• Proceedings of the Korea Multimedia Society Conference
• /
• 2001.11a
• /
• pp.629-634
• /
• 2001

보안프로토콜로 기존의 SSL에서 인증 기능을 각각의 사용자, 상점, 금융기관에 강화시킨 ECSCET 프로토콜이 있다. ECSET프로토콜의 구성성분으로 비밀키 알고리즘의 DES, 공개키 알고리즘의 RSA, 메시지 서명 알고리즘인 SHA중 공개키 알고리즘의 RSA, 메시지 서명 알고리즘인 SHA중 공개키 알고리즘의 RSA를 ECC로 대체함으로 암, 복호화 속도를 분석하였고, 서명 알고리즘으로 타원곡선을 이용한 ECDSA을 보였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.951-959
• /
• 2017

Under the assumption that there is available some additional information other than plaintext-ciphertext pairs, the security of the RSA cryptosystem has been analyzed by the attack methods such as the side-channel attacks and the lattice-based attacks. Recently, based on the data retention property of the powered-off DRAMs, the so called cold boot attack was proposed in the literature, which is focusing on recovering the various cryptosystems' key from some auxiliary information. This paper is dealing with the problem of recovering the RSA private key with erasures and errors and proposes a new key recovery algorithm which is shown to have better performance than the previous one introduced by Kunihiro et al.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.2
• /
• pp.117-126
• /
• 2011

RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.95-105
• /
• 2002

This paper describes an efficient method to implement a hardware circuit of RSA public key cryptographic algorithm, which is important to public-key cryptographic system for an authentication, a key exchange and a digital signature. The RSA algorithm needs a modular exponential for its cryptographic operation, and the modular exponential operation is consists of repeated modular multiplication. In a numerous algorithm to compute a modular multiplication, the Montgomery algorithm is one of the most widely used algorithms for its conspicuous efficiency on hardware implementation. Over the past a few decades a considerable number of studies have been conducted on the efficient hardware design of modular multiplication for RSA cryptographic system. But many of those studies focused on the decrease of operating time for its higher performance. The most important thing to design a hardware circuit, which has a limit on a circuit area, is a trade off between a small circuit area and a feasible operating time. For these reasons, we modified the Montgomery algorithm for its efficient hardware structure for a system having a limit in its circuit area and implemented the refined algorithm in the IESA system developed for ETRI's smart card emulating system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.843-846
• /
• 2001

SET보안 프로토콜은 DES, RSA, Hash 알고리즘으로 구성되어있는데, 본 연구는 기존의SET에서 사용되는 RSA알고리즘대신에 ECC알고리즘을 연구 개발하였고, 이것을 RSA와 속도면에서 성능을 비교 분석 하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.575-577
• /
• 2017

In public key cryptography such as RSA, modular exponentiation is the most time-consuming operation. RSA's modular exponentiation can be computed by repeated modular multiplication. To attain high efficiency for RSA, fast modular multiplication algorithms have been proposed to speed up decryption/encryption. Montgomery multiplication is limited by the carry propagation delay from the addition of long operands. In this paper, we propose a hardware structure that reduces the area of the Montgomery multiplication implementation for lightweight applications of RSA. Experimental results showed that the new design can achieve higher performance and reduce hardware area. A frequency of 884.9MHz and 250MHz were achieved with 84K and 56K gates respectively using the 90nm technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1089-1097
• /
• 2016

It is well-known that, if additional information other than a plaintext-ciphertext pair is available, breaking the RSA cryptosystem may be much easier than factorizing the RSA modulus. For example, Coppersmith showed that, given the 1/2 fraction of the least or most significant bits of one of two RSA primes, the RSA modulus can be factorized in a polynomial time. More recently, Henecka et. al showed that the RSA private key of the form (p, q, d, $d_p$, $d_q$) can efficiently be recovered whenever the bits of the private key are erroneous with error rate less than 23.7%. It is notable that their algorithm is based on counting the matching bits between the candidate key bit string and the given decayed RSA private key bit string. And, extending the algorithm, this paper proposes a new RSA private key recovery algorithm using a generalized probabilistic measure for measuring the consistency between the candidate key bits and the given decayed RSA private key bits.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.2
• /
• pp.83-92
• /
• 2013

RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4A
• /
• pp.447-457
• /
• 2004

This paper proposes a RSA crypto-processor for embedded systems. The architecture of the RSA crypto-processor should be used relying on Big Montgomery algorithm, and is supported by configurable bit size. The RSA crypto-processor includes a RSA control signal generator, an optimal Big Montgomery processor(adder, multiplier). We use diverse arithmetic unit (adder, multiplier) algorithm. After we compared the various results, we selected the optimal arithmetic unit which can be connected with ARM core-processor. The RSA crypto-processor was implemented with Verilog HDL with top-down methodology, and it was verified by C language and Cadence Verilog-XL. The verified models were synthesized with a Hynix 0.25${\mu}{\textrm}{m}$, CMOS standard cell library while using Synopsys Design Compiler. The RSA crypto-processor can operate at a clock speed of 51 MHz in this worst case conditions of 2.7V, 10$0^{\circ}C$ and has about 36,639 gates.

• The Journal of Information Technology
• /
• v.3 no.1
• /
• pp.61-72
• /
• 2000

In this paper, we propose a bit-sliced modular multiplication algorithm and a bit-sliced modular multiplier design meeting the increasing crypto-key size for RSA public key cryptosystem. The proposed bit-sliced modular multiplication algorithm was designed by modifying the Walter's algorithm. The bit-sliced modular multiplier is easy to expand to process large size operands, and can be immediately applied to RSA public key cryptosystem.