• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.1-15
• /
• 2020

As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1117-1127
• /
• 2014

Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.213-216
• /
• 2011

Differential Power Analysis is fully affected by various noises including temporal misalignment. Recently, Ryoo et al have introduced an efficient preprocessor method leading to improvements in DPA by removing the noise signals. This paper experimentally proves that the existing preprocessor method is not applied to all processor. To overcome this defect, we propose a Differential Trace Model(DTM). Also, we theoretically prove and experimentally confirm that the proposed DTM suites DPA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.149-156
• /
• 2011

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate values in the en/decryption computations are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the countermeasure for S-box must be efficiently constructed in the case of AES, ARIA and SEED. Existing countermeasures for S-box use the masked S-box table to require 256 bytes RAM corresponding to one S-box. But, the usage of the these countermeasures is not adequate in the lightweight security devices having the small size of RAM. In this paper, we propose the new countermeasure not using the masked S-box table to make up for this weak point. Also, the new countermeasure reduces time-complexity as well as the usage of RAM because this does not consume the time for generating masked S-box table.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.3
• /
• pp.105-108
• /
• 2015

In this paper, we propose a differential fault analysis on symmetric SPN block cipher with bitslice involution S-box in 2011. The target block cipher was designed using AES block cipher and has advantage about restricted hardware and software environment using the same structure in encryption and decryption. Therefore, the target block cipher must be secure for the side-channel attacks. However, to recover the 128-bit secret key of the targer block cipher, this attack requires only one random byte fault and an exhausted search of $2^8$. This is the first known cryptanalytic result on the target block cipher.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.875-888
• /
• 2021

In this paper, we search integral distinguishers of lightweight block cipher PIPO and propose a key recovery attack on 8-round PIPO-64/128 with the obtained 6-round distinguishers. The lightweight block cipher PIPO proposed in ICISC 2020 is designed to provide the efficient implementation of high-order masking for side-channel attack resistance. In the proposal, various attacks such as differential and linear cryptanalyses were applied to show the sufficient security strength. However, the designers leave integral attack to be conducted and only show that it is unlikely for PIPO to have integral distinguishers longer than 5-round PIPO without further analysis on Division Property. In this paper, we search integral distinguishers of PIPO using a MILP-aided Division Property search method. Our search can show that there exist 6-round integral distinguishers, which is different from what the designers insist. We also consider linear operation on input and output of distinguisher, respectively, and manage to obtain totally 136 6-round integral distinguishers. Finally, we present an 8-round PIPO-64/128 key recovery attack with time complexity 2^124.5849 and memory complexity of 2⁹³ with four 6-round integral distinguishers among the entire obtained distinguishers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.587-601
• /
• 2016

In this paper we suggest method for scalar recoding which is both secure against SPA and DPA. Suggested method is countermeasure to power analysis attack through scalar recoding using negative expression. Suggested method ensures safety of SPA by recoding the operation to apply same pattern to each digit. Also, by generating the random recoding output according to random number, safety of DPA is ensured. We also implement precomputation table and modified scalar addition algorithm for addition to protect against SPA that targets digit's sign. Since suggested method itself can ensure safety to both SPA and DPA, it is more effective and efficient. Through suggested method, compared to previous scalar recoding that ensures safety to SPA and DPA, operation efficiency is increased by 11%.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.38 no.1
• /
• pp.43-57
• /
• 2002

This paper introduces an analysis method to predicting the flow characteristic of flow field around otter board In order to develope a high performance model. In this experiment, it is used a numerical analysis of flow field through CFD(Computational Fluid Dynamic), PIV method in which quantitative, qualitative evaluation is possible. In this experiment, it is used PIV method with flow filed image around otter board in order to analysis of flow characteristic. The result compared flow pattern with analysis result through CFD and also measurement result of lift and drag force coefficient carried out in CWC(Circulating Water Channel). The numerical analysis result is matched well with experiment result of PIV in the research and it is able to verify In the physical aspect. The result is as follows ; (1) It was carried out visibility experiment using laser light sheet, and picture analysis through PIV method in order to analysis fluid field of otter-board. As a result, the tendency of qualitative fluid movement only through the fluid particle's flow could be known. (2) Since PIV analysis result is quantitative, this can be seen in velocity vector distributions, instantaneous streamline contour, and average vorticity distributions through various post processing method. As a result, the change of flow field could be confirmed. (3) At angle of attack 24$^{\circ}$ where It Is shown maximum spreading force coefficient, the analysis result of CFD and PIV had very similar flow pattern. In both case, at the otter-board post edge a little boundary layer separation was seen, but, generally they had a good flow (4) As the result of post processing with velocity vector distributions, instantaneous streamline contour and average vorticity distributions by PIV, boundary layer separation phenomenon started to happen from angle of attack 24$^{\circ}$, and from over angle of attack 28$^{\circ}$, it happen at leading edge side with the width enlarged.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.59-69
• /
• 2011

Since power analysis attack which uses a characteristic that power consumed by crypto device depends on processed data has been proposed, many logics that can block these correlation originally have been developed. DRP logic has been adopted by most of logics maintains power consumption balanced and reduces correlation between processed data and power consumption. However, semi-custom design is necessary because recently design circuits become more complex than before. This design method causes unbalanced design pattern that makes DRP logic consumes unbalanced power consumption which is vulnerable to power analysis attack. In this paper, we have developed new logic style which adds another discharge phase to discharge two output nodes at the same time based on DyCML to remove this unbalanced power consumption. Also, we simulated 1bit fulladder to compare proposed logic with other logics to prove improved performance. As a result, proposed logic is improved NED and NSD to 60% and power consumption reduces about 55% than any other logics.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.37 no.1
• /
• pp.1-8
• /
• 2001

This study deals with the experimental and numerical investigations to design the high performance otter board. Experiment was carried out to determine the most effective slot size of single-slot cambered otter board in the circulation water channel of BAEK KYUNG IND. Co. LTD. Numerical analysis was done by the commercial CFD code, FLUENT, to provide some valuable physical interpretations and finally to design the otter board section by numerical method. The major results are as follows ; 1. In experiment, the maximum lift and drag coefficients of simple cambered type otterboard were 1.41, 0.55, respectively, at the angle of attack $28^\circ$, while those of slot one with slot size 0.02C (C denotes the chord length) were 1.72, 0.42 at the angle of attack $24^\circ$. 2. The hydrodynamic characteristics depending upon slot size shows the greatest at 0.02C of the slot size. 3. Numerical results well visualized the streamlines, pressure fields, and speed vectors of a simple cambered and slot cambered otter board with slot size 0.02C. The slot cambered one with slot size 0.02C was shown that pressure field was distributed moderately on front and back side of otter board. And, the delay and decrease of separation were favorably achieved by flow through slot. 4. Computed result on the pattern of hydrodynamic field and the values of $C_L$ and $C_D$ by the commercial CFD code, FLUENT, show almost the same as those of the experimental result.