公开(公告)号：KR100656406B1

公开(公告)日：2006-12-11

申请号：KR1020050114719

申请日：2005-11-29

Applicant: 한국전자통신연구원

Inventor： 최용제 ,  김무섭 ,  김호원 ,  정교일

IPC: G06F7/48

Abstract: A finite operation device for ONB(Optimal Normal Basis) is provided to trade off an area and performance according to system requirement, and perform finite multiplication and finite reverse multiplication for the ONB with one operator by setting an operator mode with optimization of a finite multiplier and a finite reverse multiplier. The first multiplexer(100) selects a reverse multiplication input value or the first middle operation value. A register(200) stores the value selected by the first selector. A shifter(400) performs a cyclic shift operation of the selected value. The second multiplexer(300) selects multiplicand input of an ONB multiplier(600) by receiving output of the first register and the first middle operation value. The third multiplexer(500) selects multiplier input of the ONB multiplier by receiving the output of the shifter and the second middle operation value. The ONB multiplier performs the ONB finite multiplication by receiving the output of the second and third multiplexer. An output multiplexer(700) selects an output value of the ONB multiplier depending on the performed operation.

Abstract translation: 提供了用于ONB（最优正常基准）的有限操作装置以根据系统需求折衷区域和性能，并且通过使用有限乘法器的优化来设置操作员模式，用一个操作者对ONB执行有限乘法和有限反向乘法 和一个有限的反向乘法器。 第一多路复用器（100）选择反向乘法输入值或第一中间操作值。 寄存器（200）存储由第一选择器选择的值。 移位器（400）执行所选值的循环移位操作。 第二多路复用器（300）通过接收第一寄存器的输出和第一中间操作值来选择ONB乘法器（600）的被乘数输入。 第三多路复用器（500）通过接收移位器的输出和第二中间操作值来选择ONB乘法器的乘法器输入。 ONB乘法器通过接收第二和第三多路复用器的输出来执行ONB有限乘法。 输出多路复用器（700）根据执行的操作选择ONB乘法器的输出值。

公开(公告)号：KR100554174B1

公开(公告)日：2006-02-22

申请号：KR1020030088409

申请日：2003-12-06

Applicant: 한국전자통신연구원

Inventor： 김무섭 ,  최용제 ,  강주성 ,  정교일

IPC: G06K19/073

Abstract: 본 발명에 의한 접촉형 스마트카드에 대한 차분전력분석(DPA) 공격 방지를 위한 장치 및 그 방법은 접촉형 스마트카드의 차분전력분석 공격 방지 장치에 있어서, 제1제어신호에 기초하여 입력전원의 차단여부를 결정하는 제1스위치부, 그리고 제2전하축적부와의 연결경로를 제공하며, 제1스위치부가 활성화되어 입력전류의 경로가 형성되었을 때 상기 스마트카드의 외부에서 측정시 상기 제1스위치부가 비활성되는 경우보다 낮은 저항값을 갖도록 하는 정류부를 포함하며 상기 제1제어신호에 기초하여 축적된 전하를 방전하거나 재충전을 수행하는 제1전하축적부; 제1전하축적부가 충전시에는 비활성화되어 상기 제1전하축적부와의 접속을 차단하고, 상기 제1전하축적부가 방전시에는 활성화되어 상기 제1전하축적부와의 접속을 수행하는 제2스위치부를 포함하며 상기 제1전하축적부가 재충전을 수행할 때 제2제어신호에 의하여 축적된 전하를 출력하는 제2전하축적부; 및 상기 제1전하축적부를 감시하여 그 충전상태에 기초하여 상기 제1내지 제2제어신호를 생성하는 제어부;를 포함하는 것을 특징으로 하며, 효율적인 시스템의 보안성 향상을 가져올 수 있으며, 암호 기능을 필요로 하는 많은 시스템에 적용되어 사용 되어질 수 있다.
차분전력분석, DPA, 스마트카드, 시스템보안

公开(公告)号：KR1020050062820A

公开(公告)日：2005-06-28

申请号：KR1020030093103

申请日：2003-12-18

Applicant: 한국전자통신연구원

Inventor： 최용제 ,  김무섭 ,  강주성 ,  정교일

IPC: G06F7/52

Abstract: 본 발명은 유한체 곱셈 연산 장치에 관한 것으로서 특히, GF(3^m)의 유한체 곱셈 연산에 적합한 유한체 곱셈 연산 장치에 관한 것이다.
본 발명에 따른 유한체 곱셈 연산 장치는 각기 승수와 피승수의 계수 값들을 저장하기 위한 승수 및 피승수 입력 레지스터들; 최소다항식의 계수 값들을 저장하기 위한 최소 다항식 레지스터; 상기 승수 및 피승수 입력 레지스터에서 출력되는 계수를 사용하여 GF(3^m)에 대한 비트 곱셈 연산을 수행하는 mod 3 비트 곱셈기; 중간 연산 결과와 상기 mod 3 비트 곱셈기의 출력을 사용하여 GF(3^m)에 대한 비트열 덧셈 연산을 수행하는 mod 3 비트 덧셈기; 중간 연산 결과 저장과 최종 출력값 저장을 위한 출력 레지스터; 및 GF(3^m) 유한체 곱셈 연산이 수행되도록 제어하는 곱셈 제어기를 포함하는 것을 특징으로 한다.
본 발명에 따른 GF(3^m)의 유한체 곱셈 연산 장치는 다항식의 차수에 해당하는 m 사이클 동안에 승수 및 피승수의 곱셈 연산을 수행할 수 있으므로 로직 지연 시간이 크지 않아 이진 유한체 곱셈 연산과 유사한 성능을 얻을 수 있는 효과를 가진다.

公开(公告)号：KR1020040050742A

公开(公告)日：2004-06-17

申请号：KR1020020077902

申请日：2002-12-09

Applicant: 한국전자통신연구원

Inventor： 김무섭 ,  김호원 ,  최용제 ,  류희수 ,  정교일

IPC: H04L9/30

CPC classification number: H04L9/302 ,  H04L9/3066

Abstract: PURPOSE: A public key encryption apparatus based on the prime field is provided, which improves the efficiency of the system as well is commonly utilized in various system required to operate encryption operation. CONSTITUTION: A public key encryption apparatus(100) based on the prime field includes a register(110), an RSA operational block(160), a modular inverse element calculation block(175), an ellipse curve calculation block(180), a modular operational block(170) and a controller(130). The register(110) stores the various data for the encryption operation. The RSA operational block(160) performs the RSA public key encryption operation. The modular inverse element calculation block(175) calculates the inverse element of the data based on the prime field. The ellipse curve calculation block(180) performs the ellipse curve public key encryption operation. The modular operational block(170) performs the repeat operation in the unit of the 32 bits so as to perform the RSA/ellipse curve encryption operations. And, the controller(130) reads/writes the data required to the encryption operation from the register(110) and controls the operations of each block to perform the encryption operation.

Abstract translation: 目的：提供基于素数字段的公钥加密装置，提高了系统的效率，并且通常用于操作加密操作所需的各种系统。 构成：基于主场的公开密钥加密装置（100）包括寄存器（110），RSA操作块（160），模块化反向元素计算块（175），椭圆曲线计算块（180）， 模块化操作块（170）和控制器（130）。 寄存器（110）存储用于加密操作的各种数据。 RSA操作块（160）执行RSA公钥加密操作。 模块逆元素计算块（175）基于素数域计算数据的逆元素。 椭圆曲线计算块（180）执行椭圆曲线公钥加密操作。 模块化操作块（170）以32位为单位执行重复操作，以便执行RSA /椭圆曲线加密操作。 并且，控制器（130）从寄存器（110）读取/写入加密操作所需的数据，并控制每个块的操作以执行加密操作。

公开(公告)号：KR100416233B1

公开(公告)日：2004-01-31

申请号：KR1020010082619

申请日：2001-12-21

Applicant: 한국전자통신연구원

Inventor： 최용제 ,  김호원 ,  김무섭 ,  박영수 ,  류희수

IPC: H04L9/14

Abstract: PURPOSE: An encryption system for an F8 encryption algorithm and an F9 integrity verification algorithm of IMT(International Mobile Telecommunication)-2000 system is provided to enhance the security of data by using a data encryption calculator between a terminal and an RNC system. CONSTITUTION: An encryption system includes an input/output system bus(10), a register file(11), a memory portion(13), and an F8_F9 calculator(12). The register file is used for storing input variables of an F8 encryption algorithm and an F9 integrity verification algorithm. The memory portion stores encoded output data and authentication code generation object data of the F8 encryption algorithm and the F9 integrity verification algorithm. The F8_F9 calculator performs selectively the F8 encryption algorithm and the F9 integrity verification algorithm in order to provide a message authentication code to the register file and output the encoded output data to the memory portion.

Abstract translation: 目的：提供IMT（国际移动电信）-2000系统的F8加密算法和F9完整性验证算法的加密系统，以通过在终端和RNC系统之间使用数据加密计算器来增强数据的安全性。 组成：加密系统包括输入/​​输出系统总线（10），寄存器文件（11），存储器部分（13）和F8_F9计算器（12）。 寄存器文件用于存储F8加密算法和F9完整性验证算法的输入变量。 存储器部分存储F8加密算法和F9完整性验证算法的编码输出数据和认证码生成对象数据。 F8_F9计算器选择性地执行F8加密算法和F9完整性验证算法，以便向寄存器文件提供消息认证码并将编码的输出数据输出到存储器部分。

公开(公告)号：KR100399048B1

公开(公告)日：2003-09-26

申请号：KR1020010034306

申请日：2001-06-18

Applicant: 한국전자통신연구원

Inventor： 최용제 ,  김호원 ,  김무섭 ,  정교일

IPC: G09C1/00

Abstract: PURPOSE: An ellipse curve encryption device is provided to have a high security with maintaining a short key so as to authenticate a user in a system restricted in area such as an integrated(IC) card and to exchange the key values of the symmetric key system. CONSTITUTION: An ellipse curve encryption device includes a first storing register(201) for storing operational coefficient values of an ellipse curve encryption, a second storing register(202) for storing input values of operation for the ellipse curve encryption, an ellipse curve encryption operation module(205) for implementing the ellipse curve encryption operation by using the valued stored at the first and the second registers(201,202), a third register(203) for inputting to the ellipse curve encryption operation module(205) so as to use the following operation after the output value form the ellipse curve encryption operation module is stored at the register and an ellipse curve encryption controller(204) for controlling the ellipse curve encryption operation module(205) in response to the value stored the first register(201) and for managing the transmission of the operation result.

Abstract translation: 目的：提供一种椭圆曲线加密装置，其具有高度的安全性和维持短密钥以便在诸如集成（IC）卡之类的受限区域内的系统中对用户进行认证并且交换对称密钥系统的密钥值 。 用于存储椭圆曲线加密的运算系数值的第一存储寄存器（201），用于存储椭圆曲线加密的运算的输入值的第二存储寄存器（202），椭圆曲线加密运算 模块（205），用于通过使用存储在第一和第二寄存器（201,202）中的值来执行椭圆曲线加密操作;第三寄存器（203），用于输入到椭圆曲线加密操作模块（205）以便使用 在从椭圆曲线加密操作模块的输出值存储在寄存器之后的操作之后的操作和用于响应于存储在第一寄存器（201）中的值来控制椭圆曲线加密操作模块（205）的椭圆曲线加密控制器（204） 并管理运行结果的传输。

公开(公告)号：KR1020030055732A

公开(公告)日：2003-07-04

申请号：KR1020010085801

申请日：2001-12-27

Applicant: 한국전자통신연구원

Inventor： 김호원 ,  최용제 ,  김무섭 ,  류희수

IPC: H04L9/14

CPC classification number: H04L9/14 ,  H04L2209/125

Abstract: PURPOSE: An encryption processing apparatus for a high speed radio network switch is provided to process much data at a time with high throughput and little response time and to process little data rapidly with a little delay time. CONSTITUTION: According to the encryption processing apparatus for a high speed radio network switch performing security processing and integrity verification encryption algorithm processing in the high speed radio network switch, a memory memorizing device part(101) stores input/output protocol packet or data and command and control signals extracted from the packet. A shared memory memorizing device part(102) stores a packet and a control signal and command and data extracted from the packet. A memory control part(105) performs input/output control and synchronization of the memory memorizing device part and the shared memory memorizing device part. An encryption processing device part(107) processes security and integrity verification encryption algorithm. An external input/output control part(108) controls external input/output. An external network interface block(109) performs packet analysis operation as to a packet received from an external network connection network, and transmits the analyzed packet to the encryption processing device part or the memory memorizing device part or the shared memory memorizing device part. And a central processing part(100) performs basic protocol analysis and packet processing, memory management, shared memory management and encryption processor control.

Abstract translation: 目的：提供一种用于高速无线网络交换机的加密处理装置，以高吞吐量和较小的响应时间一次处理大量数据，并在稍微延迟的时间内快速处理一些数据。 构成：根据在高速无线网络交换机中执行安全处理和完整性验证加密算法处理的高速无线网络交换机的加密处理装置，存储器存储装置部分（101）存储输入/输出协议分组或数据和命令 以及从分组提取的控制信号。 共享存储器存储设备部分（102）存储从分组提取的分组和控制信号以及命令和数据。 存储器控制部分（105）执行存储器存储器件部分和共享存储器存储器件部分的输入/输出控制和同步。 加密处理设备部分（107）处理安全性和完整性验证加密算法。 外部输入/输出控制部分（108）控制外部输入/输出。 外部网络接口块（109）对从外部网络连接网络接收到的分组执行分组分析操作，并将分析的分组发送到加密处理装置部分或存储器存储装置部分或共享存储器存储装置部分。 并且中央处理部分（100）执行基本协议分析和分组处理，存储器管理，共享存储器管理和加密处理器控制。

公开(公告)号：KR1020030052602A

公开(公告)日：2003-06-27

申请号：KR1020010082619

申请日：2001-12-21

Applicant: 한국전자통신연구원

Inventor： 최용제 ,  김호원 ,  김무섭 ,  박영수 ,  류희수

IPC: H04L9/14

CPC classification number: H04L9/0625

Abstract: PURPOSE: An encryption system for an F8 encryption algorithm and an F9 integrity verification algorithm of IMT(International Mobile Telecommunication)-2000 system is provided to enhance the security of data by using a data encryption calculator between a terminal and an RNC system. CONSTITUTION: An encryption system includes an input/output system bus(10), a register file(11), a memory portion(13), and an F8_F9 calculator(12). The register file is used for storing input variables of an F8 encryption algorithm and an F9 integrity verification algorithm. The memory portion stores encoded output data and authentication code generation object data of the F8 encryption algorithm and the F9 integrity verification algorithm. The F8_F9 calculator performs selectively the F8 encryption algorithm and the F9 integrity verification algorithm in order to provide a message authentication code to the register file and output the encoded output data to the memory portion.

Abstract translation: 目的：提供IMT（国际移动通信）-2000系统的F8加密算法和F9完整性验证算法的加密系统，通过使用终端与RNC系统之间的数据加密计算器来增强数据的安全性。 构成：加密系统包括输入/​​输出系统总线（10），寄存器文件（11），存储器部分（13）和F8_F9计算器（12）。 寄存器文件用于存储F8加密算法和F9完整性验证算法的输入变量。 存储器部分存储F8加密算法和F9完整性验证算法的编码输出数据和认证码生成对象数据。 F8_F9计算器选择性地执行F8加密算法和F9完整性验证算法，以便向寄存器文件提供消息验证码并将编码的输出数据输出到存储器部分。

公开(公告)号：KR1020030043451A

公开(公告)日：2003-06-02

申请号：KR1020010074634

申请日：2001-11-28

Applicant: 한국전자통신연구원

Inventor： 김호원 ,  김무섭 ,  최용제 ,  박영수 ,  정교일

IPC: H04L9/14

CPC classification number: H04L9/14 ,  H04L9/0625 ,  H04L9/0631 ,  H04L9/302 ,  H04L9/3066 ,  H04L2209/125

Abstract: PURPOSE: A symmetric and asymmetric key cryptography operation process system and a processing method thereof are provided to process various kinds of ciphering algorithm by using the cryptographic operation process system including hardware circuits of small number. CONSTITUTION: A command extraction portion(130) extracts a command for performing a cryptographic operation when commands and data for a ciphering algorithm are received from an external network. A scheduler and decoder portion(120) decides a calculation method and schedules an executing order by analyzing an input command according to the extracted command and the data. A storage portion(140) stores the extracted command and the data received from the external network. A cryptographic operation portion(160) processes a symmetric and an asymmetric cryptographic operation by performing the stored command according to the scheduled executing order. A control portion(150) controls the cryptographic operation portion.

Abstract translation: 目的：提供一种对称和非对称密钥密码操作处理系统及其处理方法，通过使用包含少数硬件电路的密码操作处理系统来处理各种加密算法。 构成：当从外部网络接收到用于加密算法的命令和数据时，命令提取部分（130）提取用于执行密码操作的命令。 调度器和解码器部分（120）通过根据提取的命令和数据分析输入命令来决定计算方法并调度执行顺序。 存储部分（140）存储所提取的命令和从外部网络接收的数据。 加密操作部分（160）通过根据调度的执行顺序执行存储的命令来处理对称和非对称加密操作。 控制部分（150）控制密码操作部分。

公开(公告)号：KR1020020043367A

公开(公告)日：2002-06-10

申请号：KR1020000072973

申请日：2000-12-04

Applicant: 한국전자통신연구원

Inventor： 김무섭 ,  최용제 ,  정교일

IPC: G06F11/00

Abstract: PURPOSE: A transmission device for preventing a physical hacking and a method thereof are provided to transmit a signal by selecting new signal periodically or at random whenever a power source is applied to an encryption module. CONSTITUTION: A random number output of minimum 512-bit generated in a random number generator(320) is selected for being used in a data conversion circuit through a selection signal generation circuit(310). A data conversion circuit(300) selects a data transmission line at random using a random number signal selected the selection signal generation circuit(310), changes a data transmission path, and converts data. The selection signal generation circuit(310) is provided for deciding the number of selected bit signals selected and a portion thereof out of the 512-bit random number signal. The selection signal generation circuit(310) changes a position and size of a selection signal being generated by an external input.

Abstract translation: 目的：提供一种用于防止物理黑客的传输装置及其方法，用于当电源施加到加密模块时，周期性地或随机地选择新的信号来发送信号。 构成：通过选择信号生成电路（310），选择在随机数发生器（320）中生成的最小512位的随机数输出用于数据转换电路。 数据转换电路（300）使用选择的选择信号生成电路（310）的随机数信号随机选择数据传输线，改变数据传输路径，并转换数据。 选择信号生成电路（310）被提供用于决定所选择的位信号的数量及其部分的512位随机数信号。 选择信号生成电路（310）改变由外部输入生成的选择信号的位置和大小。