• Journal of Advanced Navigation Technology
• /
• v.17 no.5
• /
• pp.568-573
• /
• 2013

In this paper, we propose a differential fault analysis on symmetry structured SPN block cipher proposed in 2008. The target algorithm has the SPN structure and a symmetric structure in encryption and decryption process. To recover the 128-bit secret key of the target algorithm, this attack requires only one random byte fault and an exhaustive search of $2^8$. This is the first known cryptanalytic result on the target algorithm.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.598-601
• /
• 2002

본 논문에서는 블록암호 알고리즘의 분석 중에 가장 널리 사용되고 있는 차분 분석법을 이용하여 정부전자관인인증체계(GPKI)가 지원하는 암호화용 알고리즘중의 하나인 블록암호 알고리즘 PACA에 적용하여 분석하였다$^{[10,8]}$ . 그 결과, 7-라운드의 차분 특성 확률이 2$^{-120}$ 이 되는 특성을 발견하였다. 이 차분 특성을 이용하여, 8-라운드 PACA에 대해 전수조사보다 빠른 공격법을 소개한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.190-194
• /
• 2003

이 논문에서는 블록 암호 알고리즘인 XTEA에 관한 연관키를 이용한 차분공격에 대하여 설명한다. 이것은 XTEA 알고리즘이 TEA가 갖고 있는 취약한 키 스케줄을 보완하여 Kelsey 등이 제안한 연관키 공격에 대응하기 위하여 설계되었지만, 26 라운드로 줄인 XTEA 또한 우리의 연관키를 이용한 차분공격에 안전하지 못하다는 것을 보여준다. 또한 키 스케줄에 의하여 다양하게 변화된 라운드의 XTEA에 관한 연관키 공격이 가능하다. 이 때 필요한 선택평문과 암호화 과정은 각각 2$^{18.5}$ 과 2$^{115.21}$ 이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.2
• /
• pp.793-810
• /
• 2015

The TWINE is a new Generalized Feistel Structure (GFS) lightweight cryptosystem in the Internet of Things. It has 36 rounds and the key lengths support 80 bits and 128 bits, which are flexible to provide security for the RFID, smart cards and other highly-constrained devices. Due to the strong attacking ability, fast speed, simple implementation and other characteristics, the differential fault analysis has become an important method to evaluate the security of lightweight cryptosystems. On the basis of the 4-bit fault model and the differential analysis, we propose an effective differential fault attack on the TWINE cryptosystem. Mathematical analysis and simulating experiments show that the attack could recover its 80-bit and 128-bit secret keys by introducing 8 faulty ciphertexts and 18 faulty ciphertexts on average, respectively. The result in this study describes that the TWINE is vulnerable to differential fault analysis. It will be beneficial to the analysis of the same type of other iterated lightweight cryptosystems in the Internet of Things.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.193-200
• /
• 2023

Cryptanalysis can be performed by various techniques such as known plaintext attack, differential attack, side-channel analysis, and the like. Recently, many studies have been conducted on cryptanalysis using deep learning. A known-plaintext attack is a technique that uses a known plaintext and ciphertext pair to find a key. In this paper, we use deep learning technology to perform a known-plaintext attack against S-PRESENT, a reduced version of the lightweight block cipher PRESENT. This paper is significant in that it is the first known-plaintext attack based on deep learning performed on a reduced lightweight block cipher. For cryptanalysis, MLP (Multi-Layer Perceptron) and 1D and 2D CNN(Convolutional Neural Network) models are used and optimized, and the performance of the three models is compared. It showed the highest performance in 2D convolutional neural networks, but it was possible to attack only up to some key spaces. From this, it can be seen that the known-plaintext attack through the MLP model and the convolutional neural network is limited in attackable key bits.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3815-3833
• /
• 2021

MILP-based automatic search is the most common method in analyzing the security of cryptographic algorithms. However, this method brings many issues such as low efficiency due to the large size of the model, and the difficulty in finding the contradiction of the impossible differential distinguisher. To analyze the security of ESF algorithm, this paper introduces a simplified MILP-based search model of the differential distinguisher by reducing constrains of XOR and S-box operations, and variables by combining cyclic shift with its adjacent operations. Also, a new method to find contradictions of the impossible differential distinguisher is proposed by introducing temporary variables, which can avoid wrong and miss selection of contradictions. Based on a 9-round impossible differential distinguisher, 15-round attack of ESF can be achieved by extending forward and backward 3-round in single-key setting. Compared with existing results, the exact lower bound of differential active S-boxes in single-key setting for 10-round ESF are improved. Also, 2108 9-round impossible differential distinguishers in single-key setting and 14 12-round impossible differential distinguishers in related-key setting are obtained. Especially, the round of the discovered impossible differential distinguisher in related-key setting is the highest, and compared with the previous results, this attack achieves the highest round number in single-key setting.

• Journal of Korea Multimedia Society
• /
• v.5 no.6
• /
• pp.683-696
• /
• 2002

The existing block encryption algorithms have been designed for the encryption key value to be unchanged and applied to the round functions of each block, and enciphered. Therefore, it has such a weak point that the plaintext or encryption key could be easily exposed by differential cryptanalysis or linear cryptanalysis, both are the most powerful methods for decoding block encryption of a round-repeating structure. In order to overcome with this weak point, an encryption algorithm using a mote efficient key should be designed. In this paper, a block encryption algorithm which is designed for each encryption key value to be applied to each round block with different value is proposed. This algorithm needs a short processing time in an encryption and decryption, has a high intensity, can apply to electronic commerce and various applications of data protection.

• The KIPS Transactions:PartC
• /
• v.18C no.5
• /
• pp.287-292
• /
• 2011

Using an expanded DES key, we suggest a block cipher algorithm to generate and to use a variable P box. We also present an efficient way for the implementation of variable P box at each round. Using counter examples on Differential Cryptanalysis(DC) and Linear Cryptanalysis(LC), we show that the suggested algorithm is strong enough to overcome those attacks. Compared with the real key bits of triple DES(3DES), the new algorithm is much safer in the points of the exhaustive attack. The results of computer simulations show that the new algorithm is almost 3 times faster than 3DES regarding the cipher process time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.12
• /
• pp.3398-3415
• /
• 2023

Internet-of-Things (IoT) is an emerging technology that interconnects millions of small devices to enable communication between the devices. It is heavily deployed across small scale to large scale industries because of its wide range of applications. These devices are very capable of transferring data over the internet including critical data in few applications. Such data is exposed to various security threats and thereby raises privacy-related concerns. Even devices can be compromised by the attacker. Modern cryptographic algorithms running on traditional machines provide authentication, confidentiality, integrity, and non-repudiation in an easy manner. IoT devices have numerous constraints related to memory, storage, processors, operating systems and power. Researchers have proposed several hardware and software implementations for addressing security attacks in lightweight encryption mechanism. Several works have made on lightweight block ciphers for improving the confidentiality by means of providing security level against cryptanalysis techniques. With the advances in the cipher breaking techniques, it is important to increase the security level to much higher. This paper, focuses on securing the critical data that is being transmitted over the internet by PRESENT using key-based dynamic S-Box. Security analysis of the proposed algorithm against other lightweight block cipher shows a significant improvement against linear and differential attacks, biclique attack and avalanche effect. A novel key-based dynamic S-Box approach for PRESENT strongly withstands cryptanalytic attacks in the IoT Network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.25-30
• /
• 2010

Block Cipher SEED which was developed by KISA are not only Korea national standard algorithm of TTA but also one of standard 128-bit block ciphers of ISO/IEC. Since SEED had been developed, many analyses were tried but there was no distinguishing cryptanalysis except the 7-round differential attack in 2002. The attack used the 6-round differential characteristic with probability $2^{-124}$ and analyzed the 7-round SEED with $2^{127}$ chosen plaintexts. In this paper, we propose a new 6-round differential characteristic with probability $2^{-110}$ and analyze the 7-round SEED with $2^{113}$ chosen plaintexts.