Daewan Han

New Block Cipher: ARIA

In this paper, we propose a 128-bit block cipher ARIA which is an involution substitution and permutation encryption network(SPN). We use the same S-boxes as Rijndael to eliminate defects which are caused by a totally involution structure. In the diffusion layer of ARIA, a 16× 16 binary matrix of the maximum branch number 8 is used to avoid some attacks well applied to the reduced round of Rijndael. ARIA uses only basic operations, S-box substitutions and XOR’s together with an involution structure so that it can be efficiently implemented on various platforms.

A new class of single cycle t-functions

T-function is a relatively new cryptographic building block suitable for streamciphers. It has the potential of becoming a substitute for LFSRs, and those that correspond to maximum length LFSRs are called single cycle T-functions. We present a family of single cycle T-functions, previously unknown. An attempt at building a hardware oriented streamcipher based on this new T-function is given.

Cryptanalysis of the Paeng-Jung-Ha cryptosystem from PKC 2003

At PKC 2003 Paeng, Jung, and Ha proposed a lattice based public key cryptosystem(PJH). It is originated from GGH, and designed as a hybrid of GGH and NTRUEncrypt in order to reduce the key size. They claimed that PJH is secure against all possible attacks, especially against lattice attacks. However, in this paper, we present a key recovery attack, based on lattice theory, against PJH. The running time of our attack is drastically short. For example, we could recover all secret keys within 10 minutes even for the system with n = 1001 on a single PC. Unlike other lattice attacks against NTRUEncrypt and GGH, the attack may be applied well to the system with much larger parameters. We present some clues why we believe so. Based on this belief, we declare that PJH should not be used in practice.

Key recovery attacks on NTRU without ciphertext validation routine

NTRU is an efficient public-key cryptosystem proposed by Hoffstein, Pipher, and Silverman. Assuming access to a decryption oracle, we show ways to recover the private key of NTRU systems that do not include a ciphertext validating procedure. The strongest of our methods will employ just a single call to the oracle, and in all cases, the number of calls needed will be small enough to be realistic.

Vulnerability of an RFID authentication protocol proposed in at secubiq 2005

In this paper, we analyze the security of the RFID authentication protocol proposed by Choi et al. at SecUbiq 2005. They claimed that their protocol is secure against all possible threats considered in RFID systems. However, we show that the protocol is vulnerable to an impersonation attack. Moreover, an attacker is able to trace a tag by querying it twice, given the initial information from

Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98

2^{\lceil(log_2(\ell+1)\rceil)}

Chosen-Ciphertext Attacks on Optimized NTRU

+ 1(≈l+2) consecutive sessions and 2 ·

Cryptanalysis of the modified version of the hash function proposed at PKC'98

2^{\lceil log_2(\ell+1)\rceil}

Key recovery attacks on NTRU without ciphertext validation routine.

(≈2(l+1)) consecutive queries, where l is the length of secret values (in binary).