Jongin Lim

HIGHT: a new block cipher suitable for low-resource device

In this paper, we propose a new block cipher HIGHT with 64-bit block length and 128-bit key length. It provides low-resource hardware implementation, which is proper to ubiquitous computing device such as a sensor in USN or a RFID tag. HIGHT does not only consist of simple operations to be ultra-light but also has enough security as a good encryption algorithm. Our hardware implementation of HIGHT requires 3048 gates on 0.25 μm technology.

Information Security and Cryptology - ICISC 2003

Binary tree encryption (BTE), a relaxation of hierarchical identity-based encryption (HIBE), has recently emerged as a useful and intriguing primitive. On the one hand, the definition of security for BTE is sufficiently “weak” that — in contrast to HIBE — constructions of BTE in the standard model are known. On the other hand, BTE is sufficiently powerful that it yields a number of applications which are important from both a theoretical and a practical point of view. This survey presents the basic definitions of BTE and also highlights some recent applications of BTE to forward-secure encryption, identitybased and hierarchical identity-based encryption, chosen-ciphertext security, and adaptively-secure encryption.

Efficient authentication for low-cost RFID systems

RFID (Radio Frequency Identification) technology is expected to play a critical role in identifying articles and serving the growing need to combat counterfeiting and fraud. However, the use of RFID tags may cause privacy violation of people holding an RFID tag. The main privacy concerns are information leakage of a tag, traceabiltiy of the person and impersonation of a tag. In this paper, we study authentication as a method to protect privacy, especially for low-cost RFID systems, which have much restrictions in limited computing power, low die-size, and low power requirements. Therefore, cost effective means of authentication is needed to deal with these problems effectively. We propose an authentication protocol, LCAP, which needs only two one-way hash function operations and hence is quite efficient. Leakage of information is prevented in the scheme since a tag emits its identifier only after authentication. By refreshing a identifier of a tag in each session, the scheme also provides a location privacy and can recover lost massages from many attacks such as spoofing attacks.

Quantum Direct Communication with Authentication

We propose two quantum direct communication (QDC) protocols with user authentication. Users can identify each other by checking the correlation of Greenberger-Horne-Zeilinger (GHZ) states. Alice can directly send a secret message to Bob without any previously shared secret using the remaining GHZ states after authentication. Our second QDC protocol can be used even though there is no quantum link between Alice and Bob. The security of the transmitted message is guaranteed by properties of entanglement of GHZ states.

A fast and provably secure higher-order masking of AES S-box

This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF(24). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.

Impossible Differential Cryptanalysis for Block Cipher Structures

Impossible Differential Cryptanalysis(IDC) [4] uses impossible differential characteristics to retrieve a subkey material for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differential characteristics. In this paper, we study impossible differential characteristics of block cipher structures whose round functions are bijective. We introduce a widely applicable method to find various impossible differential characteristics of block cipher structures. Using this method, we find various impossible differential characteristics of known block cipher structures: Nyberg’s generalized Feistel network, a generalized CAST256-like structure [14], a generalized MARS-like structure [14], a generalized RC6-like structure [14], and Rijndael structure.

Provable Security against Differential and Linear Cryptanalysis for the SPN Structure

In the SPN (Substitution-Permutation Network) structure, it is very important to design a diffusion layer to construct a secure block cipher against differential cryptanalysis and linear cryptanalysis. The purpose of this work is to prove that the SPN structure with a maximal diffusion layer provides a provable security against differential cryptanalysis and linear cryptanalysis in the sense that the probability of each differential (respectively linear hull) is bounded by pn (respectively qn), where p (respectively q) is the maximum differential (respectively liner hull) probability of n S-boxes used in the substitution layer. We will also give a provable security for the SPN structure with a semi-maximal diffusion layer against differential cryptanalysis and linear cryptanalysis.

Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered to be a possible successor to bar-code with added functionalities. In RFID-based applications where RFID tags are used to identify and track tagged objects, an RFID tag emits its EPC in plaintext. This makes the tag inevitably vulnerable to cloning attacks as well as information leakage and password disclosure. In this paper, we propose a novel anti-cloning method in accordance with the EPCglobal Class-1 Generation-2 (C1G2) standard. Our method only uses functions that can be supported by the standard and abides by the communication flow of the standard. The method is also secure against threats such as information leakage and password disclosure.

EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Most password-authenticated key agreement schemes described in the literature have focused on authenticated key agreement using a shared password between a client and a server. With rapid changes in the modern communication environment such as ad hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. This paradigm is a quite different paradigm from the existing ones. In this paper, we study client-to-client password-authenticated key agreement (C2C-PAKA) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented a C2C-PAKA protocol under the cross-realm setting. However, the scheme was not formally treated, and subsequently found to be flawed. In addition, in this scheme, there is still opportunity for improvements both in the computation and communication aspects. We provide formal treatments for the C2C-PAKA protocol by using Bellare et al.s security model. We also suggest an efficientC2C-PAKA protocol and prove that the protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

Efficient conjunctive keyword search on encrypted data storage system

We study conjunctive keyword search scheme allowing for remote search of data containing each of several keywords on encrypted data storage system. A data supplier first uploads encrypted data on a storage system, and then a user of the storage system searches data containing keywords over encrypted data hence insider (such as an administrator of the storage system) and outsider attackers do not learn anything else about the data. Recently, Golle et al. first suggested conjunctive keyword search scheme, but the communication and storage costs linearly depend on the number of stored data in the database, hence it is not really suitable for a large scale database. In this paper, we propose an efficient conjunctive keyword search scheme over encrypted data in aspects of communication and storage costs. Concretely, we reduce the storage cost of a user and the communication cost between a user and a data supplier to the constant amounts. We formally define security model for a conjunctive keyword search scheme and prove that the proposed scheme is secure under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model.