Kilsoo Chun

Differential and linear cryptanalysis for 2-round SPNs

In this paper, we examine the security of block ciphers referred to as substitution-permutation networks (SPNs). When the SPN has 2-round, we obtain an upper bound on the maximum differential probability. We also obtain an upper bound on the maximum linear hull probability. Our results extend and sharpen the known results for the 2-round SPNs.

The Security Requirement for off-line E-cash system based on IC Card

An offline E-cash system is presented that offers appreciably greater security and better privacy than currently considered E-cash system with similar functionality. Most off-line E-cash systems use the temper-resistant IC card which controls an E-cash issued by the card issuer. Offline E-cash system based on IC card has the threats of overspending, double spending, forgery E-cash, altering/eavesdropping transaction contents, etc. To prevent the above threats, there have been a lot of technical discussions of the security requirements for theoretical offline E-cash protocols based on IC card. However, there has been little attention paid to the security requirements for practical offline E-cash system based on IC card including entity authentication, key management, implementation of cryptographic algorithm, etc. Thus, this paper describes the security requirements for cryptographic algorithms, integrity for implementation of cryptographic algorithm, authentication module, key management, and E-cash protocols

Untraceability of Group Signature Schemes based on Bilinear Mapping and Their Improvement

The traceability is one of the core requirements for group signature schemes. Group signature schemes based on the bilinear mapping were proposed. The bilinearity of a bilinear mapping allows an efficient signature scheme verification for signature schemes based on the discrete logarithm type problem. But the bilinearity of a bilinear mapping can be an attack point with respect to the traceability for group signature schemes when it is designed in such a way that the linearity can be preserved. We show that Cheng-Zhu-Qiu-Wangs group signature schemes (X. Chen et al., 2005) based on bilinear mapping have no traceability property due to their improper use of a bilinear mapping in their signature generation and verification step. We also propose security enhanced group signature schemes for both of mini group signature scheme and improved group signature scheme of Cheng-Zhu-Qiu-Wangs

Modified ID-Based threshold decryption and its application to mediated ID-Based encryption

Chai, Cao and Lu first proposed an ID-based threshold decryption scheme without random oracles. Their approach is based on the Bilinear Diffie-Hellman Inversion assumption, and prove that it is selective chosen plaintext secure without random oracles. However, to ensure correctness of their ID-based threshold decryption scheme, it is necessary to guarantee that the shared decryption is performed correctly through some public verification function. We modify Chai et al.’s scheme to ensure that all decryption shares are consistent. We also present the first mediated ID based encryption scheme based on the Bilinear Diffie Hellman Inversion assumption without random oracles. In addition, we extend it into a mediated hierarchical ID-based encryption scheme.

Cryptanalysis of the Hwang-Lo-Lin Scheme Based on an ID-Based Cryptosystem and Its Improvement

Hwang-Lo-Lin proposed a user identification scheme [3] based on the Maurer-Yacobi scheme [6] that is suitable for application to the mobile environment. Hwang-Lo-Lin argued that their scheme is secure against any attack. Against the Hwang-Lo-Lin argument, Liu-Horng-Liu showed that the Hwang-Lo-Lin scheme is insecure against a Liu-Horng-Liu attack mounted by an eavesdrop attacker. However, Liu-Horng-Liu did not propose any improved version of the original identification scheme which is still secure against the Liu-Horng-Liu attack. In this paper, we propose an identification scheme that can solve this problem and a non-interactive public key distribution scheme also.

The algorithm to enhance the security of multi-agent in distributed computing environment

The usages of public key infrastructure (PKI) in secure e-mail service, e-commerce service, client authentication service with SSL, etc. have increased. However, a PKI faces many challenges in the practice, especially the scalability of the infrastructure. ID-based cryptosystem (ID-C) has been proposed to solve the problems of PKI by eliminating the necessity for the infrastructure to authenticate public keys and manage directories to store certificates. But, the key escrow is integrated in this setting such that private key generator can easily threaten security of agents. In this paper, to enhance the security of multi-agent in distributed computing environment, we first propose an ID-based threshold decryption scheme without key escrow which has a lost share recovery property. Also, the proposed scheme can provide the group division/merge and key update scheme for a dynamic group membership

Group key agreement protocol among mobile devices in different cells

Mobile communication has become more pervasive and it is considered as one of main concerns of IP telephony, video conferencing, multi-user games and etc. in mobile environments. These applications require secure group communication between a multitude of mobile devices owned by group members. Most of the published group key agreement protocols are based on a model which consists of a stationary base station and a cluster of mobile devices. In this paper, we assume a more realistic scenario in which secret group key is established between several base stations and mobile devices in different cells. We present new group key protocol among mobile devices in different cells and analyze its security.

Compression Function Design Principles Supporting Variable Output Lengths from a Single Small Function

In this paper, we introduce new compression function design principles supporting variable output lengths (multiples of size n). They are based on a function or block cipher with an n-bit output size. In the case of the compression function with a (t + 1)n-bit output size, in the random oracle and ideal cipher models, their maximum advantages from the perspective of collision resistance are O(t2q/2tn + q2/2(t + 1)n). In the case of t = 1, the advantage is near-optimal. In the case of t > 1, the advantage is optimal.

An information aggregation scheme of multi-node in ubiquitous sensor networks

Mobile networking, mobile systems and applications and ubiquitous computing infrastructures are of strongly growing importance in the IT sector in general, and for the parallel and distributed computing community. Particularly, when an signed(authenticated) information of multi-node is aggregated in ubiquitous sensor networks, the number of the signing information is very small. Thus, signature scheme which signs information has strong unforgeability. In 2005 Yu and Chen proposed threshold signature scheme [12]. Their scheme has a high efficiency. But, their scheme is not suitable for ubiquitous sensor networks because their scheme has no strong unforgeability. In this paper, we modify their scheme so that modified scheme is suitable for ubiquitous sensor networks. Also, our scheme has a good efficiency, and a smaller secret key than other cryptosystems with a similar security level.

Fine grained control of security capability and forward security in a pairing based signature scheme

Recently, Libert and Quisquater showed that the fast revocation method using a SEcurity Mediator(SEM) in a mRSA can be applied to the Boneh-Franklin identity based encryption and GDH signature scheme. In this paper we propose a mediated identity based signature(mIBS) scheme which applies the SEM architecture to an identity based signature. The use of a SEM offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient and fast revocation of signature capabilities. We further propose a forward mediated signature scheme with an efficient batch verification and analyze their security and efficiency.