CryptoDB
Seokhie Hong
Publications
Year
Venue
Title
2022
TOSC
Accelerating the Best Trail Search on AES-Like Ciphers
Abstract
In this study, we accelerate Matsui’s search algorithm to search for the best differential and linear trails of AES-like ciphers. Our acceleration points are twofold. The first exploits the structure and branch number of an AES-like round function to apply strict pruning conditions to Matsui’s search algorithm. The second employs permutation characteristics in trail search to reduce the inputs that need to be analyzed. We demonstrate the optimization of the search algorithm by obtaining the best differential and linear trails of existing block ciphers: AES, LED, MIDORI-64, CRAFT, SKINNY, PRESENT, and GIFT. In particular, our search program finds the fullround best differential and linear trails of GIFT-64 (in approx. 1 s and 10 s) and GIFT-128 (in approx. 89 h and 452 h), respectively.For a more in-depth application, we leverage the acceleration to investigate the optimal DC/LC resistance that GIFT-variants, called BOGI-based ciphers, can achieve. To this end, we identify all the BOGI-based ciphers and reduce them into 41,472 representatives. Deriving 16-, 32-, 64-, and 128-bit BOGI-based ciphers from the representatives, we obtain their best trails until 15, 15, 13, and 11 rounds, respectively. The investigation shows that 12 rounds are the minimum threshold for a 64-bit BOGIbased cipher to prevent efficient trails for DC/LC, whereas GIFT-64 requires 14 rounds. Moreover, it is shown that GIFT can provide better resistance by only replacing the existing bit permutation. Specifically, the bit permutation variants of GIFT-64 and GIFT-128 require fewer rounds, one and two, respectively, to prevent efficient differential and linear trails.
2021
TCHES
Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries
📺
Abstract
In this paper, we propose a novel key recovery attack against secure ECDSA signature generation employing regular table-based scalar multiplication. Our attack exploits novel leakage, denoted by collision information, which can be constructed by iteratively determining whether two entries loaded from the table are the same or not through side-channel collision analysis. Without knowing the actual value of the table entries, an adversary can recover the private key of ECDSA by finding the condition for which several nonces are linearly dependent by exploiting only the collision information. We show that this condition can be satisfied practically with a reasonable number of digital signatures and corresponding traces. Furthermore, we also show that all entries in the pre-computation table can be recovered using the recovered private key and a sufficient number of digital signatures based on the collision information. As case studies, we find that fixed-base comb and T_SM scalar multiplication are vulnerable to our attack. Finally, we verify that our attack is a real threat by conducting an experiment with power consumption traces acquired during T_SM scalar multiplication operations on an ARM Cortex-M based microcontroller. We also provide the details for validation process.
2019
ASIACRYPT
Optimized Method for Computing Odd-Degree Isogenies on Edwards Curves
Abstract
In this paper, we present an efficient method to compute arbitrary odd-degree isogenies on Edwards curves. By using the w-coordinate, we optimized the isogeny formula on Edwards curves by Moody and Shumow. We demonstrate that Edwards curves have an additional benefit when recovering the coefficient of the image curve during isogeny computation. For $$\ell $$-degree isogeny where $$\ell =2s+1$$, our isogeny formula on Edwards curves outperforms Montgomery curves when $$s \ge 2$$. To better represent the performance improvements when w-coordinate is used, we implement CSIDH using our isogeny formula. Our implementation is about 20% faster than the previous implementation. The result of our work opens the door for the usage of Edwards curves in isogeny-based cryptography, especially for CSIDH which requires higher degree isogenies.
2008
FSE
2000
ASIACRYPT
Program Committees
- Asiacrypt 2019
- FSE 2010 (Program chair)
- FSE 2007
Coauthors
- Donghoon Chang (3)
- Seongtaek Chee (2)
- Dong Hyeon Cheon (1)
- Inho Cho (1)
- Sung Min Cho (1)
- Deukjo Hong (5)
- Tetsu Iwata (1)
- Kitae Jeong (1)
- Sunghyun Jin (1)
- Seokwon Jung (1)
- Ju-Sung Kang (1)
- Hyun Kim (1)
- Jongsung Kim (5)
- Seonggyeom Kim (1)
- Suhri Kim (1)
- HeeSeok Kim (2)
- Youngdai Ko (1)
- Bonseok Koo (1)
- Changhoon Lee (1)
- Jesang Lee (1)
- Eunjin Lee (1)
- Sangyub Lee (1)
- Wonil Lee (4)
- Jaesang Lee (1)
- Sangjin Lee (9)
- Jong In Lim (1)
- Jongin Lim (5)
- Dukjae Moon (2)
- Young-Ho Park (1)
- Sangjoon Park (1)
- Bart Preneel (2)
- Jaechul Sung (8)
- Okyeon Yi (2)
- Kisoon Yoon (1)