Daesung Kwon

New Block Cipher: ARIA

In this paper, we propose a 128-bit block cipher ARIA which is an involution substitution and permutation encryption network(SPN). We use the same S-boxes as Rijndael to eliminate defects which are caused by a totally involution structure. In the diffusion layer of ARIA, a 16× 16 binary matrix of the maximum branch number 8 is used to avoid some attacks well applied to the reduced round of Rijndael. ARIA uses only basic operations, S-box substitutions and XOR’s together with an involution structure so that it can be efficiently implemented on various platforms.

LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors

We propose a new block cipher LEA, which has 128-bit block size and 128, 192, or 256-bit key size. It provides a high-speed software encryption on general-purpose processors. Our experiments show that LEA is faster than AES on Intel, AMD, ARM, and ColdFire platforms. LEA can be also implemented to have tiny code size. Its hardware implementation has a competitive throughput per area. It is secure against all the existing attacks on block ciphers.

Efficient Hardware Implementation of the Lightweight Block Encryption Algorithm LEA

Recently, due to the advent of resource-constrained trends, such as smartphones and smart devices, the computing environment is changing. Because our daily life is deeply intertwined with ubiquitous networks, the importance of security is growing. A lightweight encryption algorithm is essential for secure communication between these kinds of resource-constrained devices, and many researchers have been investigating this field. Recently, a lightweight block cipher called LEA was proposed. LEA was originally targeted for efficient implementation on microprocessors, as it is fast when implemented in software and furthermore, it has a small memory footprint. To reflect on recent technology, all required calculations utilize 32-bit wide operations. In addition, the algorithm is comprised of not complex S-Box-like structures but simple Addition, Rotation, and XOR operations. To the best of our knowledge, this paper is the first report on a comprehensive hardware implementation of LEA. We present various hardware structures and their implementation results according to key sizes. Even though LEA was originally targeted at software efficiency, it also shows high efficiency when implemented as hardware.

Security Weakness in the Smart Grid Key Distribution Scheme Proposed by Xia and Wang

In this paper, we show that the cryptographic key generation and distribution scheme for the smart gird proposed by Xia and Wang is vulnerable to the impersonation attack by which the adversary is able to impersonate the responder to the initiator. Furthermore, on the basis of this vulnerability, we point out that Xia and Wangs argument for resistance against the unknown key share (UKS) attack is incorrect.

LSH: A New Fast Secure Hash Function Family

Since Wang’s attacks on the standard hash functions MD5 and SHA-1, design and analysis of hash functions have been studied a lot. NIST selected Keccak as a new hash function standard SHA-3 in 2012 and announced that Keccak was chosen because its design is different from MD5 and SHA-1/2 so that it could be secure against the attacks to them and Keccak ’s hardware efficiency is quite better than other SHA-3 competition candidates. However, software efficiency of Keccak is somewhat worse than present standards and other candidates. Since software efficiency becomes more important due to increase of kinds and volume of communication/storage data as cloud and big data service spread widely, its software efficiency degradation is not desirable.

Key recovery attacks on NTRU without ciphertext validation routine

NTRU is an efficient public-key cryptosystem proposed by Hoffstein, Pipher, and Silverman. Assuming access to a decryption oracle, we show ways to recover the private key of NTRU systems that do not include a ciphertext validating procedure. The strongest of our methods will employ just a single call to the oracle, and in all cases, the number of calls needed will be small enough to be realistic.

Vulnerability of an RFID authentication protocol proposed in at secubiq 2005

In this paper, we analyze the security of the RFID authentication protocol proposed by Choi et al. at SecUbiq 2005. They claimed that their protocol is secure against all possible threats considered in RFID systems. However, we show that the protocol is vulnerable to an impersonation attack. Moreover, an attacker is able to trace a tag by querying it twice, given the initial information from

New method for bounding the maximum differential probability for SPNs and ARIA

2^{\lceil(log_2(\ell+1)\rceil)}

Format-Preserving Encryption Algorithms Using Families of Tweakable Blockciphers

+ 1(≈l+2) consecutive sessions and 2 ·

Converting random bits into random numbers

2^{\lceil log_2(\ell+1)\rceil}