Chae Hoon Lim

More Flexible Exponentiation with Precomputation

A new precomputation method is presented for computing gR for a fixed element g and a randomly chosen exponent R in a given group. Our method is more efficient and flexible than the previously proposed methods, especially in the case where the amount of storage available is very small or quite large. It is also very efficient in computing gRyB for a small size E and variable number y, which occurs in the verification of Schnorrs identification scheme or its variants. Finally it is shown that our method is well-suited for parallel processing as well.

Fast Implementation of Elliptic Curve Arithmetic in GF(pn)

Elliptic curve cryptosystems have attracted much attention in recent years and one of major interests in ECC is to develop fast algorithms for field/elliptic curve arithmetic. In this paper we present various improvement techniques for field arithmetic in GF(p n )(p a prime), in particular, fast field multiplication and inversion algorithms, and provide our implementation results on Pentium II and Alpha 21164 microprocessors.

Security and Performance of Server-Aided RSA Computation Protocols

This paper investigates various security issues and provides possible improvements on server-aided RSA computation schemes, mainly focused on the two-phase protocols, RSA-SIM and RSA-S2M, proposed by Matsumoto et al. [4]. We first present new active attacks on these protocols when the final result is not checked. A server-aided protocol is then proposed in which the client can check the computed signature in at most six multiplications irrespective of the size of the public exponent. Next we consider multi-round active attacks on the protocol with correctness check and show that parameter restrictions cannot defeat such attacks. We thus assume that the secret exponent is newly decomposed in each run of the protocol and discuss some means of speeding up this preprocessing step. Finally, considering the implementation-dependent attack, we propose a new method for decomposing the secret and performing the required computation efficiently.

A Revised Version of Crypton - Crypton V1.0

The block cipher CRYPTON has been proposed as a candidate algorithm for the Advanced Encryption Standard (AES). To fix some minor weakness in the key schedule and to remove some undesirable properties in S-boxes, we made some changes to the AES proposal, i.e., in the S-box construction and key scheduling. This paper presents the revised version of CRYPTON and its preliminary analysis.

Another method for attaining security against adaptively chosen ciphertext attacks

Practical approaches to constructing public key cryptosystems secure against chosen ciphertext attacks were first initiated by Damgard and further extended by Zheng and Seberry. In this paper we first point out that in some cryptosystems proposed by Zheng and Seberry the method for adding authentication capability may fail just under known plaintext attacks. Next, we present a new method for immunizing public key cryptosystems against adaptively chosen ciphertext attacks. In the proposed immunization method, the deciphering algorithm first checks that the ciphertext is legitimate and then outputs the matching plaintext only when the check is successful. This is in contrast with the Zheng and Seberrys methods, where the deciphering algorithm first recovers the plaintext and then outputs it only when the checking condition on it is satisfied. Such a ciphertext-based validity check will be particularly useful for an application to group-oriented cryptosystems, where almost all deciphering operations are performed by third parties, not by the actual receiver.

A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp

Consider the well-known oracle attack: somehow one gets a certain computation result as a function of a secret key from the secret key owner and tries to extract some information on the secret key. This attacking scenario is well understood in the cryptographic community. However, there are many protocols based on the discrete logarithm problem that turn out to leak many of the secret key bits from this oracle attack, unless suitable checkings are carried out. In this paper we present a key recovery attack on various discrete log-based schemes working in a prime order subgroup. Our attack may reveal part of, or the whole secret key in most Diffie-Hellman-type key exchange protocols and some applications of ElGamal encryption and signature schemes.

Speeding Up Elliptic Scalar Multiplication with Precomputation

It is often required in many elliptic curve cryptosystems to compute kG for a fixed point G and a random integer k. In this paper we present improved algorithms for such elliptic scalar multiplication. Implementation results on Pentium II and Alpha 21164 microprocessors are also provided to demonstrate the presented improvements in actual implementations.

Directed Signatures and Application to Threshold Cryptosystems

This paper presents a directed (or designated-receiver) signature scheme with the property that the signature can be verified only with the help of the signature receiver. Such signatures are intended to protect the privacy of the signature receiver in applications where the signed message contains information personally sensitive to the receiver. We also present its application to shared verification of signatures and threshold cryptosystems. The resulting group-oriented cryptosystems are fully dynamic and scalable.

The Korean certificate-based digital signature algorithm

A digital signature scheme is one of essential cryptographic primitives for secure transactions over open networks. Korean cryptographic community, in association with government-supported agencies, has made a continuous effort over past three years to develop our own signature standard. The outcome of this long effort is the signature algorithm called KCDSA, which is now at the final stage of standardization process and will be published as one of KICS (Korean Information and Communication Standards). This paper describes the proposed signature algorithm and discusses its security and efficiency aspects.

Several practical protocols for authentication and key exchange

It is often desirable to achieve mutual authentication and secret key exchange in the same protocol. Two kinds of approaches may be considered for this purpose: authentication after key exchange using symmetric algorithms and Diffie-Hellman-type key exchange protocols, and key exchange after authentication by modifying 3-move identification schemes based on zero-knowledge technique. This letter presents several such protocols by each approach.