• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2554-2580
• /
• 2018

Lenstra-Lenstra-$Lov{\acute{a}}sz$ (LLL) is an effective receiving algorithm for Multiple-Input-Multiple-Output (MIMO) systems, which is believed can achieve full diversity in MIMO detection of fading channels. However, the LLL algorithm features polynomial complexity and shows poor performance in terms of convergence. The reduction of algorithmic complexity and the acceleration of convergence are key problems in optimizing the LLL algorithm. In this paper, a variant of the LLL algorithm, the Hybrid-Fix-and-Round LLL algorithm, which combines both fix and round measurements in the size reduction procedure, is proposed. By utilizing fix operation, the algorithmic procedure is altered and the size reduction procedure is skipped by the hybrid algorithm with significantly higher probability. As a consequence, the simulation results reveal that the Hybrid-Fix-and-Round-LLL algorithm carries a faster rate of convergence compared to the original LLL algorithm, and its algorithmic complexity is at most one order lower than original LLL algorithm in real field. Comparing to other families of LLL algorithm, Hybrid-Fix-and-Round-LLL algorithm can make a better compromise in performance and algorithmic complexity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.95-102
• /
• 2002

Interactive hashing is a protocol introduced by Naor, Ostrovsk Venkatesan, $Yung^{[1]}$ with t-1 round complexity and $t^2$ - 1 bits communication complexity for given t bits string. In this paper, we propose more efficiently extended interactive hashing protocol with t/m- 1 round complexity and $t^2$/m - m bits communication complexity than NOVY protocol when m is a divisor of t, and prove the security of this.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5773-5784
• /
• 2019

ARIA is an involutory SPN block cipher. Its block size is 128-bit and the master key sizes are 128/192/256-bit, respectively. Accordingly, they are called ARIA-128/192/256. As we all know, ARIA is a Korean Standard block cipher nowadays. This paper focuses on the security of ARIA against impossible differential attack. We firstly construct a new 4-round impossible differential of ARIA. Furthermore, based on this impossible differential, a new 7-round impossible differential attack on ARIA-256 is proposed in our paper. This attack needs 2¹¹⁸ chosen plaintexts and 2²¹⁰ 7-round encryptions. Comparing with the previous best result, we improve both the data complexity and time complexity. To our knowledge, it is the best impossible differential attack on ARIA-256 so far.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5717-5730
• /
• 2019

LBlock-s is the core block cipher of authentication encryption algorithm LAC, which uses the same structure of LBlock and an improved key schedule algorithm with better diffusion property. Using the differential properties of the key schedule algorithm and the cryptanalytic technique which combines impossible boomerang attacks with related-key attacks, a 15-round related-key impossible boomerang distinguisher is constructed for the first time. Based on the distinguisher, an attack on 22-round LBlock-s is proposed by adding 4 rounds on the top and 3 rounds at the bottom. The time complexity is about only 2^68.76 22-round encryptions and the data complexity is about 2⁵⁸ chosen plaintexts. Compared with published cryptanalysis results on LBlock-s, there has been a sharp decrease in time complexity and an ideal data complexity.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1663-1668
• /
• 2005

There have been numerous researches regarding the QoS guarantee in packet switching networks. IntServs, based on a signaling mechanism and scheduling algorithms, suggesting promising solutions, yet has the crucial complexity problem so that not enough real implementations has been witnessed. Flow aggregation is suggested recently to overcome this issue. In order to aggregated flows fairly so that the latency of the aggregated flows is bound, however, a non-work conserving scheduler is necessary, which is not very popular because of its another inherent complexity. We suggest a non-work conserving scheduler, the Round Robin with Virtual Flow (RRVF), which is a variation of the popular Deficit Round Robin (DRR). We study the latency of the RRVF, and observe that the non-work conserving nature of the RRVF yields a slight disadvantage in terms of the latency, but after the aggregation the latency is greatly reduced, so that e combined latency is reduced. We conclude that the flow aggregation through RRVF can actually reduce the complexity of the bandwidth allocation as well as the overall latency within a network.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.1
• /
• pp.57-66
• /
• 2018

It is known that a single-key and a related-key attacks on AES-128 are possible for at most 7 and 8 rounds, respectively. The security of CMAC, a typical block-cipher-based MAC algorithm, has very high possibility of inheriting the security of the underlying block cipher. Since the attacks on the underlying block cipher can be applied directly to the first block of CMAC, the current security margin is not sufficient compared to what the designers of AES claimed. In this paper, we consider HMAC-DM-AES-128 as an alternative to CMAC-AES-128 and analyze its security for reduced rounds of AES-128. For 2-round AES-128, HMAC-DM-AES-128 requires the precomputation phase time complexity of $2^{97}$ AES, the online phase time complexity of $2^{98.68}$ AES and the data complexity of $2^{98}$ blocks. Our work is meaningful in the point that it is the first security analysis of MAC based on hash modes of AES.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.972-985
• /
• 2022

In the year 2020, a new lightweight block cipher µ² is proposed. It has both good software and hardware performance, and it is especially suitable for constrained resource environment. However, the security evaluation on µ² against impossible differential cryptanalysis seems missing from the specification. To fill this gap, an impossible differential cryptanalysis on µ² is proposed. In this paper, firstly, some cryptographic properties on µ² are proposed. Then several longest 7-round impossible differential distinguishers are constructed. Finally, an impossible differential cryptanalysis on µ² reduced to 10 rounds is proposed based on the constructed distinguishers. The time complexity for the attack is about 2^69.63 10-round µ² encryptions, the data complexity is O(2⁴⁸), and the memory complexity is 2^63.57 Bytes. The reported result indicates that µ² reduced to 10 rounds can't resist against impossible differential cryptanalysis.

• Journal of the Korean Institute of Telematics and Electronics C
• /
• v.34C no.9
• /
• pp.77-83
• /
• 1997

Based on the curve segment grouping, an efficient recognition of round objects form partially occuluded round boundaries is proposed. Curve segments are extracted from an image using a criterion based on the intra-segment curvature and local contrast. During the curve segment extraction the boundaries of pratially occluding and occuluded objects are segmented to different curve segments. The extracted segments of constant intra-segment curvature are grouped to different curve segments. The extracted segments of constant intra-segment curvature are grouped nto a round boundary by the proposed grouping algorithm using inter-segment curvature which gives the relatinships among the curve segments of the same round boundary. The 1st and the 2nd order moments are used for the parameter estimation of the best fitted ellipse with round boundary, and then recognition is perfomed based on the estimated parameters. The proposed scheme processes in segment unit and is more efficient in computational complexity and memory requirements those that of the conventional scheme which processed in pixel units. Experimental results show that the proposed technique is very efficient in recognizing the round object sfrom the real images with apples and pumpkins.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.4
• /
• pp.177-182
• /
• 2018

The home-and-way round-robin sports leagues scheduling problem with minimum brake is very hard to solve in polynomial time. This problem is NP-hard, the complexity status is not yet determined. This paper suggests round-robin sports leagues scheduling algorithm not computer-aided program but by hand with O(n) time complexity for arbitrary number of teams n with always same pattern. The algorithm makes a list of mathes using $n{\times}n$ canonical latin square for n=even teams. Then trying to get home(H) and away(A) with n-2 minimum number of brakes. Also, we get the n=odd scheduling with none brakes delete a team own maximum number of brakes from n=even scheduling.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.600-616
• /
• 2021

SIMON and SPECK are two families of lightweight block ciphers that have excellent performance on hardware and software platforms. At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits. In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. We firstly prove theoretically that SIMON is a non-Markov cipher, which means that the results based on conventional differential cryptanalysis may be inaccurate. Then we train a residual neural network to get the 7-, 8-, 9-round neural distinguishers for SIMON32/64. To prove the effectiveness for our distinguishers, we perform the distinguishing attack and key-recovery attack against 15-round SIMON32/64. The results show that the real ciphertexts can be distinguished from random ciphertexts with a probability close to 1 only by 2^8.7 chosen-plaintext pairs. For the key-recovery attack, the correct key was recovered with a success rate of 23%, and the data complexity and computation complexity are as low as 2⁸ and 2^20.1 respectively. All the results are better than the existing literature. Furthermore, we briefly discussed the effect of different residual network structures on the training results of neural distinguishers. It is hoped that our findings will provide some reference for future research.