Sangwoo Park - Academia.edu (original) (raw)
Papers by Sangwoo Park
In this paper, we present two efficient algorithms computing scalar multiplications of a point in... more In this paper, we present two efficient algorithms computing scalar multiplications of a point in an elliptic curve defined over a small finite field, the Frobenius map of which has small trace. Both methods use the identity which expresses multiplication-by-m maps by polynomials of Frobenius maps. Both are applicable for a large family of elliptic curves and more efficient than any other methods applicable for the family. More precisely, by Algorithm 1(Frobenius k-ary method), we can compute mP in at most 2l/5 + 28 elliptic additions for arbitrary l bit integer m and a point P on some elliptic curves. For other curves, the number of elliptic additions required is less than l. Algorithm 2(window method) requires at average 2l/3 elliptic additions to compute mP for l bit integer m and a point P on a family of elliptic curves. For some ‘good’ elliptic curves, it requires 5l/12 + 11 elliptic additions at average.
HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 200... more HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 2005, Yun et al. presented a collision search attack for the first 45 steps of HAS-160. In this paper, we extend the result to the first 53 steps of HAS-160. The time complexity of the attack is about 255.
HAVAL is a dedicated hash function of the MD family which was proposed by Zheng et al. In this pa... more HAVAL is a dedicated hash function of the MD family which was proposed by Zheng et al. In this paper, we study the security of reduced versions of 3-pass HAVAL. We find a 256-bit collision of the first two passes of 3-pass HAVAL and of the last two passes of 3-pass HAVAL.
In the conference PKC'98, Shin et al. proposed a dedicated hash function of the MD family. In thi... more In the conference PKC'98, Shin et al. proposed a dedicated hash function of the MD family. In this paper, we study the security of Shin's hash function. We analyze the property of the Boolean functions, the message expansion, and the data dependent rotations of the hash function. We propose a method for finding the collisions of the modified Shin's hash function and show that we can find collisions with probability 2 −30 .
HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in stru... more HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in structure to SHA-1, up to now there was no published attack or security analysis of the algorithm. Applying techniques introduced by Wang et al. [1], we have found collision in the first 45 steps of HAS-160, with complexity 212.
Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael... more Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael-like structures consists of linear transformations of two types, the one is byte permutation π and the other is linear transformation θ = (θ1, θ2, θ3, θ4), where each of θi separately operates on each of the four columns of a state. Furthermore, π and θ have some interesting properties. In this paper, we present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for Rijndael-like structures. By applying our method to Rijndael, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of Rijndael are bounded by 1.06 × 2 −96 .
Lecture Notes in Computer Science, 2003
In this paper, we propose a 128-bit block cipher ARIA which is an involution substitution and per... more In this paper, we propose a 128-bit block cipher ARIA which is an involution substitution and permutation encryption network(SPN). We use the same S-boxes as Rijndael to eliminate defects which are caused by a totally involution structure. In the diffusion layer of ARIA, a 16× 16 binary matrix of the maximum branch number 8 is used to avoid some attacks well applied to the reduced round of Rijndael. ARIA uses only basic operations, S-box substitutions and XOR’s together with an involution structure so that it can be efficiently implemented on various platforms.
We present a new method for upper bounding the maximum differential probability and the maximum l... more We present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for 2 rounds of SPN structures. Our upper bound can be computed for any value of the branch number of the linear transformation and by incorporating the distribution of differential probability values and linear probability values for S-box. On application to AES, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of AES are bounded by 1.144 × 2− 111 and 1.075 × 2− 106, respectively.
In this paper, we present two efficient algorithms computing scalar multiplications of a point in... more In this paper, we present two efficient algorithms computing scalar multiplications of a point in an elliptic curve defined over a small finite field, the Frobenius map of which has small trace. Both methods use the identity which expresses multiplication-by-m maps by polynomials of Frobenius maps. Both are applicable for a large family of elliptic curves and more efficient than any other methods applicable for the family. More precisely, by Algorithm 1(Frobenius k-ary method), we can compute mP in at most 2l/5 + 28 elliptic additions for arbitrary l bit integer m and a point P on some elliptic curves. For other curves, the number of elliptic additions required is less than l. Algorithm 2(window method) requires at average 2l/3 elliptic additions to compute mP for l bit integer m and a point P on a family of elliptic curves. For some ‘good’ elliptic curves, it requires 5l/12 + 11 elliptic additions at average.
HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 200... more HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 2005, Yun et al. presented a collision search attack for the first 45 steps of HAS-160. In this paper, we extend the result to the first 53 steps of HAS-160. The time complexity of the attack is about 255.
HAVAL is a dedicated hash function of the MD family which was proposed by Zheng et al. In this pa... more HAVAL is a dedicated hash function of the MD family which was proposed by Zheng et al. In this paper, we study the security of reduced versions of 3-pass HAVAL. We find a 256-bit collision of the first two passes of 3-pass HAVAL and of the last two passes of 3-pass HAVAL.
In the conference PKC'98, Shin et al. proposed a dedicated hash function of the MD family. In thi... more In the conference PKC'98, Shin et al. proposed a dedicated hash function of the MD family. In this paper, we study the security of Shin's hash function. We analyze the property of the Boolean functions, the message expansion, and the data dependent rotations of the hash function. We propose a method for finding the collisions of the modified Shin's hash function and show that we can find collisions with probability 2 −30 .
HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in stru... more HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in structure to SHA-1, up to now there was no published attack or security analysis of the algorithm. Applying techniques introduced by Wang et al. [1], we have found collision in the first 45 steps of HAS-160, with complexity 212.
Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael... more Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael-like structures consists of linear transformations of two types, the one is byte permutation π and the other is linear transformation θ = (θ1, θ2, θ3, θ4), where each of θi separately operates on each of the four columns of a state. Furthermore, π and θ have some interesting properties. In this paper, we present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for Rijndael-like structures. By applying our method to Rijndael, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of Rijndael are bounded by 1.06 × 2 −96 .
Lecture Notes in Computer Science, 2003
In this paper, we propose a 128-bit block cipher ARIA which is an involution substitution and per... more In this paper, we propose a 128-bit block cipher ARIA which is an involution substitution and permutation encryption network(SPN). We use the same S-boxes as Rijndael to eliminate defects which are caused by a totally involution structure. In the diffusion layer of ARIA, a 16× 16 binary matrix of the maximum branch number 8 is used to avoid some attacks well applied to the reduced round of Rijndael. ARIA uses only basic operations, S-box substitutions and XOR’s together with an involution structure so that it can be efficiently implemented on various platforms.
We present a new method for upper bounding the maximum differential probability and the maximum l... more We present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for 2 rounds of SPN structures. Our upper bound can be computed for any value of the branch number of the linear transformation and by incorporating the distribution of differential probability values and linear probability values for S-box. On application to AES, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of AES are bounded by 1.144 × 2− 111 and 1.075 × 2− 106, respectively.