• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.886-888
• /
• 2003

본 논문에서는 한국 정보보호진흥원에서 개발한 128 비트 블록 암호 알고리즘인 SEED를 VHDL로 설계하였으며, FPGA의 구현으로 성능 분석을 하였다. 암호화 과정에서의 라운드 키 생성과정을 복호화 과정에서도 동일하게 적용한 수 있게 설계하여 처리속도를 향상시켰고 라운드키 생성과정과 F 함수에서 사용되는 5개의 G함수를 하나의 G함수로 공유하여 게이트 수를 감소시켰다. Xilinx사의 Virtex XCV300 FPGA에 구현하였으며 합성결과 게이트 수는 10,610 개이고 최대 40MHz에서 동작살털 35.7Mbps로 암호화를 수행 할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1397-1400
• /
• 2008

본 논문에서는 디지털 TRS 시스템(TETRA)의 종단간 암호화에 사용되는 스마트카드의 성능 요구조건을 만족하는 상용 암호 알고리즘의 구현 가능성에 대하여 2가지 스마트카드에서 다룬다. 삼성전자의 16비트와 32비트 프로세서를 탑재한 스마트카드에서 각 알고리즘의 동작시간을 측정하였다. 성능 비교에 사용된 알고리즘들은 AES, ARIA, 3DES, SEED이다. 32비트 스마트카드에서는 알고리즘의 동작시간이 1.5ms에서 2.3ms사이에 존재하는 반면, 16비트 스마트카드에서는 2.8ms에서 8.2ms사이의 큰 차이로 존재한다. 단말기와 스마트카드의 통신 속도, 프로세서 계산 능력 등을 고려하여 상용스마트카드의 채택 가능한 칩과 알고리즘의 선정에 본 실험 결과는 참고자료가 될 수 있다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.7 no.4
• /
• pp.372-381
• /
• 2001

In this paper SEED, the Korea Standard 128-bit block cipher algorithm is implemented with VHDL and mapped into one FPGA. SEED consists of round key generation block, F function block, G function block, round processing block, control block and I/O block. The designed SEED is realized in an FPGA but we design it technology-independently so that ASIC or core-based implementation is possible. SEED requires many hardware resources which may be impossible to realize in one FPGA. So it is necessary to minimize hardware resources. In this paper only one G function is implemented and is used for both the F function block and the round key block. That is, by using one G function sequentially, we can realize all the SEED components in one FPGA. The used cell rate after synthesis is 80% in Altem FLEXI0KlOO. The resulted design has 28Mhz clock speed and 14.9Mbps performance. The SEED hardware is technology-independent and no other external component is needed. Thus, it can be applied to other SEED implementations and cipher systems which use SEED.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.2
• /
• pp.338-343
• /
• 2006

This paper describes about the design concept and the architecture of an economic VPN system which can perform fast crypto operations with cheap cost. The essence of the proposed system architecture is consisting of the system with two companion chips dedicated to VPN: one chip is a multi-purpose network processor for security machine and the other is a crypto acceleration chip which encrypt and decrypt network packets in a high speed. This study also addresses about some realizations that is required for fast prototyping such as the porting of an operating system, the establishment of compiler tool chain, the implementation of device drivers and the design of IPSec security engine. Especially, the second chip supports the most time consuming block cipher algorithms including 3DES, AES, and SEED and its performance was evaluated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.25-30
• /
• 2010

Block Cipher SEED which was developed by KISA are not only Korea national standard algorithm of TTA but also one of standard 128-bit block ciphers of ISO/IEC. Since SEED had been developed, many analyses were tried but there was no distinguishing cryptanalysis except the 7-round differential attack in 2002. The attack used the 6-round differential characteristic with probability $2^{-124}$ and analyzed the 7-round SEED with $2^{127}$ chosen plaintexts. In this paper, we propose a new 6-round differential characteristic with probability $2^{-110}$ and analyze the 7-round SEED with $2^{113}$ chosen plaintexts.

• Review of KIISC
• /
• v.14 no.5
• /
• pp.69-77
• /
• 2004

ISO/IEC JTC1/SC27의 WG2는 정보보안기술을 위한 관련 메커니즘의 표준을 만드는 Working Group이다. 본 고에서 소개하는 28차 싱가포르회의(2004. 4) 이전에 개최된 21차 동경회의(2000. 10)와 22차 오슬로회의(2001. 4)에 대해서는 동 학회지 제11권 1호(2001년 2월)와 제11권 3호(2001년 6월)를 참고하고, 23차 서울회의와 WG2 중 블록암호 표준화 동향에 대해서는 제11권 6호(2001년 12월), 24차 베를린회의(2002. 4)에 대해서는 제12권 2호(2002. 4)를 참고하기 바란다. 본 고에서는 금년 4. 19(월)∼23(금)에 걸쳐 싱가포르 Conrad Continental Singapore에서 개최된 제 28차 WG2 회의의 활동 결과를 소개하고, 아울러 암호알고리즘의 표준화 정책변경으로 지난 2000년부터 SEED의 국제표준 채택까지의 표준화 활동을 정리하고 향후 차세대 암호 기법의 국제표준화를 위한 제언을 한다. 또한 이번 회의 기간 중 아시아권 보안 기술 및 제품의 보급 확산을 위한 RAISS(Regional Asia Information Security Standards) 포럼의 동향과 대응 방안에 대하여 제안한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.11C
• /
• pp.1077-1087
• /
• 2003

In this paper, we proposed an architecture of a cryptosystem with various operating modes for the network security and implemented in hardware using the ASIC library. For configuring a cryptosystem, the standard block ciphers such as AES, SEED and 3DES were included. And the implemented cryptosystem can encrypt and decrypt the data in real time through the wired/wireless network with the minimum latency time (minimum 64 clocks, maximum 256 clocks). It can support CTR mode which is widely used recently as well as the conventional block cipher modes such as ECB, CBC and OFB, and operates in the multi-bit mode (64, 128, 192, and 256 bits). The implemented hardware has the expansion possibility for the other algorithms according to the network security protocol such as IPsec and the included ciphering blocks can be operated simultaneously. The self-ciphering mode and various ciphering mode can be supported by the hardware sharing and the programmable data-path. The global operation is programmed by the serial communication port and the operation is decided by the control signals decoded from the instruction by the host. The designed hardware using VHDL was synthesized with Hynix 0.25$\mu\textrm{m}$ CMOS technology and it used the about 100,000 gates. Also we could assure the stable operation in the timing simulation over 100㎒ using NC-verilog.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1225-1236
• /
• 2020

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.1
• /
• pp.123-136
• /
• 2004

In this paper, complexity and regularity of polynomial multiplication over $GF({2^n})$ are defined by using Hamming weight of rows and columns of the matrix ever GF(2) which represents polynomial multiplication. It is shown experimentally that in order to construct the block cipher robust against differential cryptanalysis, polynomial multiplication of substitution layer and the permutation layer should have high complexity and high regularity. With result of the experiment, a way of constituting S box and G function is suggested in the block cipher whose structure is similar to SEED, which is KOREA standard of 128-bit block cipher. S box can be formed with a nonlinear function and an affine transform. Nonlinear function must be strong with differential attack and linear attack, and it consists of an inverse number over $GF({2^8})$ which has neither a fixed pout, whose input and output are the same except 0 and 1, nor an opposite fixed number, whose output is one`s complement of the input. Affine transform can be constituted so that the input/output correlation can be the lowest and there can be no fixed point or opposite fixed point. G function undergoes linear transform with 4 S-box outputs using the matrix of 4${\times}$4 over $GF({2^8})$. The components in the matrix of linear transformation have high complexity and high regularity. Furthermore, G function can be constituted so that MDS(Maximum Distance Separable) code can be formed, SAC(Strict Avalanche Criterion) can be met, and there can be no weak input where a fixed point an opposite fixed point, and output can be two`s complement of input. The primitive polynomials of nonlinear function affine transform and linear transformation are different each other. The S box and G function suggested in this paper can be used as a constituent of the block cipher with high security, in that they are strong with differential attack and linear attack with no weak input and they are excellent at diffusion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.993-1000
• /
• 2017

When the availability of embedded device is considered, combined countermeasure such as first-order masking and hiding countermeasures is quite attractive because the security and efficiency can be provided at the same time. Especially, combined countermeasure can be applied to the confusion and diffusion layers of the first and last rounds in order to provide the efficiency. Also, the middle rounds only employs first-order masking countermeasure or no countermeasure. In this paper, we suggest a novel side channel analysis with low complexity in the output of diffusion layer. In general, the attack target cannot be set to the output of diffusion layer owing to the high complexity. When the diffusion layer of block cipher is composed of AND operations, we show that the attack complexity can be reduced. Here, we consider that the main algorithm is SEED. Then, the attack complexity with $2^{32}$ can be reduced by $2^{16}$ according to the fact that the correlation between the combination of S-box outputs and that of the outputs of diffusion layer. Moreover, compared to the fact that the main target is the output of S-box in general, we demonstrate that the required number of traces can be reduced by 43~98% in terms of simulated traces. Additionally, we show that only 8,000 traces are enough to retrieve the correct key by suggested scheme, although it fails to reveal the correct key when performing the general approach on 100,000 traces in realistic device.