• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1089-1097
• /
• 2016

It is well-known that, if additional information other than a plaintext-ciphertext pair is available, breaking the RSA cryptosystem may be much easier than factorizing the RSA modulus. For example, Coppersmith showed that, given the 1/2 fraction of the least or most significant bits of one of two RSA primes, the RSA modulus can be factorized in a polynomial time. More recently, Henecka et. al showed that the RSA private key of the form (p, q, d, $d_p$, $d_q$) can efficiently be recovered whenever the bits of the private key are erroneous with error rate less than 23.7%. It is notable that their algorithm is based on counting the matching bits between the candidate key bit string and the given decayed RSA private key bit string. And, extending the algorithm, this paper proposes a new RSA private key recovery algorithm using a generalized probabilistic measure for measuring the consistency between the candidate key bits and the given decayed RSA private key bits.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.11
• /
• pp.157-162
• /
• 2010

Due to the IT development, RFID/USN became very familiar means of communication. However, because of increased number, security, and size constraints of nodes, it is insufficient to implement a variety of services. To solve these problems, this paper suggests RI-RSA, which is an appropriate asymmetric cryptographic system for RFID/USN environment. The proposed RI-RSA cryptographic system is easy to implement. To increase the processing speed, RI-RSA was suggested by subdividing the multiplication section into two-dimensional, where bottleneck phenomena occurs, and it was implemented in the hardware chip level. The simulation result verified that it caused 6% of circuit reduction, and for the processing speed, RI-RSA was 30% faster compare to the existing RSA.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.59-70
• /
• 2012

RSA-CRT is one of the commonly used techniques to speedup RSA operation. Since RSA-CRT performs its operations based on the modulus of two private primes, it is about four times faster than RSA. In RSA, the two primes are normally thrown away after generating the public key pair. However, in RSA-CRT, the two primes are directly used in RSA operations. This led to hardware fault attacks which can be used to factor the public modulus. The most common way to counter these attacks is based on error propagation. In these schemes, all the outputs of RSA are affected by the infected error which makes it difficult for an adversary to use the output to factor the public modulus. However, the error propagation has sequentialized the RSA operation. Moreover, these schemes have been found to be still vulnerable to hardware fault attacks. In this paper, we propose two new RSA-CRT schemes which are both resistant to hardware fault attack and support parallel execution: one uses common modulus and the other one perform operations in each prime modulus. Both proposed schemes takes about a time equal to two exponentiations to complete the RSA operation if parallel execution is fully used and can protect the two private primes from hardware fault attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.8
• /
• pp.1471-1479
• /
• 2017

This paper describes a design of RSA public-key cryptography processor supporting key length of 2,048 bits. A modular multiplier that is core arithmetic function in RSA cryptography was designed using word-based Montgomery multiplication algorithm, and a modular exponentiation was implemented by using Left-to-Right (LR) binary exponentiation algorithm. A computation of a modular multiplication takes 8,386 clock cycles, and RSA encryption and decryption requires 185,724 and 25,561,076 clock cycles, respectively. The RSA processor was verified by FPGA implementation using Virtex5 device. The RSA cryptographic processor synthesized with 100 MHz clock frequency using a 0.18 um CMOS cell library occupies 12,540 gate equivalents (GEs) and 12 kbits memory. It was estimated that the RSA processor can operate up to 165 MHz, and the estimated time for RSA encryption and decryption operations are 1.12 ms and 154.91 ms, respectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.05a
• /
• pp.163-165
• /
• 2018

GF(p)상 타원곡선 암호(ECC)와 RSA를 단일 하드웨어로 통합하여 구현한 공개키 암호 프로세서를 설계하였다. 설계된 EC-RSA 공개키 암호 프로세서는 NIST 표준에 정의된 소수체 상의 224-비트 타원 곡선 P-224와 2048-비트 키 길이의 RSA를 지원한다. ECC와 RSA가 갖는 연산의 공통점을 기반으로 워드기반 몽고메리 곱셈기와 메모리 블록을 효율적으로 결합하여 최적화된 데이터 패스 구조를 적용하였다. EC-RSA 공개키 암호 프로세서는 Modelsim을 이용한 기능검증을 통하여 정상동작을 확인하였으며, $0.18{\mu}m$ CMOS 셀 라이브러리로 합성한 결과 11,779 GEs와 14-Kbit RAM의 경량 하드웨어로 구현되었다. EC-RSA 공개키 암호 프로세서는 최대 동작주파수 133 MHz이며, ECC 연산에는 867,746 클록주기가 소요되며, RSA 복호화 연산에는 26,149,013 클록주기가 소요된다.

• Clinics in Shoulder and Elbow
• /
• v.18 no.4
• /
• pp.248-253
• /
• 2015

Background: Scapular notching can happen at diverse location depending on implant design or operative technique, therefore, it is easily misdiagnosed. Thus, this study purposed to suggest a method helpful to assess scapular notching. Methods: The subjects were 73 cases of reverse shoulder arthroplasty (RSA) for cuff tear arthropathy during the period from May 2009 to April 2014 and followed-up for over a year. There was medialized RSA in 22 cases, bone increased offset RSA (BIO-RSA) in 36 cases, and metal increased offset RSA (metal-RSA) in 15 cases. Scapular notching was not determined by bone defect at the inferior of glenosphere as Sirveaux's classification, but scapular notching at the site where the rotational route of the polyethylene of humeral implant met the scapular neck were examined. The results were compared with conventional method. Results: By conventional method, scapular notching was observed in 10 cases (45.5%) in medialized RSA, 12 cases (33.3%) in BIO-RSA, and none in metal-RSA. By new method, it was observed in 9 cases (40.9%) in medialized RSA, 10 cases (27.8%) in BIO-RSA, and none of metal-RSA. The site of scapular notching was apart from glenoshpere in 18 cases, and at inferior of glenosphere in 1 case. Absorption of bone graft was observed in 4 (11.1%) out of 36 cases of BIO-RSA. Conclusions: It is hard to distinguish scapular notching from absorption of bone graft in BIO-RSA, and bone absorption at the lateral lower end of glenoid in medialized RSA. Thus, it is considered useful to assess scapular notching at the site where the rotational route of the polyethylene insert meets scapular neck.

• Journal of IKEEE
• /
• v.22 no.3
• /
• pp.522-531
• /
• 2018

A public-key cryptography processor EC-RSA was designed, which integrates a 224-bit prime field elliptic curve cryptography (ECC) defined in the FIPS 186-2 as well as RSA with 2048-bit key length into a single hardware structure. A finite field arithmetic core used in both scalar multiplication for ECC and exponentiation for RSA was designed with 32-bit data-path. A lightweight implementation was achieved by an efficient hardware sharing of the finite field arithmetic core and internal memory for ECC and RSA operations. The EC-RSA processor was verified by FPGA implementation. It occupied 11,779 gate equivalents (GEs) and 14 kbit RAM synthesized with a 180-nm CMOS cell library and the estimated maximum clock frequency was 133 MHz. It takes 867,746 clock cycles for ECC scalar multiplication resulting in the estimated throughput of 34.3 kbps, and takes 26,149,013 clock cycles for RSA decryption resulting in the estimated throughput of 10.4 kbps.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4A
• /
• pp.447-457
• /
• 2004

This paper proposes a RSA crypto-processor for embedded systems. The architecture of the RSA crypto-processor should be used relying on Big Montgomery algorithm, and is supported by configurable bit size. The RSA crypto-processor includes a RSA control signal generator, an optimal Big Montgomery processor(adder, multiplier). We use diverse arithmetic unit (adder, multiplier) algorithm. After we compared the various results, we selected the optimal arithmetic unit which can be connected with ARM core-processor. The RSA crypto-processor was implemented with Verilog HDL with top-down methodology, and it was verified by C language and Cadence Verilog-XL. The verified models were synthesized with a Hynix 0.25${\mu}{\textrm}{m}$, CMOS standard cell library while using Synopsys Design Compiler. The RSA crypto-processor can operate at a clock speed of 51 MHz in this worst case conditions of 2.7V, 10$0^{\circ}C$ and has about 36,639 gates.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.6
• /
• pp.2835-2850
• /
• 2016

RSA is a public key cryptosystem that is currently the most popularly used in information security. Development of RSA variants has attracted many researchers since its introduction in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman. In this paper, we propose an algebraic structure for RSA and show that the proposed structure covers all known RSA variants. The usefulness of the proposed structure is then proved by showing that, following the structure we can construct a RSA variant based on the Bergman ring. We compare the original RSA and its variants from the point of view of factoring the modulus to determine why the original RSA is widely used than its variants.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.123-128
• /
• 2007

Many service systems use Public Key Infrastructure (PKI) to protect the service. But there arc problems with the use of PKI. One of the problems is that some services would require a function instantaneously to check public kel certificate, but PKI does not satisfy such request. To solve the problem, Bouch et al. first proposed the concept of mediated RSA (mRSA). Then Gene Tsudik proposed 'weak' forward secure mRSA. In this paper, we analyze the weakness of these schemes and find the source of the vulnerabilitv. And we propose a new mRSA that is strong forward secure.