This page has only limited features, please log in for full access.

Unclaimed
Seokhie Hong
Institute of Cyber Security and Privacy (ICSP), Graduate School of Information Security, Korea University, Seoul 02841, South Korea

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 06 February 2021 in ICT Express
Reads 0
Downloads 0

Although quantum mechanics guarantees the security of the quantum key distribution system, it is crucial to examine whether the implementation flaws can lead to the disclosure of sensitive information. In this paper, we propose the side-channel attack on the key reconciliation in the quantum key distribution system. In this system, the sifted key and the syndrome are used to derive a shared secret key between two users. From our attack, these can be fully recovered through a single power consumption trace measured during the syndrome computation on the sender’s side. Additionally, we propose efficient countermeasures to thwart such side-channel attacks.

ACS Style

Dongjun Park; Gyusang Kim; Donghoe Heo; Suhri Kim; Heeseok Kim; Seokhie Hong. Single trace side-channel attack on key reconciliation in quantum key distribution system and its efficient countermeasures. ICT Express 2021, 7, 36 -40.

AMA Style

Dongjun Park, Gyusang Kim, Donghoe Heo, Suhri Kim, Heeseok Kim, Seokhie Hong. Single trace side-channel attack on key reconciliation in quantum key distribution system and its efficient countermeasures. ICT Express. 2021; 7 (1):36-40.

Chicago/Turabian Style

Dongjun Park; Gyusang Kim; Donghoe Heo; Suhri Kim; Heeseok Kim; Seokhie Hong. 2021. "Single trace side-channel attack on key reconciliation in quantum key distribution system and its efficient countermeasures." ICT Express 7, no. 1: 36-40.

Journal article
Published: 09 December 2020 in Applied Sciences
Reads 0
Downloads 0

In this paper, we present a highly optimized implementation of elliptic curve cryptography (ECC) over NIST P-256 curve for an 8-bit AVR microcontroller. For improving the performance of ECC implementation, we focus on optimizing field arithmetics. In particular, we optimize the modular multiplication and squaring method exploiting the state-of-the-art optimization technique, namely range shifted representation (RSR). With optimized field arithmetics, we significantly improve the performance of scalar multiplication and set the speed record for execution time of variable base scalar multiplication over NIST P-256 curve. When compared with previous works, we achieve a performance gain of 17.3% over the best previous result on the same platform. Moreover, the execution time of our result is even faster than that over the NIST P-192 curve of the well-known TinyECC library. Our result shows that RSR can be applied to all field arithmetics and evaluate the impact of the adoption of RSR over the performance of scalar multiplication. Additionally, our implementation provides a high degree of regularity to withstand side-channel attacks.

ACS Style

Dong-Won Park; Nam Su Chang; Sangyub Lee; Seokhie Hong. Fast Implementation of NIST P-256 Elliptic Curve Cryptography on 8-Bit AVR Processor. Applied Sciences 2020, 10, 8816 .

AMA Style

Dong-Won Park, Nam Su Chang, Sangyub Lee, Seokhie Hong. Fast Implementation of NIST P-256 Elliptic Curve Cryptography on 8-Bit AVR Processor. Applied Sciences. 2020; 10 (24):8816.

Chicago/Turabian Style

Dong-Won Park; Nam Su Chang; Sangyub Lee; Seokhie Hong. 2020. "Fast Implementation of NIST P-256 Elliptic Curve Cryptography on 8-Bit AVR Processor." Applied Sciences 10, no. 24: 8816.

Journal article
Published: 19 November 2020 in IEEE Access
Reads 0
Downloads 0

Bad Output must go to Good Input (BOGI) is the primary design strategy of GIFT, a lightweight block cipher that was presented at CHES 2017. Because this strategy obviates the need to adhere to the required conditions of S-boxes when adopting bit-permutation, cryptographic designers have more S-box choices. In this paper, we classify all 4-bit S-boxes that support BOGI, called “BOGI-applicable S-boxes,” and evaluate them in terms of the cryptographic strength and efficiency. First, we exhaustively show that only 2,413 Permutation-XOR-Equivalence (PXE) classes over 4-bit S-boxes are BOGI-applicable. After refining the PXE classes with respect to the differential uniformity (U) and linearity (L), we suggest 20 “Optimal BOGI-applicable” PXE classes that provide the best (U, L). Our security evaluations revealed that all optimal BOGI-applicable S-boxes fulfill the security properties considered by the designers of GIFT and that the differences between them exist in the other properties. Moreover, we explore the resistance of GIFT variants against differential and linear cryptanalysis by replacing the existing S-box with other optimal BOGI-applicable S-boxes. Based on the results, we identify the best attainable resistance with the bit-permutation of GIFT-64. Lastly, we suggest notable S-boxes that support competitive performance, jointly considering the cryptographic strength and efficiency for GIFT-64 and GIFT-128 structures, respectively.

ACS Style

Seonggyeom Kim; Deukjo Hong; Jaechul Sung; Seokhie Hong. Classification of 4-bit S-Boxes for BOGI Permutation. IEEE Access 2020, 8, 210935 -210949.

AMA Style

Seonggyeom Kim, Deukjo Hong, Jaechul Sung, Seokhie Hong. Classification of 4-bit S-Boxes for BOGI Permutation. IEEE Access. 2020; 8 (99):210935-210949.

Chicago/Turabian Style

Seonggyeom Kim; Deukjo Hong; Jaechul Sung; Seokhie Hong. 2020. "Classification of 4-bit S-Boxes for BOGI Permutation." IEEE Access 8, no. 99: 210935-210949.

Article
Published: 27 October 2020 in The Journal of Supercomputing
Reads 0
Downloads 0

Modular multiplication is one of the most time-consuming operations that account for almost 80% of computational overhead in a scalar multiplication in elliptic curve cryptography. In this paper, we present a new speed record for modular multiplication over 192-bit NIST prime P-192 on 8-bit AVR ATmega microcontrollers. We propose a new integer representation named Range Shifted Representation (RSR) which enables an efficient merging of the reduction operation into the subtractive Karatsuba multiplication. This merging results in a dramatic optimization in the intermediate accumulation of modular multiplication by reducing a significant amount of unnecessary memory access as well as the number of addition operations. Our merged modular multiplication on RSR is designed to have two duplicated groups of 96-bit intermediate values during accumulation. Hence, only one accumulation of the group is required and the result can be used twice. Consequently, we significantly reduce the number of load/store instructions which are known to be one of the most time-consuming operations for modular multiplication on constrained devices. Our implementation requires only 2888 cycles for the modular multiplication of 192-bit integers and outperforms the previous best result for modular multiplication over P-192 by a factor of 17%. In addition, our modular multiplication is even faster than the Karatsuba multiplication (without reduction) which achieved a speed record for multiplication on AVR processor.

ACS Style

Dong-Won Park; Seokhie Hong; Nam Su Chang; Sung Min Cho. Efficient implementation of modular multiplication over 192-bit NIST prime for 8-bit AVR-based sensor node. The Journal of Supercomputing 2020, 77, 4852 -4870.

AMA Style

Dong-Won Park, Seokhie Hong, Nam Su Chang, Sung Min Cho. Efficient implementation of modular multiplication over 192-bit NIST prime for 8-bit AVR-based sensor node. The Journal of Supercomputing. 2020; 77 (5):4852-4870.

Chicago/Turabian Style

Dong-Won Park; Seokhie Hong; Nam Su Chang; Sung Min Cho. 2020. "Efficient implementation of modular multiplication over 192-bit NIST prime for 8-bit AVR-based sensor node." The Journal of Supercomputing 77, no. 5: 4852-4870.

Journal article
Published: 02 October 2020 in Applied Sciences
Reads 0
Downloads 0

In this paper, we present the performance and security analysis for various commutative SIDH (CSIDH)-based algorithms. As CSIDH offers a smaller key size than SIDH and provides a relatively efficient signature scheme, numerous CSIDH-based key exchange algorithms have been proposed to optimize the CSIDH. In CSIDH, the private key is an ideal class in a class group, which can be represented by an integer vector. As the number of ideal classes represented by these vectors determines the security level of CSIDH, it is important to analyze whether the different vectors induce the same public key. In this regard, we generalize the existence of a collision for a base prime p≡7mod8. Based on our result, we present a new interval for the private key to have a similar security level for the various CSIDH-based algorithms for a fair comparison of the performance. Deduced from the implementation result, we conclude that for a prime p≡7mod8, CSIDH on the surface using the Montgomery curves is the most likely to be efficient. For a prime p≡3mod8, CSIDH on the floor using the hybrid method with Onuki’s collision-free method is the most likely to be efficient and secure.

ACS Style

Donghoe Heo; Suhri Kim; Young-Ho Park; Seokhie Hong. On the Performance Analysis for CSIDH-Based Cryptosystems. Applied Sciences 2020, 10, 6927 .

AMA Style

Donghoe Heo, Suhri Kim, Young-Ho Park, Seokhie Hong. On the Performance Analysis for CSIDH-Based Cryptosystems. Applied Sciences. 2020; 10 (19):6927.

Chicago/Turabian Style

Donghoe Heo; Suhri Kim; Young-Ho Park; Seokhie Hong. 2020. "On the Performance Analysis for CSIDH-Based Cryptosystems." Applied Sciences 10, no. 19: 6927.

Journal article
Published: 29 July 2020 in Cryptography
Reads 0
Downloads 0

The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. Because the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) requires odd-degree isogenies up to at least 587, this inefficiency is the main bottleneck of using a Montgomery curve for CSIDH. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH, in which the three rational two-torsion points exist. By using the proposed parameters, the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a two-torsion point. We also proved that the CSIDH while using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.4% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved while only using Montgomery curves.

ACS Style

Donghoe Heo; Suhri Kim; Kisoon Yoon; Young-Ho Park; Seokhie Hong. Optimized CSIDH Implementation Using a 2-Torsion Point. Cryptography 2020, 4, 20 .

AMA Style

Donghoe Heo, Suhri Kim, Kisoon Yoon, Young-Ho Park, Seokhie Hong. Optimized CSIDH Implementation Using a 2-Torsion Point. Cryptography. 2020; 4 (3):20.

Chicago/Turabian Style

Donghoe Heo; Suhri Kim; Kisoon Yoon; Young-Ho Park; Seokhie Hong. 2020. "Optimized CSIDH Implementation Using a 2-Torsion Point." Cryptography 4, no. 3: 20.

Journal article
Published: 03 April 2020 in Applied Sciences
Reads 0
Downloads 0

With the increasing number of side-channel attacks, countermeasure designers continue to develop various implementations to address such threats. Power-balancing (PB) methods hold the number of 1s and/or transitions (i.e., Hamming weight/distance) of internal processes constant to ensure side-channel safety in an environment in which it is difficult to use random numbers. Most existing studies employed look-up tables (LUTs) to compute those operations, except for XOR and NOT operations. However, LUT-based schemes exhibit some side-channel issues in the address bits of LUTs. In this paper, we propose the application of AND and ADD operations to PB methods based on a rule that encodes 8-bit data into a 32-bit codeword without using LUTs. Unlike previous studies that employed LUTs, our proposals overcome side-channel vulnerabilities associated with the address bits and memory wastage. In addition, we evaluate the side-channel security ensured by the proposed method in comparison with that ensured by other methods. Finally, we apply our methods to SIMON/SPECK ciphers and analyze their performance by comparing them with older schemes.

ACS Style

Hanbit Kim; Heeseok Kim; Seokhie Hong. Power-Balancing Software Implementation to Mitigate Side-Channel Attacks without Using Look-Up Tables. Applied Sciences 2020, 10, 2454 .

AMA Style

Hanbit Kim, Heeseok Kim, Seokhie Hong. Power-Balancing Software Implementation to Mitigate Side-Channel Attacks without Using Look-Up Tables. Applied Sciences. 2020; 10 (7):2454.

Chicago/Turabian Style

Hanbit Kim; Heeseok Kim; Seokhie Hong. 2020. "Power-Balancing Software Implementation to Mitigate Side-Channel Attacks without Using Look-Up Tables." Applied Sciences 10, no. 7: 2454.

Invited article
Published: 01 April 2020 in ETRI Journal
Reads 0
Downloads 0

As side‐channel analysis and machine learning algorithms share the same objective of classifying data, numerous studies have been proposed for adapting machine learning to side‐channel analysis. However, a drawback of machine learning algorithms is that their performance depends on human engineering. Therefore, recent studies in the field focus on exploiting deep learning algorithms, which can extract features automatically from data. In this study, we survey recent advances in deep learning‐based side‐channel analysis. In particular, we outline how deep learning is applied to side‐channel analysis, based on deep learning architectures and application methods. Furthermore, we describe its properties when using different architectures and application methods. Finally, we discuss our perspective on future research directions in this field.

ACS Style

Sunghyun Jin; Suhri Kim; Heeseok Kim; Seokhie Hong. Recent advances in deep learning‐based side‐channel analysis. ETRI Journal 2020, 42, 292 -304.

AMA Style

Sunghyun Jin, Suhri Kim, Heeseok Kim, Seokhie Hong. Recent advances in deep learning‐based side‐channel analysis. ETRI Journal. 2020; 42 (2):292-304.

Chicago/Turabian Style

Sunghyun Jin; Suhri Kim; Heeseok Kim; Seokhie Hong. 2020. "Recent advances in deep learning‐based side‐channel analysis." ETRI Journal 42, no. 2: 292-304.

Journal article
Published: 06 March 2020 in Applied Sciences
Reads 0
Downloads 0

Beginning with the proposal of the McEliece cryptosystem in 1978, code-based cryptography has positioned itself as one of main categories in post-quantum cryptography (PQC). To date, the algebraic security of certain variants of McEliece cryptosystems has been challenged many times, although some of the variants have remained secure. However, recent studies on code-based cryptography have focused on the side-channel resistance since previous studies have indicated that the existing algorithms were vulnerable to side-channel analysis. In this paper, we propose the first side-channel attack on the Hybrid McEliece Scheme (HyMES) using only a single power consumption trace. HyMES is a variant of the McEliece system that provides smaller keys, along with faster encryption and decryption speed. By exploiting joint distributions of nonlinear functions in the decryption process, we were able to recover the private key of HyMES. To the best of our knowledge, this is the first work proposing a side-channel analysis based on a joint distribution of the leakages on the public-key system.

ACS Style

Byeonggyu Park; Suhri Kim; Seokhie Hong; Heeseok Kim; Seog Chung Seo. Single Trace Analysis against HyMES by Exploitation of Joint Distributions of Leakages. Applied Sciences 2020, 10, 1831 .

AMA Style

Byeonggyu Park, Suhri Kim, Seokhie Hong, Heeseok Kim, Seog Chung Seo. Single Trace Analysis against HyMES by Exploitation of Joint Distributions of Leakages. Applied Sciences. 2020; 10 (5):1831.

Chicago/Turabian Style

Byeonggyu Park; Suhri Kim; Seokhie Hong; Heeseok Kim; Seog Chung Seo. 2020. "Single Trace Analysis against HyMES by Exploitation of Joint Distributions of Leakages." Applied Sciences 10, no. 5: 1831.

Journal article
Published: 02 January 2020 in IEEE Access
Reads 0
Downloads 0

Advanced collision-based single trace attacks which can be applied on simple power analysis resistant scalar multiplications become virtual threat on elliptic curve cryptosystems recently as their practical experimental results are increasingly reported in the literature. Since such attacks are based on detecting collisions of data dependent leakage caused by underlying long integer multiplications, so-called global shuffling countermeasure which breaks such collision correlation by independently randomizing the execution order of unit operations such as single precision multiplication and carry propagation, is considered as promising countermeasure if theoretical randomness of shuffling order is guaranteed. In this paper, we firstly analyze the practical security of the global shuffling long integer multiplications by exhibiting a combined single trace attack on software implementations on an ARM Cortex-M4 microcontroller. Our combined attack consists of a simple power analysis for revealing random permutation vectors which enables later collision-based single trace attack. First we demonstrate how to reveal random permutation vectors for carry propagation process of whole global shuffling long integer multiplications within a single power trace by simple power analysis accompanied with straightforward substitution of power consumption samples. Then we perform collision-based single trace attacks after rearranging the order of subtraces for unit carry propagations based on revealed permutation vectors. Since the vulnerability to simple power analysis is originated from the if-statement for selection of proper entries of the permutation vectors, we propose a novel countermeasure which eliminates such selection with simple addition and modulus operation and also demonstrate practical result achieving regularity in power trace patterns.

ACS Style

Sangyub Lee; Sung Min Cho; Heeseok Kim; Seokhie Hong. A Combined Single Trace Attack on Global Shuffling Long Integer Multiplication and its Novel Countermeasure. IEEE Access 2020, 8, 5244 -5255.

AMA Style

Sangyub Lee, Sung Min Cho, Heeseok Kim, Seokhie Hong. A Combined Single Trace Attack on Global Shuffling Long Integer Multiplication and its Novel Countermeasure. IEEE Access. 2020; 8 (99):5244-5255.

Chicago/Turabian Style

Sangyub Lee; Sung Min Cho; Heeseok Kim; Seokhie Hong. 2020. "A Combined Single Trace Attack on Global Shuffling Long Integer Multiplication and its Novel Countermeasure." IEEE Access 8, no. 99: 5244-5255.

Journal article
Published: 02 September 2019 in IEEE Transactions on Information Theory
Reads 0
Downloads 0

Along with the resistance against quantum computers, isogeny-based cryptography offers attractive cryptosystems due to small key sizes and compatibility with the current elliptic curve primitives. While the state-of-the-art implementation uses Montgomery curves, which facilitates efficient elliptic curve arithmetic and isogeny computations, other forms of elliptic curves can be used to produce an efficient result. In this paper, we present the new hybrid method for isogeny-based cryptosystem using Edwards curves. Unlike the previous hybrid methods, we exploit Edwards curves for recovering the curve coefficients and Montgomery curves for other operations. To this end, we first carefully examine and compare the computational cost of Montgomery and Edwards isogenies. Then, we fine-tune and tailor Edwards isogenies in order to blend with Montgomery isogenies efficiently. Additionally, we present the implementation results of Supersingular Isogeny Diffie–Hellman (SIDH) key exchange using the proposed method. We demonstrate that our method outperforms the previously proposed hybrid method, and is as fast as Montgomery-only implementation. Our results show that proper use of Edwards curves for isogeny-based cryptosystem can be quite practical.

ACS Style

Suhri Kim; Kisoon Yoon; Jihoon Kwon; Young-Ho Park; Seokhie Hong. New Hybrid Method for Isogeny-Based Cryptosystems Using Edwards Curves. IEEE Transactions on Information Theory 2019, 66, 1934 -1943.

AMA Style

Suhri Kim, Kisoon Yoon, Jihoon Kwon, Young-Ho Park, Seokhie Hong. New Hybrid Method for Isogeny-Based Cryptosystems Using Edwards Curves. IEEE Transactions on Information Theory. 2019; 66 (3):1934-1943.

Chicago/Turabian Style

Suhri Kim; Kisoon Yoon; Jihoon Kwon; Young-Ho Park; Seokhie Hong. 2019. "New Hybrid Method for Isogeny-Based Cryptosystems Using Edwards Curves." IEEE Transactions on Information Theory 66, no. 3: 1934-1943.

Editorial
Published: 08 May 2019 in Applied Sciences
Reads 0
Downloads 0

Cryptosystems are widely used in a growing number of embedded applications, such as smart cards, smart phones, Internet of Things (IoT) devices, and so on

ACS Style

Seokhie Hong. Special Issue on “Side Channel Attacks”. Applied Sciences 2019, 9, 1881 .

AMA Style

Seokhie Hong. Special Issue on “Side Channel Attacks”. Applied Sciences. 2019; 9 (9):1881.

Chicago/Turabian Style

Seokhie Hong. 2019. "Special Issue on “Side Channel Attacks”." Applied Sciences 9, no. 9: 1881.

Journal article
Published: 05 April 2019 in Applied Sciences
Reads 0
Downloads 0

A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: “Boolean to Arithmetic (B2A)” and “Arithmetic to Boolean (A2B)”. The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require ( 2 ( k + 1 ) ) entries of length ( k + 1 ) -bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only ( 2 k ) ( k ) -bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from ( k + 1 ) -bit to ( k ) -bit, as a result, the memory use for the pre-computation table is reduced from ( 2 ( k + 1 ) ) ( k + 1 ) -bit to ( 2 k ) ( k ) -bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize’s algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize’s results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.

ACS Style

Hanbit Kim; Seokhie Hong; Heeseok Kim. Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor. Applied Sciences 2019, 9, 1438 .

AMA Style

Hanbit Kim, Seokhie Hong, Heeseok Kim. Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor. Applied Sciences. 2019; 9 (7):1438.

Chicago/Turabian Style

Hanbit Kim; Seokhie Hong; Heeseok Kim. 2019. "Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor." Applied Sciences 9, no. 7: 1438.

Journal article
Published: 03 October 2018 in Applied Sciences
Reads 0
Downloads 0

The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.

ACS Style

Suhri Kim; Seokhie Hong. Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure. Applied Sciences 2018, 8, 1809 .

AMA Style

Suhri Kim, Seokhie Hong. Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure. Applied Sciences. 2018; 8 (10):1809.

Chicago/Turabian Style

Suhri Kim; Seokhie Hong. 2018. "Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure." Applied Sciences 8, no. 10: 1809.

Research article
Published: 15 July 2018 in Security and Communication Networks
Reads 0
Downloads 0

The isogeny-based cryptosystem is the most recent category in the field of postquantum cryptography. However, it is widely studied due to short key sizes and compatibility with the current elliptic curve primitives. The main building blocks when implementing the isogeny-based cryptosystem are isogeny computations and point operations. From isogeny construction perspective, since the cryptosystem moves along the isogeny graph, isogeny formula cannot be optimized for specific coefficients of elliptic curves. Therefore, Montgomery curves are used in the literature, due to the efficient point operation on an arbitrary elliptic curve. In this paper, we propose formulas for computing 3 and 4 isogenies on twisted Edwards curves. Additionally, we further optimize our isogeny formulas on Edwards curves and compare the computational cost of Montgomery curves. We also present the implementation results of our isogeny computations and demonstrate that isogenies on Edwards curves are as efficient as those on Montgomery curves.

ACS Style

Suhri Kim; Kisoon Yoon; Jihoon Kwon; Seokhie Hong; Young-Ho Park. Efficient Isogeny Computations on Twisted Edwards Curves. Security and Communication Networks 2018, 2018, 1 -11.

AMA Style

Suhri Kim, Kisoon Yoon, Jihoon Kwon, Seokhie Hong, Young-Ho Park. Efficient Isogeny Computations on Twisted Edwards Curves. Security and Communication Networks. 2018; 2018 ():1-11.

Chicago/Turabian Style

Suhri Kim; Kisoon Yoon; Jihoon Kwon; Seokhie Hong; Young-Ho Park. 2018. "Efficient Isogeny Computations on Twisted Edwards Curves." Security and Communication Networks 2018, no. : 1-11.

Journal article
Published: 31 May 2018 in Applied Sciences
Reads 0
Downloads 0

In this paper, we present the first constant-time implementations of four-dimensional Gallant–Lambert–Vanstone and Galbraith–Lin–Scott (GLV-GLS) scalar multiplication using curve Ted127 - glv4 on 8-bit AVR, 16-bit MSP430, and 32-bit ARM processors. In Asiacrypt 2012, Longa and Sica introduced the four-dimensional GLV-GLS scalar multiplication, and they reported the implementation results on Intel processors. However, they did not consider efficient implementations on resource-constrained embedded devices. We have optimized the performance of scalar multiplication using curve Ted127 - glv4 on 8-bit AVR, 16-bit MSP430, and 32-bit ARM processors. Our implementations compute a variable-base scalar multiplication in 6,856,026, 4,158,453, and 447,836 cycles on AVR, MSP430, and ARM Cortex-M4 processors, respectively. Recently, Four Q -based scalar multiplication has provided the fastest implementation results on AVR, MSP430, and ARM Cortex-M4 processors to date. Compared to Four Q -based scalar multiplication, the proposed implementations require 4.49% more computational cost on AVR, but save 2.85% and 4.61% cycles on MSP430 and ARM, respectively. Our 16-bit and 32-bit implementation results set new speed records for variable-base scalar multiplication.

ACS Style

Jihoon Kwon; Seog Chung Seo; Seokhie Hong. Efficient Implementations of Four-Dimensional GLV-GLS Scalar Multiplication on 8-Bit, 16-Bit, and 32-Bit Microcontrollers. Applied Sciences 2018, 8, 900 .

AMA Style

Jihoon Kwon, Seog Chung Seo, Seokhie Hong. Efficient Implementations of Four-Dimensional GLV-GLS Scalar Multiplication on 8-Bit, 16-Bit, and 32-Bit Microcontrollers. Applied Sciences. 2018; 8 (6):900.

Chicago/Turabian Style

Jihoon Kwon; Seog Chung Seo; Seokhie Hong. 2018. "Efficient Implementations of Four-Dimensional GLV-GLS Scalar Multiplication on 8-Bit, 16-Bit, and 32-Bit Microcontrollers." Applied Sciences 8, no. 6: 900.

Correction
Published: 13 March 2018 in The Journal of Supercomputing
Reads 0
Downloads 0

The Acknowledgements section is missing in the original article. Now the Acknowledgements section is given.

ACS Style

Jihoon Kwon; Seog Chung Seo; Seokhie Hong. Correction to: An efficient implementation of pairing-based cryptography on MSP430 processor. The Journal of Supercomputing 2018, 74, 2254 -2254.

AMA Style

Jihoon Kwon, Seog Chung Seo, Seokhie Hong. Correction to: An efficient implementation of pairing-based cryptography on MSP430 processor. The Journal of Supercomputing. 2018; 74 (5):2254-2254.

Chicago/Turabian Style

Jihoon Kwon; Seog Chung Seo; Seokhie Hong. 2018. "Correction to: An efficient implementation of pairing-based cryptography on MSP430 processor." The Journal of Supercomputing 74, no. 5: 2254-2254.

Article
Published: 17 July 2017 in The Journal of Supercomputing
Reads 0
Downloads 0

In this paper, we present a highly optimized implementation of \(\eta _T\) pairing on 16-bit MSP430 processor. Until now, TinyPBC provided the most optimized implementation of \(\eta _T\) pairing on sensor platforms. Although it is well optimized for finite field arithmetic, it is not optimized at an extension field arithmetic level. Moreover, since TinyPBC requires considerable amount of memory consumption, its usability is limited on a memory-constrained sensor platforms. We have focused on optimizing not only field arithmetic level but also extension field arithmetic level. In comparison with TinyPBC, the field reduction performance could be improved about 29.1% by our proposed method. We achieved 12.22% of performance improvement for extension field sparse multiplication. Our \(\eta _T\) pairing implementation on MSP430 computes single pairing in 1.22 s, and this result is 5.88% faster than TinyPBC. Furthermore, it requires 19.2% less memory than TinyPBC.

ACS Style

Jihoon Kwon; Seog Chung Seo; Seokhie Hong. An efficient implementation of pairing-based cryptography on MSP430 processor. The Journal of Supercomputing 2017, 74, 1394 -1417.

AMA Style

Jihoon Kwon, Seog Chung Seo, Seokhie Hong. An efficient implementation of pairing-based cryptography on MSP430 processor. The Journal of Supercomputing. 2017; 74 (3):1394-1417.

Chicago/Turabian Style

Jihoon Kwon; Seog Chung Seo; Seokhie Hong. 2017. "An efficient implementation of pairing-based cryptography on MSP430 processor." The Journal of Supercomputing 74, no. 3: 1394-1417.

Conference paper
Published: 10 March 2016 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

This paper proposes three new padding methods designed to withstand padding oracle attacks, which aim at recovering a plaintext without knowing the secret key by exploiting oracle’s characteristic of checking the padding during decryption. Of the ten existing padding methods, only two (ABYT-PAD and ABIT-PAD) can withstand padding oracle attacks. However, these methods are not efficient since they either use a random number generator or require MAC verification in applications. The three new padding methods proposed in this paper are secure against padding oracle attacks and more efficient compared to the two aforementioned padding methods.

ACS Style

HyungChul Kang; Myungseo Park; Dukjae Moon; Changhoon Lee; Jongsung Kim; Kimoon Kim; Juhyuk Kim; Seokhie Hong. New Efficient Padding Methods Secure Against Padding Oracle Attacks. Transactions on Petri Nets and Other Models of Concurrency XV 2016, 329 -342.

AMA Style

HyungChul Kang, Myungseo Park, Dukjae Moon, Changhoon Lee, Jongsung Kim, Kimoon Kim, Juhyuk Kim, Seokhie Hong. New Efficient Padding Methods Secure Against Padding Oracle Attacks. Transactions on Petri Nets and Other Models of Concurrency XV. 2016; ():329-342.

Chicago/Turabian Style

HyungChul Kang; Myungseo Park; Dukjae Moon; Changhoon Lee; Jongsung Kim; Kimoon Kim; Juhyuk Kim; Seokhie Hong. 2016. "New Efficient Padding Methods Secure Against Padding Oracle Attacks." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 329-342.

Journal article
Published: 29 January 2016 in Multimedia Tools and Applications
Reads 0
Downloads 0

In this work, we propose an algorithm to produce the Triple-base chain that optimize the time usage for computing an elliptic curve cryptosystem. Triple-base Chain is a scalar multiplication algorithm, which represents an integer k using three bases {2,3,5}. This paper provides a faster scalar multiplication method of elliptic curve based on {2,3,5} Triple-base Chain. The method proposed by this research speeds up the existing Triple-base Chain algorithm by optimizing the 5P operation of elliptic curve and reordering the operation order of base {2,3,5}. This method can improve the speed of operation from 4 to 6 % compared to the existing {2,3,5} Triple-base Chain.

ACS Style

Sung Min Cho; Seung Gyu Gwak; Chang Han Kim; Seokhie Hong. Faster elliptic curve arithmetic for triple-base chain by reordering sequences of field operations. Multimedia Tools and Applications 2016, 75, 14819 -14831.

AMA Style

Sung Min Cho, Seung Gyu Gwak, Chang Han Kim, Seokhie Hong. Faster elliptic curve arithmetic for triple-base chain by reordering sequences of field operations. Multimedia Tools and Applications. 2016; 75 (22):14819-14831.

Chicago/Turabian Style

Sung Min Cho; Seung Gyu Gwak; Chang Han Kim; Seokhie Hong. 2016. "Faster elliptic curve arithmetic for triple-base chain by reordering sequences of field operations." Multimedia Tools and Applications 75, no. 22: 14819-14831.