• Journal of applied mathematics & informatics
• /
• v.9 no.1
• /
• pp.303-310
• /
• 2002

The cyryptographic strength of a Feistel cipher depends strongly on the properties of its S-boxes, which are the strict avalanche criterion(SAC), the propagation criterion(PC) and GAC(the global avalanche criterion). In this paper global avalanche characteristics of S-boxes of the SEED are in-vestigated and compared to global avalanche characteristics of S-boxes of S-boxes of the Data Encryption Standard(DES).

• The Pure and Applied Mathematics
• /
• v.8 no.2
• /
• pp.163-174
• /
• 2001

In this paper we modify two indicators related to the global avalanche criterion (GAC) and discuss their properties. Also, we apply the modified indicators to measure the GAC of S-boxes of DES.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.16 no.1
• /
• pp.101-114
• /
• 1991

In a DES-like cryptosystem, the S(ubstitution) boxes determine its cryptographic strength as well as its nonlinearity. When in an S box a part of the output depends on a part of the input. It can be broken by the chosen plaintext attack. To prevent this attack, every output bit should changes with a probability of one half when ever a single input bit is complemented. We call this criterion Strict Avalanche criterion(SAC), which was proposed by Webster and Tavared. In this paper, we propose simple construction method of Boolean functions satisfying the SAC and bijective functions satisfying the maximum order SAC in order to design cryptographically desirable S-boxes. Also, practical construction examples of S-boxes are provided.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.1 no.1
• /
• pp.85-90
• /
• 1991

After we introduce the properties of bent functions satisfying the SAC(Strict Avalanche Criterion), we made cldar the relationship between two functions, i.e., all Boolean functions satisfying the maximum order SAC. Bant function will be useful to implement cryptographic functions like S-boxes of block cipher, nonlinear combiners, etc. But due to thear 0/1 unbalance and their existence for only even number of input bits, bent functions have some restrictions to use as a building block for constructing bijective cryptographic functions.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.23-32
• /
• 2005

This paper presents a 128-bit Reversible Cellular Automata (RCA) based lightweight block cipher for Ubiquitous computing security. To satisfy resource-constraints for Ubiquitous computing, it is designed as block architecture based on Cellular Automata with high pseudo-randomness. Our implementation requires 704 clock cycles and consumes 2,874 gates for encryption of a 128-bit data block. In conclusion, the processing time outperformed that of AES and NTRU by 31%, and the number of gate was saved by 20%. We evaluate robustness of our implementation against both Differential Cryptanalysis and Strict Avalanche Criterion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.127-134
• /
• 2001

At PKC\`98, SangUk Shin et al. proposed a new hash function based on advantages of SHA-1, RIPEMD-160, and HAVAL. They claimed that the Boolean functions of the hash function have good properties including the SAC(Strict Avalanche Criterion). In this paper, we first show that some of Boolean functions which are used in Shin\`s hash function does not satisfy the SAC, and then argue that satisfying the SAC may not be a good property of Boolean functions, when it is used for constructing compress functions of a hash function.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.4
• /
• pp.3-20
• /
• 1998

해쉬 함수는 임의의 길이를 갖는 메세지를 규정된 길이의 값으로 압축하는 알고리듬으로 메시지 정보의 무결정 , 사용자 인증, 바이러스 침투 예방에 응용될 수 있는 핵심 보안 알고리듬이다. 또한 안전한 해쉬 함수는 일방향성, 충돌회피성, 고속 동작성 등의 특성을 지녀야 한다. 본 노눈에서는 응용에 따라 128, 160, 192, 224, 256 비트 길이로 출력을 생성하고 암호학적으로 강력한 안전성을 지닌 해쉬 알고리듬(HAVES: Hash Algorithm with Variable IEngth Speed)을 제안한다. 이 해쉬 알고리듬은 메시지 블록을 1024비트 단뒤로 처리하고 연산의 효과적인 배열을 통해 비교적 빠른 속도로 동작한다. 제안하는 해쉬 알고리듬은 0-1 균형성(Balancedness), 높은 비선형성(Nonlinearity), 구조적인 선형 비등가성 (Linearly Inequivalent), 상호 출력 무상관성(Mutually Output Uncorrelated), SAC(Strict Avalanche Criterion)를 모두 만족함으로서 효율성과 안전성을 도모한다. 더불어 안전성이 요구되는 실용적인 응용에 맞게 출력 길이를 가변적으로 선택할 수 있도록 했다.

• ETRI Journal
• /
• v.42 no.4
• /
• pp.619-632
• /
• 2020

Highly dispersive S-boxes are desirable in cryptosystems as nonlinear confusion sublayers for resisting modern attacks. For a near optimal cryptosystem resistant to modern cryptanalysis, a highly nonlinear and low differential probability (DP) value is required. We propose a method based on a piecewise linear chaotic map (PWLCM) with optimization conditions. Thus, the linear propagation of information in a cryptosystem appearing as a high DP during differential cryptanalysis of an S-box is minimized. While mapping from the chaotic trajectory to integer domain, a randomness test is performed that justifies the nonlinear behavior of the highly dispersive and nonlinear chaotic S-box. The proposed scheme is vetted using well-established cryptographic performance criteria. The proposed S-box meets the cryptographic performance criteria and further minimizes the differential propagation justified by the low DP value. The suitability of the proposed S-box is also tested using an image encryption algorithm. Results show that the proposed S-box as a confusion component entails a high level of security and improves resistance against all known attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.4A
• /
• pp.291-300
• /
• 2002

In this paper, a way of constituting optimized S box and G function was suggested in the block cipher whose structure is similar to SEED, which is KOREA standard of 128-bit block cipher. S box can be formed with nonlinear function and an affine transform. Nonlinear function must be strong with differential attack and linear attack, and it consists of an inverse number over GF(2$\^$8/) which has neither a fixed point, whose input and output are the same except 0 and 1, nor an opposite flexed number, whose output is one's complement of the input. Affine transform can be constituted so that the input/output correlation can be the lowest and there can be no fixed point or opposite fixed point. G function undergoes diffusive linear transform with 4 S-box outputs using the matrix of 4$\times$4 over GF(2$\^$8/). G function can be constituted so that MDS(Maximum Distance Separable) code can be formed, SAC(Strict Avalanche Criterion) can be met, there can be no weak input, where a fried point, an opposite fried point, and output can be two's complement of input, and the construction of hardware can be made easy. The S box and G function suggested in this paper can be used as a constituent of the block cipher with high security, in that they are strong with differential attack and linear attack with no weak input and they are excellent at diffusion.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.1
• /
• pp.123-136
• /
• 2004

In this paper, complexity and regularity of polynomial multiplication over $GF({2^n})$ are defined by using Hamming weight of rows and columns of the matrix ever GF(2) which represents polynomial multiplication. It is shown experimentally that in order to construct the block cipher robust against differential cryptanalysis, polynomial multiplication of substitution layer and the permutation layer should have high complexity and high regularity. With result of the experiment, a way of constituting S box and G function is suggested in the block cipher whose structure is similar to SEED, which is KOREA standard of 128-bit block cipher. S box can be formed with a nonlinear function and an affine transform. Nonlinear function must be strong with differential attack and linear attack, and it consists of an inverse number over $GF({2^8})$ which has neither a fixed pout, whose input and output are the same except 0 and 1, nor an opposite fixed number, whose output is one`s complement of the input. Affine transform can be constituted so that the input/output correlation can be the lowest and there can be no fixed point or opposite fixed point. G function undergoes linear transform with 4 S-box outputs using the matrix of 4${\times}$4 over $GF({2^8})$. The components in the matrix of linear transformation have high complexity and high regularity. Furthermore, G function can be constituted so that MDS(Maximum Distance Separable) code can be formed, SAC(Strict Avalanche Criterion) can be met, and there can be no weak input where a fixed point an opposite fixed point, and output can be two`s complement of input. The primitive polynomials of nonlinear function affine transform and linear transformation are different each other. The S box and G function suggested in this paper can be used as a constituent of the block cipher with high security, in that they are strong with differential attack and linear attack with no weak input and they are excellent at diffusion.