• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.20-34
• /
• 2009

We newly propose a multiple and unlinkable identity-based public key encryption scheme which allows the use of a various number of identity-based public keys in different groups or applications while keeping a single decryption key so that the decryption key can decrypt every ciphertexts encrypted with those public keys. Also our scheme removes the use of certificates as well as the key escrow problem so it is functional and practical. Since our public keys are unlinkable, the user's privacy can be protected from attackers who collect and trace the user information and behavior using the known public keys. Furthermore, we suggest a decryption key renewal protocol to strengthen the security of the single decryption key. Finally, we prove the security of our scheme against the adaptive chosen-ciphertext attack under the random oracle model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.107-112
• /
• 2000

In this paper, we study a security of HEA(Hangul Encryption Algorithm) against differential cryptanalysis. HEA, which is 1,024bits input/output and 56bits key size, has the same structure as DES(Data Encyption Standard) only for Korean characters to be produced in ciphertexts. An encryption algorithm should be developed to meet certain critria such as input/ouput dependencies, correlation, avalanche effects, etc. However HEA uses the same S-Boxes as DES does and just expands the plaintext/ciphertext sizes . We analysize HEA with a differential cryptanalysis and present two results. The number of rounds of HEA has not been determined in a concrete basis of cryptanalysis and we show a chosen plintext attack of 10 round reduced HEA with a diffe- rential cryptanalysis characteristic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.467-476
• /
• 2017

In this paper, we analyze Generalized Feistel Network(GFN) Type I, Type II, Type III that round function use SP update function, secret S-box and $k{\times}k$ MDS matirx. In this case an attacker has no advantage about S-box. For each type of GFN, we analyze and restore secret S-box in 9, 6, 6 round using the basis of integral cryptanalysis with chosen plaintext attack. Also we restore secret S-box in 16 round of GFN Type I with chosen ciphertext attack. In conclusion, we need $2^{2m}$ data complexity and ${\frac{2^{3m}}{32k}},{\frac{2^{3m}}{24k}},{\frac{2^{3m}}{36k}}$ time complexity to restore m bit secret S-box in GFN Type I, Type II, Type III.

• ETRI Journal
• /
• v.22 no.4
• /
• pp.25-31
• /
• 2000

Design of secure and efficient public-key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as ElGamal-type encryption schemes are concerned, some variants of the original ElGamal encryption scheme based on weaker computational assumption have been proposed: Although security of the ElGamal variant of Fujisaki-Okamoto public -key encryption scheme and Cramer and Shoup's encryption scheme is based on the Decisional Diffie-Hellman Assumption (DDH-A), security of the recent Pointcheval's ElGamal encryption variant is based on the Computational Diffie-Hellman Assumption (CDH-A), which is known to be weaker than DDH-A. In this paper, we propose new ElGamal encryption variants whose security is based on CDH-A and the Elliptic Curve Computational Diffie-Hellman Assumption (EC-CDH-A). Also, we show that the proposed variants are secure against the adaptive chosen-ciphertext attack in the random oracle model. An important feature of the proposed variants is length-efficiency which provides shorter ciphertexts than those of other schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.6
• /
• pp.1480-1491
• /
• 2013

Certificate-based cryptography is a new cryptographic primitive which eliminates the necessity of certificates in the traditional public key cryptography and simultaneously overcomes the inherent key escrow problem suffered in identity-based cryptography. However, to the best of our knowledge, all existed constructions of certificate-based encryption so far have to be based on the bilinear pairings. The pairing calculation is perceived to be expensive compared with normal operations such as modular exponentiations in finite fields. The costly pairing computation prevents it from wide application, especially for the computation limited wireless sensor networks. In order to improve efficiency, we propose a new certificate-based encryption scheme that does not depend on the pairing computation. Based on the decision Diffie-Hellman problem assumption, the scheme's security is proved to be against the chosen ciphertext attack in the random oracle. Performance comparisons show that our scheme outperforms the existing schemes.

• Journal of the Korean Institute of Telematics and Electronics A
• /
• v.30A no.8
• /
• pp.1-10
• /
• 1993

In this paper, we will propose 4-move ZKIP and its application. Using bit-commitment scheme that is necessary to organize the ZKIP related to NP-Complete problem and WH and WI preserving the property for security under parallel composition of protocols, we will show that the proposed ZKIP is 4-move ZKIP of SAT comparing to 6-move ZKIP of SAT proposed by Brassard. Chaum and Yung, and under claw-free pairs of function the proposed ZKIP is also 4-move ZKIP comparing to 5-move ZKIP proposed by Goldreich and Krawczyk under the same assumption. Moreover we will show the efficiency of the proposed scheme better than Fiat and Shamir's scheme at the points of computational complexity and communication complexity, and also propose the efficient and secure identification scheme against the chosen ciphertext attack, using the proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4508-4530
• /
• 2021

Today distributed data storage service are being widely used. However lack of proper means of security makes the user data vulnerable. In this work, we propose a Randomized Block Size (RBS) model for secure data storage in distributed environments. The model work with multifold block sizes encrypted with the Chinese Remainder Theorem-based RSA (C-RSA) technique for end-to-end security of multimedia data. The proposed RBS model has a key generation phase (KGP) for constructing asymmetric keys, and a rand generation phase (RGP) for applying optimal asymmetric encryption padding (OAEP) to the original message. The experimental results obtained with text and image files show that the post encryption file size is not much affected, and data is efficiently encrypted while storing at the distributed storage server (DSS). The parameters such as ciphertext size, encryption time, and throughput have been considered for performance evaluation, whereas statistical analysis like similarity measurement, correlation coefficient, histogram, and entropy analysis uses to check image pixels deviation. The number of pixels change rate (NPCR) and unified averaged changed intensity (UACI) were used to check the strength of the proposed encryption technique. The proposed model is robust with high resilience against eavesdropping, insider attack, and chosen-plaintext attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.439-448
• /
• 2017

It is news from nowhere that post-quantum cryptography has side-channel analysis vulnerability. Side-channel analysis attack method and countermeasures for code-based McEliece cryptosystem and lattice-based NTRU cryptosystem have been investigated. Unfortunately, the investigation of the ring-LWE cryptosystem in terms of side-channel analysis is as yet insufficient. In this paper, we propose a chosen ciphertext simple power analysis attack that can be applied when ring-LWE cryptography operates on 8-bit devices. Our proposed attack can recover the key only with [$log_2q$] traces. q is a parameter related to the security level. It is used 7681 and 12289 to match the common 128 and 256-bit security levels, respectively. We identify the vulnerability through experiment that can reveal the secret key in modular add while the ring-LWE decryption performed on real 8-bit devices. We also discuss the attack that uses a similarity measurement method for two vectors to reduce attack time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.147-155
• /
• 2013

Proxy re-encryption scheme has advantage where plaintext does not get exposed during re-encryption process. This scheme is popular for sharing server-saved data in case of cloud computing or mobile office that uses server to save data. Since previous proxy re-encryption schemes can use re-encryption key over and over again, it may abuse re-encryption. To solve this problem, conditional proxy re-encryption scheme was proposed. But, it is computationally expensive generate the same number of re-encryption key with the number of condition values. In this paper, we propose an efficient conditional proxy re-encryption scheme in terms of re-encryption key generation. The proposed scheme uses only encryption and decryption process. Therefore it has advantage to generate one re-encryption key for one person. The proposed scheme is secure against chosen-ciphertext attack.