• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.551-561
• /
• 2018

As the computational technology using quantum computing has been developed, several threats on cryptographic systems are recently increasing. Therefore, many researches on post-quantum cryptosystems which can withstand the analysis attacks using quantum computers are actively underway. Nevertheless, the lattice-based NTRU system, one of the post-quantum cryptosystems, is pointed out that it may be vulnerable to the fault injection attack which uses the weakness of implementation of NTRU. In this paper, we investigate the fault injection attacks and their previous countermeasures on the NTRU signature system and propose a secure and efficient countermeasure to defeat it. As a simulation result, the proposed countermeasure has high fault detection ratio and low implementation costs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.5190-5208
• /
• 2016

Because of the advantages of certificateless and no escrow feature over the regular signature and identity-based signature, certificateless signature has been widely applied in e-business, e-government and software security since it was proposed in 2003. Although a number of certificateless signature schemes have been proposed, there is only one lattice-based certificateless signature scheme which is still secure in the quantum era. But its efficiency is not very satisfactory. In this paper, the first certificateless signature scheme on NTRU lattice is proposed, which is proven to be secure in random oracle model. Moreover, the efficiency of the new scheme is higher than that of the only one lattice-based certificateless signature.

• Journal of Information Processing Systems
• /
• v.9 no.3
• /
• pp.461-476
• /
• 2013

Recently, smart devices for various services have been developed using converged telecommunications, and the markets for near field communication mobile services is expected to grow rapidly. In particular, the realization of mobile NFC payment services is expected to go commercial, and it is widely attracting attention both on a domestic and global level. However, this realization would increase privacy infringement, as personal information is extensively used in the NFC technology. One example of such privacy infringement would be the case of the Google wallet service. In this paper, we propose an zero-knowledge proof scheme and ring signature based on NTRU for protecting user information in NFC mobile payment systems without directly using private financial information of the user.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.399-405
• /
• 2003

A new type of signature scheme, called NTRUSign, based on solving the approximately closest vector problem in an NTRU lattice was proposed in［7］,［8］. However no security proof against chosen messages attack has been made for this scheme. In this paper, we show that NTRUSign signature scheme contains the weakness of malleability. From this, one can derive new valid signatures from any previous message-signature pair which means that NTRUSign is not secure against strongly existential forgery.

• Journal of IKEEE
• /
• v.23 no.1
• /
• pp.200-206
• /
• 2019

Recently, there is a growing preference for a fast and secure cryptographic protocol that is applicable to Internet of things environments. Among the lattice-based cryptographic algorithms, the NTRU cryptosystem is secure by virtue of the shortest vector problem (SVP) and the closest problem(CVP), which is a problem of finding very short vectors and closest vector. NTRUSign, an electronic signature based on this cryptographic algorithm, has been proposed and proved unsafe for script attacks. In this paper, we propose a security protocol using a symmetric key algorithm by securing a shared key using key exchange. Therefore, the attacker can not compute the key value and intends to propose a more secure digital signature.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.942-945
• /
• 2012

최근 개인정보 노출에 의한 다양한 사건, 사고 발생에 의해 개인정보보호에 관련된 많은 이슈들이 문제시 되고 있다. 특히 과금, 결제에 활용되는 금융정보 노출 문제는 사용자들의 금전적인 피해를 발생시킬 수 있다. 이와 같은 문제점을 해결하기 위해 높은 암호학적 강도를 가진 암호알고리즘을 적용한다 하더라도 다양하고 끊임없는 공격에 의해 결국 사용자의 신원 또는 금융 결제 정보가 노출될 가능성을 가진다. 최근 한국인터넷진흥원에서 발표한 "NFC 개인정보보호 대책 최종보고서"에 따르면 개인 정보 암호화를 부분적으로 미지원하거나 불필요한 개인정보의 과도한 수집 및 저장 등이 문제점으로 제기되었으며 Google사의 Google Wallet 서비스의 개인정보 유출 사고 또한 이러한 문제점을 뒷받침하는 근거가 되고 있다. 본 논문에서는 기존에 서비스되고 있는 NFC 모바일 결제 서비스 상에서 결제정보의 이동 경로 별 결제 기술을 분석한다. 또한 가장 높은 등급의 모호성을 제공하는 환 서명을 이용하여 결제정보를 직접적으로 사용하지 않고 결제자를 증명할 수 있는 NTRU기반 환 서명 인증 기법에 대해 제안한다.