• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.32-40
• /
• 2001

In this paper, we propose a high-speed modular multiplication algorithm which revises conventional Montgomery's algorithm. A hardware architecture is also presented to implement 1024-bit RSA cryptosystem for digital signature based on the proposed algorithm. Each iteration in our approach requires only one addition operation for two n-bit integers, while that in Montgomery's requires two addition operations for three n-bit integers. The system which is modelled in VHDL(VHSIC Hardware Description Language) is simulated in functionally through the use of $Synopsys^{TM}$ tools on a Axil-320 workstation, where Altera 10K libraries are used for logic synthesis. For FPGA implementation, timing simulation is also performed through the use of Altera MAX + PLUS II. Experimental results show that the proposed RSA cryptosystem has distinctive features that not only computation speed is faster but also hardware area is drastically reduced compared to conventional approach.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.3C
• /
• pp.256-262
• /
• 2002

This paper presents a novel radix-4 modular multiplication algorithm based on the sign estimation technique (3). The sign estimation technique detects the sign of a number represented in the form of a carry-sum pair. It can be implemented with 5-bit carry look-ahead adder. The hardware speed of the cryptosystem is dependent on the performance modular multiplication of large numbers. Our algorithm requires only (n/2+3) clock cycle for n bit modulus in performing modular multiplication. Our algorithm out-performs existing algorithm in terms of required clock cycles by a half, It is efficient for modular exponentiation with large modulus used in RSA cryptosystem. Also, we use high-speed adder (7) instead of CPA (Carry Propagation Adder) for modular multiplication hardware performance in fecal stage of CSA (Carry Save Adder) output. We apply RL (Right-and-Left) binary method for modular exponentiation because the number of clock cycles required to complete the modular exponentiation takes n cycles. Thus, One 1024-bit RSA operation can be done after n(n/2+3) clock cycles.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.1
• /
• pp.476-496
• /
• 2018

With the advancement and deployment of wireless communication techniques, wireless body area network (WBAN) has emerged as a promising approach for e-healthcare that collects the data of vital body parameters and movements for sensing and communicating wearable or implantable healthful related information. In order to avoid any possible rancorous attacks and resource abuse, employing lightweight ciphers is most effective to implement encryption, decryption, message authentication and digital signature for security of WBAN. As a typical lightweight cryptosystem with an extended sponge function framework, the PHOTON family is flexible to provide security for the RFID and other highly-constrained devices. In this paper, we propose a differential fault analysis to break three flavors of the PHOTON family successfully. The mathematical analysis and simulating experimental results show that 33, 69 and 86 random faults in average are required to recover each message input for PHOTON-80/20/16, PHOTON-160/36/36 and PHOTON-224/32/32, respectively. It is the first result of breaking PHOTON with the differential fault analysis. It provides a new reference for the security analysis of the same structure of the lightweight hash functions in the WBAN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1121-1130
• /
• 2016

RSA cryptosystem is one of the most widely used public key cryptosystem. The security of RSA cryptosystem is based on hardness of factoring large number and hence there are ongoing attempt to factor RSA modulus. General Number Field Sieve (GNFS) is currently the fastest known method for factoring large numbers so that CADO-NFS - publicly well-known software that was used to factor RSA-704 - is also based on GNFS. However, one disadvantage is that CADO-NFS could not always select the optimal polynomial for given parameters. In this paper, we analyze CADO-NFS's polynomial selection stage. We propose modified polynomial selection using Chinese Remainder Theorem and Euclidean Distance. In this way, we can always select polynomial better than original version of CADO-NFS and expected to use for factoring RSA-1024.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1739-1747
• /
• 2004

In this paper, an efficient radix-4 systolic VLSI architecture for RSA public-key cryptosystem is proposed. Due to the simple operation of iterations and the efficient systolic mapping, the proposed architecture computes an n-bit modular exponentiation in n$^{2}$ clock cycles since two modular multiplications for M$_{i}$ and P$_{i}$ in each exponentiation process are interleaved, so that the hardware is fully utilized. We encode the exponent using Radix-4. SD (Signed Digit) number system to reduce the number of modular multiplications for RSA cryptography. Therefore about 20% of NZ (non-zero) digits in the exponent are reduced. Compared to conventional approaches, the proposed architecture shows shorter period to complete the RSA while requiring relatively less hardware resources. The proposed RSA architecture based on the modified Montgomery algorithm has locality, regularity, and scalability suitable for VLSI implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.5 no.1
• /
• pp.17-24
• /
• 1995

In spite of the good security of the cryptosystem on an elliptic curve defined over finite field, the cryptosystem on an elliptic curve is slower than that on a finite field. To be practical, we need a better method to improve a speed of the cryptosystem on an elliptic curve defined over a finite field. In 1991, Koblitz suggested to use an anomalous curve over $F_2$, which is an elliptic curve with Frobenious map whose trace is 1, and reduced a speed of computation of mP. In this paper, we consider an elliptic curve defined over $F_4$ with Frobenious map whose trace is 3 and suggest an efficient algorithm to compute mP. On the proposed elliptic curve, we can compute multiples mP with ${\frac{3}{2}}log_2m$+1 addition in worst case.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.81-92
• /
• 2005

A novel public key cryptosystem that provides a double decryption mechanism is proposed at Asiacrypt '03 by Bresson, Catalano and Pointcheval based on the scheme proposed by Clamor and Shoup at Eurocrypt '02. Previous double decryrtion scheme is designed based on $Z_n^2$ where n=pq for two primes p,q. In this paper, we propose an efficient public key scheme with double decryption mechanism based on $Z_p^2_q$ for two primes p,q. Our scheme is more efficient an the previous schemes. Moreover, we review the previous schemes in a privacy point of view and propose a privacy enhanced double decryption scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.427-438
• /
• 2012

The SCADA(Supervisory Control and Data Acquisition) systems are used to control some critical national infrastructures such as electricity, gas, and water distribution systems. Recently, there are many researches on key management scheme for secure communication due to change to the open network environment. We propose a new key management method which is established on ID-based cryptosystem using pairing on MTU(Master Terminal Unit), Sub-MTU, and RTU(Remote Terminal Unit). Furthermore, we present a redistribution protocol of private key of each device and a system recovery protocol as a countermeasure of exposure of KMS(Key Management System) master key which is occurred by some unexpected accidents or malicious attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1099-1112
• /
• 2018

The field of post-quantum cryptography (PQC) is an active area of research as cryptographers look for public-key cryptosystems that can resist quantum adversaries. Among those categories in PQC, code-based cryptosystem provides high security along with efficiency. Recent works on code-based cryptosystems focus on the side-channel resistant implementation since previous works have indicated the possible side-channel vulnerabilities on existing algorithms. In this paper, we recovered the secret key in HyMES(Hybrid McEliece Scheme) using a single power consumption trace. HyMES is a variant of McEliece cryptosystem that provides smaller keys and faster encryption and decryption speed. During the decryption, the algorithm computes the parity-check matrix which is required when computing the syndrome. We analyzed HyMES using the fact that the joint distributions of nonlinear functions used in this process depend on the secret key. To the best of our knowledge, we were the first to propose the side-channel analysis based on joint distributions of leakages on public-key cryptosystem.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.62-62
• /
• 2012