• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.65-78
• /
• 1997

Due to the cryptographic functional structure including the S-box, DES is not robust against differential cryptoanalysis (DC). Therefore, to increase the security against DC, we have to redesign the S-box or modify DES algorithm to decrease the probability for the N-1 round characteristics. However, it has been shown that a new design for the S-box is not secure enough. Rather, if will be more reliable to devise a modified cryptographic algorithm. In this paper, we propose a modified DES algorithm to decrease the probability of N-1 round characteristics to be robust against DC. According to our comparative study, the proposed algorithm is shown to be more robust against the DC than DES.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.37-44
• /
• 2008

The 128-bit block cipher SMS4 which is used in WAPI, the Chinese WALN national standard, uses a 128-bit user key with the number of 32 rounds. In this paper, we present a differential attack on the 20-round SMS4 using 16-round differential characteristic. This attack requires $2^{126}$ chosen plaintexts with $2^{105.85}$ 20-round SMS4 decryptions. This result is better than any previously known cryptanalytic results on SMS4 in terms of the numbers of attacked rounds.

• Journal of Korea Multimedia Society
• /
• v.5 no.6
• /
• pp.665-673
• /
• 2002

In this paper, we introduce cellular automata and propose a new block cipher algorithm based on cellular automata. For the evaluation of performance and security, we compare the results of the proposed algorithm with them of the standard block ciphers such as DES, Rijndael regarding on avalanche effects and processing time, and analyze the differential cryptanalysis for a reduction version of the proposed algorithm. In addition, we perform the statistical tests in FIPS PUB 140-2(Federal Information Processing Standards Publication 140-2) for the output bit sequences of proposed algorithm to guarantee the randomness property.

• ETRI Journal
• /
• v.30 no.1
• /
• pp.170-172
• /
• 2008

A substitution box (S-box) plays a central role in cryptographic algorithms. In this paper, an efficient method for designing S-boxes based on chaotic maps is proposed. The proposed method is based on the mixing property of piecewise linear chaotic maps. The S-box so constructed has very low differential and linear approximation probabilities. The proposed S-box is more secure against differential and linear cryptanalysis compared to recently proposed chaotic S-boxes.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.6
• /
• pp.1565-1575
• /
• 1997

A new encryption algorithm had been proposed as a replacement to the Data Encryption Standard (DES) in [1,2]. It called the Extended DES (EDES) has a key length of 112 bits. The plaintext data consists of 96 bits divided into 3 sub-blocks of 32 bits each. The EDES has a potentially higher resistance to differential cryptanalysis that the DES due to the asymmetric number of f functions performed on each of the 3 sub-blocks and due to the increase of S-boxes from 8 to 16. This paper propose a hardware design for the EDES and its implementation in VLSI. The VLSI chip implements data encryption and decryption in a single hardware unit. With a system clock frequency of 15Mhz the device permits a data conversion rate of about 90Mbit/sec. Therefore, the chip can be applied to on-line encryption in high-speed networking protocols.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.23-32
• /
• 2005

This paper presents a 128-bit Reversible Cellular Automata (RCA) based lightweight block cipher for Ubiquitous computing security. To satisfy resource-constraints for Ubiquitous computing, it is designed as block architecture based on Cellular Automata with high pseudo-randomness. Our implementation requires 704 clock cycles and consumes 2,874 gates for encryption of a 128-bit data block. In conclusion, the processing time outperformed that of AES and NTRU by 31%, and the number of gate was saved by 20%. We evaluate robustness of our implementation against both Differential Cryptanalysis and Strict Avalanche Criterion.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.445-452
• /
• 2002

In this paper, we suggest the design of 128bit block cipher which is provable security based on mathematics theory. We have derived the 16$\times$16 matrix(i.e.,linear transformation) which is numerous active S-box, and we proved for DC and LC which prove method about security of SPN structure cipher algorithm. Also, the minimum number of active S-box, the maximum differential probabilities and the maximum linear probabilities in round function of 128bit block cipher algorithm which has an effect to DC and LC are derived.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1611-1633
• /
• 2022

At EUROCRYPT 2019, a new block cipher algorithm called BISON was proposed by Canteaut et al. which uses a novel structure named as Whitened Swap-Or-Not (WSN). Unlike the traditional wide trail strategy, the differential and linear properties of this algorithm can be easily determined. However, the encryption speed of the BISON algorithm is quite low due to a large number of iterative rounds needed to ensure certain security margins. Commonly, denoting by n is the data block length, this design requires 3n encryption rounds. Moreover, the block size n of BISON is always odd, which is not convenient for operations performed on a byte level. In order to overcome these issues, we propose a new block cipher, named DBISON, which more efficiently employs the ideas of double layers typical to the BISON-like construction. More precisely, DBISON divides the input into two parts of size n/2 bits and performs the round computations in parallel, which leads to an increased encryption speed. In particular, the data block length n of DBISON can be even, which gives certain additional implementation benefits over BISON. Furthermore, the resistance of DBISON against differential and linear attacks is also investigated. It is shown the maximal differential probability (MDP) is 1/2^n-1 for n encryption rounds and that the maximal linear probability (MLP) is strictly less than 1/2^n-1 when (n/2+3) iterative encryption rounds are used. These estimates are very close to the ideal values when n is close to 256.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.607-615
• /
• 2022

The SITM (See-In-The-Middle) proposed in CHES 2020 is a methodology for side-channel assisted differential cryptanalysis. This technique analyzes the power traces of unmasked middle rounds in partial masked SPN block cipher implementation, and performs differential analysis with the side channel information. Blockcipher GIFT is a lightweight blockcipher proposed in CHES 2017, designed to correct the well-known weaknesses of block cipher PRESENT and provide the efficient implementation. In this paper, we propose SITM attacks on partial masked implementation of GIFT-128. This attack targets 4-round and 6-round masked implementation of GIFT-128 and time/data complexity is 2^14.01 /2^14.01, 2¹⁶ /2¹⁶. In this paper, we compare the masterkey recovery logic available in SITM attacks, establishing a criterion for selecting more efficient logic depending on the situation. Finally, We introduce how to apply the this attack to GIFT-COFB, one of the finalist candidates in NIST lightweight cryptography standardization process.

• Journal of Advanced Navigation Technology
• /
• v.19 no.1
• /
• pp.48-52
• /
• 2015

In this paper, we propose a differential fault analysis on SSB having same structure in encryption and decryption proposed in 2011. The target algorithm was designed using advanced encryption standard and has advantage about hardware implementations. The differential fault analysis is one of side channel attacks, combination of the fault injection attacks with the differential cryptanalysis. Because SSB is suitable for hardware, it must be secure for the differential fault analysis. However, using proposed differential fault attack in this paper, we can recover the 128 bit secret key of SSB through only one random byte fault injection and an exhausted search of $2^8$. This is the first cryptanalytic result on SSB having same structure in encryption and decryption.