## CryptoDB

### Yongjin Yeom

#### Publications

Year
Venue
Title
2010
EPRINT
Square is 8-round SPN structure block cipher and its round function and key schedule have been slightly modified to design building blocks of Rijndael. Key schedule of Square is simple and efficient but fully affie, so we apply a related-key attack on it. We find a 3-round related-key differential trail with probability 2^28, which have zero differences both on its input and output states, and this trail is called the local collision in [5]. By extending of this related-key differential, we construct a 7-round related-key boomerang distinguisher and successful attack on full round Square. The best attack on Square have ever been known is the square attack on 6-round reduced variant of Square. In this paper, we present a key recovery attack on the full round of Square using a related-key boomerang distinguisher. We construct a 7-round related-key boomerang distinguisher with probability 2^119 by finding local collision, and calculate its probability using ladder switch and local amplification techniques. As a result, one round on top of distinguisher is added to construct a full round attack on Square which recovers 16-bit key information with 2^36 encryptions and 2^123 data.
2008
EPRINT
In this paper, we introduce a new class of PRSGs, called \emph{partitioned pseudorandom sequence generators}(PPRSGs), and propose an RFID authentication protocol using a PPRSG, called {\em $S$-protocol}. Since most existing stream ciphers can be regarded as secure PPRSGs, and stream ciphers outperform other types of symmetric key primitives such as block ciphers and hash functions in terms of power, performance and gate size, $S$-protocol is expected to be suitable for use in highly constrained environments such as RFID systems. We present a formal proof that guarantees resistance of $S$-protocol to desynchronization and tag-impersonation attacks. Specifically, we reduce availability of $S$-protocol to pseudorandomness of the underlying PPRSG, and the security of the protocol to the availability. Finally, we give a modification of $S$-protocol, called $S^*$-protocol, that provide mutual authentication of tag and reader.
2007
PKC
2005
FSE
2002
FSE

#### Coauthors

Daewan Han (2)
Jin Hong (1)
Myung-Hwan Kim (1)
Iljun Kim (1)
Bonwook Koo (1)
Jooyoung Lee (1)
Dong Hoon Lee (1)
Sangwoo Park (1)
Junghwan Song (1)