysis technique introduced in this paper can be extended to other ciphers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.11-18
• /
• 2007

Multiple linear cryptanalysis has been researched as a method building up the linear attack strength. We indicate that the lastest linear attack algorithm using multiple approximations, which was proposed by Biryukov et al. is hardly applicable to block ciphers with highly nonlinear key schedule, and propose a new multiple linear attack algorithm. Simulation of the new attack algorithm with a small block cipher shows that theory for the new multiple linear cryptanalysis works well in practice.

• Journal of Information Processing Systems
• /
• v.7 no.1
• /
• pp.151-158
• /
• 2011

Bivium is a simplified version of Trivium, a hardware profile finalist of the eSTREAM project. Bivium has an internal state size of 177 bits and a key length of 80 bits. In this paper, a guess and determine attack on this cipher is introduced. In the proposed method, the best linear approximations for the updating functions are first defined. Then by using these calculated approximations, a system of linear equations is built. By guessing 30 bits of internal state, the system is solved and all the other 147 remaining bits are determined. The complexity of the attack is O ($2^{30}$), which is an improvement to the previous guess and determine attack with a complexity of order O($2^{52.3}$).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.57-66
• /
• 2005

SHACAL-2 is a 256-bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. This paper presents differential-linear type attacks on SHACAL-2 with 512-bit keys up to 32 out of its 64 rounds. Our 32-round attack on the 512-bit keys variants is the best efficient attack on this cipher in published literatures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.47-57
• /
• 2003

In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC) and show that we can attack full-round CIKS-1 with \ulcorner56-bit key through the canonical extension of our attack. A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduling which consist in data dependent transformation of the round subkeys. Taking into accout the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p=3/4 for 16 parallel modulo $2^2$ additions to construct one-round linear approximation and derive one-round linear approximation with the probability P=1/2+$2^{-17}$ by Piling-up lemma. Then we present 3-round linear approximation with 1/2+$2^{-17}$ using this one-round approximation and attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion we present that our attack requires $2^{38}$chosen plaintexts with a probability of success of 99.9% and about $2^{67-7}$encryption times to recover the last round key.(But, for the full-round CIKS-1, our attack requires about $2^{166}$encryption times)

• Journal of Korean Tunnelling and Underground Space Association
• /
• v.16 no.6
• /
• pp.573-584
• /
• 2014

In this study, the variations of cutter acting forces depending on cutting conditions were examined to obtain basic data for roadheader cutting head design. The linear cutting tests were performed in the condition of different attack angles, penetration depths, cutter spacings by using a slim conical pick for the light cutting condition. Cutter acting forces were measured by 3-directional load cell under different test conditions, and the analysis for cutting performance were carried out after calculating average values of the measured results. It is confirmed that the optimal cutting condition for the mortar specimen is the 50 degree attack angle, the cutter spacing of 12 mm, the cutting depth of 9 mm which are obtained from the analysis results. In addition, 50 degree attack angle is more effective than 45 degree attack angle to design optimal specifications of cutting head.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.7
• /
• pp.1462-1470
• /
• 2003

According to the necessity about information security as well as the advance of IT system and the spread of the Internet, a variety of cryptography algorithms are being developed and put to practical use. In addition the technique about cryptography attack also is advanced, and the algorithms which are strong against its attack are being studied. If the linear transformation matrix in the block cipher algorithm such as Substitution Permutation Networks(SPN) produces the Maximum Distance Separable(MDS) code, it has strong characteristics against the differential attack and linear attack. In this paper, we propose a new algorithm which cm estimate that the linear transformation matrix produces the MDS code. The elements of input code of linear transformation matrix over GF$({2_n})$ can be interpreted as variables. One of variables is transformed as an algebraic formula with the other variables, with applying the formula to the matrix the variables are eliminated one by one. If the number of variables is 1 and the all of coefficient of variable is non zero, then the linear transformation matrix produces the MDS code. The proposed algorithm reduces the calculation time greatly by diminishing the number of multiply and reciprocal operation compared with the conventional algorithm which is designed to know whether the every square submatrix is nonsingular.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.45-52
• /
• 2001

In this paper, we examine the method for evaluating the security of SPN structures against differential cryptanalysis and linear cryptanalysis. We present an example of SPN structures in which there is a considerable difference between the differential probabilities and the characteristic probabilities. Then we 7pose an algorithm for estimating the maximum differential probabilities and the maximum linear hull probabilities of SPN structures and an useful method for accelerating the proposed algorithm. By using this method, we obain the maximum differential probabilities and the maximum linear probabilities of round function F of block cipher E2.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.53-60
• /
• 2007

In a known plaintext scenario, fast correlation attack is very powerful attack on stream ciphers. Most of fast correlation attacks consider the cryptographic problem as the suitable decoding problem. In this paper, we introduce advanced multi-pass fast correlation attack which is based on the fast correlation attack, which uses parity check equation and Fast Walsh Transform, proposed by Chose et al. and the Multi-pass fast correlation attack proposed by Zhang et al. We guess some bits of initial states of the target LFSR with the same method as previously proposed methods, but we can get one more bits at each passes and we will recover the initial states more efficiently.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.437-440
• /
• 2009

We propose a fast stream cipher ASC16 for software implementation. ASC16 has a very simple structure with ASR(Arithmetic Shift Register), NLF(Non-Linear Filter), and NLB(Non-Linear Block), and is executed by a word. It is a stream cipher for wireless communication, which makes 32bit key streams using s-box with non-linear transformation. The processed result is almost same as SSC2, 32bit output stream cipher, developed by Zhang, Carroll, and Chan. The period is longer than SSC2, and it causes the difficulty of Correlation attack and raises security very much. The proposed ASC16 is efficiently used in the process of a fast cipher in the limited environment such as wireless communication.