• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.600-616
• /
• 2021

SIMON and SPECK are two families of lightweight block ciphers that have excellent performance on hardware and software platforms. At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits. In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. We firstly prove theoretically that SIMON is a non-Markov cipher, which means that the results based on conventional differential cryptanalysis may be inaccurate. Then we train a residual neural network to get the 7-, 8-, 9-round neural distinguishers for SIMON32/64. To prove the effectiveness for our distinguishers, we perform the distinguishing attack and key-recovery attack against 15-round SIMON32/64. The results show that the real ciphertexts can be distinguished from random ciphertexts with a probability close to 1 only by 2^8.7 chosen-plaintext pairs. For the key-recovery attack, the correct key was recovered with a success rate of 23%, and the data complexity and computation complexity are as low as 2⁸ and 2^20.1 respectively. All the results are better than the existing literature. Furthermore, we briefly discussed the effect of different residual network structures on the training results of neural distinguishers. It is hoped that our findings will provide some reference for future research.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.1
• /
• pp.435-451
• /
• 2019

Impossible differential cryptanalysis is an essential cryptanalytic technique and its key point is whether there is an impossible differential path. The main factor of influencing impossible differential cryptanalysis is the length of the rounds of the impossible differential trail because the attack will be more close to the real encryption algorithm with the number becoming longer. We provide the upper bound of the longest impossible differential trails of several important block ciphers. We first analyse the national standard of the Russian Federation in 2015, Kuznyechik, which utilizes the 16-byte LFSR to achieve the linear transformation. We conclude that there is no any 3-round impossible differential trail of the Kuznyechik without the consideration of the specific S-boxes. Then we ascertain the longest impossible differential paths of several other important block ciphers by using the matrix method which can be extended to many other block ciphers. As a result, we show that, unless considering the details of the S-boxes, there is no any more than or equal to 5-round, 7-round and 9-round impossible differential paths for KLEIN, Midori64 and MIBS respectively.

• Progress in Superconductivity and Cryogenics
• /
• v.22 no.4
• /
• pp.45-50
• /
• 2020

In this research, the variation of round-trip efficiency in a liquid air energy storage system (LAES) is calculated and an optimal configuration is found. The multiple stages of cold energy storage are simulated with several materials that process latent heat at different temperature ranges. The effectiveness in the charging and discharging processes of LAES is newly defined, and its relationship with the round-trip efficiency is examined. According to defined correlation, the effectiveness of the discharging process significantly affects the overall system performance. The round-trip efficiency is calculated for the combined cold energy storage materials of aqueous dimethyl sulfoxide (DMSO) solution, ethanol, and pentane theoretically. The performance of LAES varies depending on the freezing point of the cold storage materials. In particular, when the LAES uses several cold storage materials, those materials whose freezing points are close to room temperature and liquid air temperature should be included in the cold storage materials. In this paper, it is assumed that only latent heat is used for cold energy storage, but for more realistic analyzes, the additional consideration of the transient thermal situation to utilize sensible heat is required. In the case of such a dynamic system, since there is certainly more increased heat capacity of the entire storage system, the volume of the cold energy storage system will be greatly reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.107-115
• /
• 2004

SHACAL-2 is a 256 bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. UP to now, no security flaws have been found in SHACAL-2. In this paper, we discuss the security of SHACAL-2 against an impossible differential attack. We propose two types of 14 round impossible characteristics and using them we attack 30 round SHACAL-2 with 512 bit 18y. This attack requires 744 chosen plaintexs and has time complexity of 2$^{495.1}$ 30 round SHACAL-2 encryptions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.37-44
• /
• 2008

The 128-bit block cipher SMS4 which is used in WAPI, the Chinese WALN national standard, uses a 128-bit user key with the number of 32 rounds. In this paper, we present a differential attack on the 20-round SMS4 using 16-round differential characteristic. This attack requires $2^{126}$ chosen plaintexts with $2^{105.85}$ 20-round SMS4 decryptions. This result is better than any previously known cryptanalytic results on SMS4 in terms of the numbers of attacked rounds.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.27-35
• /
• 2008

In this paper we show that the full-round SCO-1[12] is vulnerable to the related-key differential attack. The attack on the full-round SCO-1 requires $2^{61}$ related-key chosen ciphertexts and $2^{120.59}$ full-round SCO-1 decryptions. This work is the first known attack on SCO-1.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.85-96
• /
• 2001

This paper describes saturation attacks on reduced-round versions of SKIPJACK. To begin with, we will show how to construct a 16-round distinguisher which distinguishes 16 rounds of SKIPJACK from a random permutation. The distinguisher is used to attack on 18(5~22) and 23(5~27) rounds of SKIPJACK. We can also construct a 20-around distinguisher based on the 16-round distinguisher. This distinguisher is used to attack on 22(1~22) and 27(1~27) rounds of SKIPJACK. The 80-bit user key of 27 rounds of SKIPJACK can be recovered with $2^{50}$ chosen plaintexts and 3\cdot 2^{75}$ encryption times.

• PNF and Movement
• /
• v.20 no.3
• /
• pp.391-397
• /
• 2022

Purpose: Recently, as a result of the use of smart devices, the incidence of musculoskeletal diseases in areas such as the neck and shoulders has increased. A common effect is rounded shoulder posture, which badly affects the movement and posture of the scapula, causing musculoskeletal disease. Therefore, in this study, we investigated the effects of three shoulder brace products on rounded shoulder posture. Methods: A total of 12 subjects comprising men and women in their 20s with round shoulder posture participated in this study. Three shoulder brace designs were selected, and the height change of the shoulder acromion in the lying state before and after wearing the braces was measured. Effectiveness verification was analyzed using the Mann-Whitney U test. Results: The results confirmed that the different shoulder brace designs had different effects on round shoulder posture. Conclusion: Currently, numerous designs of shoulder braces are being sold, but their effects have not been verified. In the future, more diverse designs of shoulder braces should be studied, and effective shoulder brace designs should be developed and used.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.165-184
• /
• 2023

The ARX-based lightweight block cipher is widely used in resource-constrained IoT devices due to fast and simple operation of software and hardware platforms. However, there are three weaknesses to ARX-based lightweight block ciphers. Firstly, only half of the data can be changed in one round. Secondly, traditional ARX-based lightweight block ciphers are static structures, which provide limited security. Thirdly, it has poor diffusion when the initial plaintext and key are all 0 or all 1. This paper proposes a new dynamic ARX-based lightweight block cipher to overcome these weaknesses, called DABC. DABC can change all data in one round, which overcomes the first weakness. This paper combines the key and the generalized two-dimensional cat map to construct a dynamic permutation layer P1, which improves the uncertainty between different rounds of DABC. The non-linear component of the round function alternately uses NAND gate and AND gate to increase the complexity of the attack, which overcomes the third weakness. Meanwhile, this paper proposes the round-based architecture of DABC and conducted ASIC and FPGA implementation. The hardware results show that DABC has less hardware resource and high throughput. Finally, the safety evaluation results show that DABC has a good avalanche effect and security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.923-941
• /
• 2017

A side-channel attack is a method of attacking a cipher based on physical information of a cryptographic device. The masking method, which is a typical method overcoming this attack, is a method of calculating an arbitrary masking value at the round intermediate value through rounds. Thus, it is difficult to guess the intermediate value by the side-channel attack, but if the masking operation is applied to all rounds of the encryption algorithm, the encryption process may become overloaded. Therefore, it is practical to use a reduced-round masking technique that applies a masking technique to only a part of the cipher for lightweight equipment such as Internet of Things(IoT) and wearable devices. In this paper, we describe a Hamming weight filtering for SIMON family with reduced-round masking technique and it is shown that first round key recovery is possible through actual programming.