• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.3-14
• /
• 2007

In this paper, we observe that secure tweakable permutation families in the sense of strong pseudorandom permutation (SPRP) can be transformed to secure permutation families in the sense of SPRP against related-key attacks (SPRP-RKA). This fact allows us to construct a secure SPRP-RKA which is the most efficient to date. We also observe that secure function families of a certain form in the sense of a pseudorandom function (PRF) can be transformed to secure permutation families in the sense of PRP-RKA. We can exploit it to get various secure constructions against related-key attacks from known MAC algorithms. Furthermore, we define other security notions for related-key attacks, namely indistinguishability and non-malleability, and look into the relations between the security notions fur related-key attacks. We show that secure tweakable permutation families in the sense of indistinguishability (resp. non-malleability) can be transformed to secure permutation families in the sense of indistinguishability (resp. non-malleability) against related-key attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1059-1070
• /
• 2018

The block cipher Zorro is designed to reduce the implementation cost for side-channel countermeasure. It has a structure similar to AES, but the number of S-Boxes used is small. However, since the master key is used as the round key, it can be vulnerable to related key attacks. In this paper, we show key recovery attacks on Zorro using related-key differential characteristics. In addition, the related key differential characteristics are fatal when Zorro is used as the base block cipher of the hash function. In this paper, we describe how these characteristics can be linked to collision attacks in the PGV models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.115-126
• /
• 2005

SHACAL-2 is a 256-bit block cipher with up to 512 bits of key length based on the hash function SHA-2. It was submitted to the the NESSIE project and was recommended as one of the NESSIE selections. In this paper, we present two types of related-key attacks called the related-key differential-(non)linear and the related-key rectangle attacks, and we discuss the security of SHACAL-2 against these two types of attacks. Using the related-key differential-nonlinear attack, we can break SHACAL-2 with 512-bit keys up to 35 out of its 64 rounds, and using the related-key rectangle attack, we can break SHACAL-2 with 512-bit keys up to 37 rounds.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.3-10
• /
• 2007

In this paper we present related-key differential attacks on the block-wise stream cipher TWOPRIME. We construct various related-key differentials of TWOPRIME and use them to show that recovering related keys of TWOPRIME can be performed with a data complexity of $2^{14}$ known plaintext blocks and a time complexity of $2^{38}$ 8-bit table lookups.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.39-48
• /
• 2009

In this paper we improve previous related-key rectangle attacks on AES from 9 rounds to 10 rounds: Our attacks break the first 10 rounds of 12-round AES-192 with 256 related keys, a data complexity of $2^{124}$ and a time complexity of $2^{183}$, and also break the first 10 rounds of 12-round AES-192 with 64 related keys, a data complexity of $2^{122}$ and a time complexity of $2^{183.6}$, Our attacks are the best knoown attacks on AES-192.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5717-5730
• /
• 2019

LBlock-s is the core block cipher of authentication encryption algorithm LAC, which uses the same structure of LBlock and an improved key schedule algorithm with better diffusion property. Using the differential properties of the key schedule algorithm and the cryptanalytic technique which combines impossible boomerang attacks with related-key attacks, a 15-round related-key impossible boomerang distinguisher is constructed for the first time. Based on the distinguisher, an attack on 22-round LBlock-s is proposed by adding 4 rounds on the top and 3 rounds at the bottom. The time complexity is about only 2^68.76 22-round encryptions and the data complexity is about 2⁵⁸ chosen plaintexts. Compared with published cryptanalysis results on LBlock-s, there has been a sharp decrease in time complexity and an ideal data complexity.

• Journal for History of Mathematics
• /
• v.16 no.3
• /
• pp.101-108
• /
• 2003

The RSA cryptosystem is most commonly used for providing privacy and ensuring authenticity of digital data. 1'his system is based on the difficulty of integer factoring. Many attacks had been done, but none of them devastating. They mostly illustrate the dangers of improper use of RSA. Improper use implies many aspects, but here we imply the misuse of the parameters of RSA. Specially, sizes of parameters give strong effects on the efficiency and the security of the system. Parameters are also related each other. We analyze the relation of them. Recently many researchers are interested in side-channel attacks. We also investigate partial key exposure attacks, which was motivated by side-channel attacks. If a fraction of tile secret key bits is revealed, the private key will be reconstructed. We also study mathematical background of these attacks, solving modular multivariate polynomial equations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.6
• /
• pp.2148-2167
• /
• 2021

The proliferation of the Internet of Things (IoT) technologies and applications, especially the rapid rise in the use of mobile devices, from individuals to organizations, has led to the fundamental role of secure wireless networks in all aspects of services that presented with many opportunities and challenges. To ensure the CIA (confidentiality, integrity and accessibility) security model of the networks security and high efficiency of performance results in various resource-constrained applications and environments of the IoT platform, DDO-(data-driven operation) based constructions have been introduced as a primitive design that meet the demand of high speed encryption systems. Among of them, the TMN-family ciphers which were proposed by Tuan P.M., Do Thi B., etc., in 2016, are entirely suitable approaches for various communication applications of wireless mobile networks (WMNs) and advanced wireless sensor networks (WSNs) with high flexibility, applicability and mobility shown in two different algorithm selections, TMN64 and TMN128. The two ciphers provide strong security against known cryptanalysis, such as linear attacks and differential attacks. In this study, we demonstrate new probability results on the security of the two TMN construction versions - TMN64 and TMN128, by proposing efficient related-key recovery attacks. The high probability characteristics (DCs) are constructed under the related-key differential properties on a full number of function rounds of TMN64 and TMN128, as 10-rounds and 12-rounds, respectively. Hence, the amplified boomerang attacks can be applied to break these two ciphers with appropriate complexity of data and time consumptions. The work is expected to be extended and improved with the latest BCT technique for better cryptanalytic results in further research.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.977-983
• /
• 2009

Recently, several DDP, DDO and COS-based block ciphers have been proposed for hardware implementations with low cost. However, most of them are vulnerable to related-keyt attacks. A 12-round block cipher SCOS-3 is desinged to eliminate the weakness of DDP, DDO and COS-based block ciphers. In this paper, we propose a related-key differential attack on an 11-round reduced SCOS-3. The attack on an 11-round reduced SCOS-3 requires $2^{58}$ related-key chosen plaintexts and $2^{117.54}$ 11-round reduced SCOS-3 encryptions. This work is the first known attack on SCOS-3. Therefore, SCOS-3 is still vulnerable to related-key attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.803-807
• /
• 2018

The Fantomas and the Robin are the block ciphers included in the LS-designs, the family of block ciphers. They are designed to efficiently apply the masking technique, which is a side-channel analysis countermeasure technique, using L-boxes and S-boxes capable of bit slice implementation. In this paper, we show that the key recovery attacks of Fantomas and Robin through the related-key differential analysis are possible with $2^{56}$ and $2^{72}$ time complexity, $2^{56}$ and $2^{69}$ chosen plaintext respectively.