International Association for Cryptologic Research

International Association
for Cryptologic Research


Yongjin Yeom


Related-Key Boomerang Attack on Block Cipher SQUARE
Bonwook Koo Yongjin Yeom Junghwan Song
Square is 8-round SPN structure block cipher and its round function and key schedule have been slightly modified to design building blocks of Rijndael. Key schedule of Square is simple and efficient but fully affie, so we apply a related-key attack on it. We find a 3-round related-key differential trail with probability 2^28, which have zero differences both on its input and output states, and this trail is called the local collision in [5]. By extending of this related-key differential, we construct a 7-round related-key boomerang distinguisher and successful attack on full round Square. The best attack on Square have ever been known is the square attack on 6-round reduced variant of Square. In this paper, we present a key recovery attack on the full round of Square using a related-key boomerang distinguisher. We construct a 7-round related-key boomerang distinguisher with probability 2^119 by finding local collision, and calculate its probability using ladder switch and local amplification techniques. As a result, one round on top of distinguisher is added to construct a full round attack on Square which recovers 16-bit key information with 2^36 encryptions and 2^123 data.
Efficient RFID authentication protocols based on pseudorandom sequence generators
Jooyoung Lee Yongjin Yeom
In this paper, we introduce a new class of PRSGs, called \emph{partitioned pseudorandom sequence generators}(PPRSGs), and propose an RFID authentication protocol using a PPRSG, called {\em $S$-protocol}. Since most existing stream ciphers can be regarded as secure PPRSGs, and stream ciphers outperform other types of symmetric key primitives such as block ciphers and hash functions in terms of power, performance and gate size, $S$-protocol is expected to be suitable for use in highly constrained environments such as RFID systems. We present a formal proof that guarantees resistance of $S$-protocol to desynchronization and tag-impersonation attacks. Specifically, we reduce availability of $S$-protocol to pseudorandomness of the underlying PPRSG, and the security of the protocol to the availability. Finally, we give a modification of $S$-protocol, called $S^*$-protocol, that provide mutual authentication of tag and reader.