Woo-Hwan Kim

LSH: A New Fast Secure Hash Function Family

Since Wang’s attacks on the standard hash functions MD5 and SHA-1, design and analysis of hash functions have been studied a lot. NIST selected Keccak as a new hash function standard SHA-3 in 2012 and announced that Keccak was chosen because its design is different from MD5 and SHA-1/2 so that it could be secure against the attacks to them and Keccak ’s hardware efficiency is quite better than other SHA-3 competition candidates. However, software efficiency of Keccak is somewhat worse than present standards and other candidates. Since software efficiency becomes more important due to increase of kinds and volume of communication/storage data as cloud and big data service spread widely, its software efficiency degradation is not desirable.

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates

The recently proposed file-injection type attacks are highlighting the importance of forward security in dynamic searchable symmetric encryption (DSSE). Forward security enables to thwart those attacks by hiding the information about the newly added files matching a previous search query. However, there are still only a few DSSE schemes that provide forward security, and they have factors that hinder efficiency. In particular, all of these schemes do not support actual data deletion, which increments both storage space and computational complexity. In this paper, we design and implement a forward secure DSSE scheme with optimal search and update complexity, for both computation and communication point of view. As a starting point, we propose a new, simple, theoretical data structure, called dual dictionary that can take advantage of both the inverted and the forward indexes at the same time. This data structure allows to delete data explicitly and in real time, which greatly improves efficiency compared to previous works. In addition, our scheme provides forward security by encrypting the newly added data with fresh keys not related with the previous search tokens. We implemented our scheme for Enron email and Wikipedia datasets and measured its performance. The comparison with Sophos shows that our scheme is very efficient in practice, for both searches and updates in dynamic environments.

Format-Preserving Encryption Algorithms Using Families of Tweakable Blockciphers

We present two new algorithms, FEA-1 and FEA-2, for secure and efficient format-preserving encryption. Each algorithm is built from a family of dedicated tweakable blockciphers supporting various block bit-lengths. The tweakable blockciphers in the same family have similar structures and are based on common building blocks, enabling security analyses in the same frameworks. Their security follows largely from the structures, the round functions, and the tweak schedules. Their structures are new tweakable Feistel schemes, which are shown to be indistinguishable from tweakable random permutations against adaptive chosen tweak, plaintext, and ciphertext attacks. Their building blocks are shown to have cryptographically strong properties. The proposed algorithms outperform existing ones. They are several times faster than FF1-AES on test platforms.

Preimage attacks on reduced steps of ARIRANG and PKC98-hash

In this paper, we present the preimage attacks on step-reduced ARIRANG and PKC98-Hash. Our attacks find the preimages of 35 steps out of 40 steps of ARIRANG and 80 steps out of 96 steps of PKC98-Hash, faster than the brute force attack. We applied recently developed techniques of preimage attack. Our attack for ARIRANG is the improvement of the previous attack, and our attack for PKC98-hash is the first analysis result of its preimage resistance.

Compact Implementations of ARX-Based Block Ciphers on IoT Processors

In this article, we present implementations for Addition, Rotation, and eXclusive-or (ARX)-based block ciphers, including LEA and HIGHT, on IoT devices, including 8-bit AVR, 16-bit MSP, 32-bit ARM, and 32-bit ARM-NEON processors. We optimized 32-/8-bitwise ARX operations for LEA and HIGHT block ciphers by considering variations in word size, the number of general purpose registers, and the instruction set of the target IoT devices. Finally, we achieved the most compact implementations of LEA and HIGHT block ciphers. The implementations were fairly evaluated through the Fair Evaluation of Lightweight Cryptographic Systems framework, and implementations won the competitions in the first and the second rounds.

Security of Stateful Order-Preserving Encryption

Most of the proposed order-preserving encryption (OPE) schemes in the early stage of development including the first provably secure one are stateless and work efficiently, but guarantee only weak security. Additionally, subsequent works have shown that an ideal security notion IND-OCPA can be achieved using statefulness, ciphertexts mutability, and interactivity between client and server. Though such properties hinder availability of IND-OCPA secure OPE schemes, the only definitively known result is the impossibility of constructing a feasible IND-OCPA secure OPE scheme without ciphertext mutability. In this work, we study the security that can be fulfilled by only statefulness, from a viewpoint different from the existing research. We first consider a new security notion, called \(\delta \)-IND-OCPA, which is a natural relaxation of IND-OCPA. In comparison to IND-OCPA in which ciphertexts reveal no additional information beyond the order of the plaintexts, our notion can quantify the rate of plaintext bits that are leaked. To show achievability of our notion, we construct a new \(\delta \)-IND-OCPA secure OPE scheme. The proposed scheme is stateful and non-interactive, but does not require ciphertext mutation. Through several experiments, we show that our construction is also feasible and that has an advantage in the correlation analysis compared with the IND-OCPA secure scheme.

Higher order eTCR hash functions

Abstract We study higher order eTCR (enhanced target collision resistance) hash functions, where r th-order eTCR is denoted by eTCR ( r ) . We prove that a few rounds of the MD (Merkle–Damgard) scheme and a few levels of the TR (tree) scheme can be eTCR under the compression function is eTCR ( r ) for some positive integer r . Additionally, we prove that the TH (tree hash) scheme also preserves eTCR.