Guest Editorial: Selected papers from the 24th International Conference on Information Security and Cryptology (ICISC 2021)

This is our first IET Information Security special issue from the Internation Conference on Information Security and Cryptology, which was held from December 1 to December 3, Seoul, South Korea, 2021. The aim of ICISC 2021 was to provide an international forum for the latest results of research, development, and applications within the field of information security and cryptography. In ICISC 2021, we received 63 submissions and were able to accept 23 papers for the presentation at the conference. Among accepted and presented papers at ICISC 2021, we selected six papers with high review scores and recommended them for publication in the special issue of IET information Security (via at least 30% extension). It is worth noting that the review and the selection process were successfully conducted by programme committee (PC) members, including reviewers dispatched from IET Information Security, and each paper underwent a blind review by at least three PC members.

The special issue contains six papers on topic areas, including lattice-based protocol constructions (Topic A), lattice-based analysis algorithms (Topic B), efficient quantum circuit constructions (Topic C), and analysis on symmetric-key primitives (Topic D).

Paper 1 by P. Ren, X. Gu, and Z. Wang investigates how to construct a quantum-safe password-authenticated key exchange (PAKE) as a cryptographic primitive that can establish secure remote communications between a client and a server. They suggest a new PAKE protocol based on module lattices with a rigorous security proof in the random oracle model. Taking the flexibility of the module learning with errors problem, they elaborately select 3 parameter sets to meet different application scenarios. Specifically, they show that their recommended PAKE implementation achieves 177-bit post-quantum security with a generous margin to cope with later improvement in the cryptanalysis. Their performance results indicate that the MLWE-PAKE is quite practical: compared with the latest Yang-PAKE, their PAKE reduces the communication cost and the running time by 36.8% and 13.8%, respectively.

Paper 2 by V. Farzaliyev, J. Willemson, and J. K. Kaasik investigates Mix-networks as a general tool for building anonymous communication systems. They focus on the application case of post-quantum electronic voting where the number of votes to be mixed may reach hundreds of thousands or even millions. They propose an improved architecture for lattice-based post-quantum mix-nets featuring more efficient zero-knowledge proofs while maintaining established security assumptions. Their implementation scales up to 100,000 votes, still leaving a lot of room for future optimisation.

Paper 3 by K. Yamamura, Y. Wang, and E. Fujisaki investigates an enumeration algorithm that is used as a subroutine for the BKZ algorithm, which is one of the most practical reduction algorithms. It is a critical issue to reduce the computational complexity of the enumeration algorithm. First, they improve the mechanism, called Primal Projective Reordering (PPR) method, over the previous reordering method proposed by Wang in ACISP 2018. Next, they propose a Dual Projective Recording method in dual lattice, and also they propose a condition to decide whether the reordering method should be adapted or not. Finally, they propose an improved BKZ algorithm with the reordering methods and our proposed condition. Preliminary experimental results show that their proposed reordering methods can successfully reduce the number of enumeration algorithm search nodes compared to the predecessor, for example, PPR reduces around 9.6% on average in 30-dimensional random lattices, and DPR reduces around 32.8% on average in 45-dimensional random lattices.

Paper 4 by J. Lee, S. Lee, Y. S. Lee, and D. Choi suggests an efficient quantum circuit design of a given cryptographic algorithm in terms of reducing T-depth for time complexity efficiency. They propose a novel technique for reducing T-depth (and T-count) when some quantum circuits located between two Toffoli gates are interchangeable with a controlled phase gate (CP gate). They apply their technique to five types of quantum adders, reducing T-depth by more than 33%. They also present new SHA-256 quantum circuits, which have a critical path with only three quantum adders, while the critical paths of quantum circuits in the previous works consist of seven or 10 quantum adders. According to their four version of SHA-256 quantum circuit, T-depth of the proposed SHA-256 quantum circuit with the Width (the number of qubits) 797 is 16,055, which is remarkably reduced by about 85%. Another proposed quantum circuit only requires 768 qubits, which is the smallest width, to the best of their knowledge. Finally, one other version is the most time-efficient circuit with an overall Toffoli depth (and T-depth) that is less than 5000.

Paper 5 by Y. Lee, J. Kang, D. Chang, and S. Hong presents preimage attacks on a round-reduced variant of GIMLI-HASH, in which the message-absorbing phase used 5-round GIMLI and the squeezing phase used 9-round GIMLI. They call this variant as 5-9-round GIMLI-HASH. Their preimage attack on 5-9-round GIMLI-HASH requires 2^94.44 time complexity and 2⁹⁷ memory complexity. Also, this method can be reached up to round shifted 10-round GIMLI in the squeezing phase. Their first attack requires the memory for storing several precomputation tables in GIMLI SP-box operations. In their second attack, they take a time-memory trade-off approach, reducing memory requirements for precomputation tables but increasing computing time for solving SP-box equations by the SAT solver. This attack requires 2^66.17 memory complexity and 2^96+ε time complexity, where ε is the time complexity for solving SP-box equations. Their experiments using the CryptoMiniSat SAT solver show that the maximum time complexity for ε is about 2^20.57 9-round GIMLI.

Paper 6 by S. Lim and D. G. Han examines a differential fault attack on the PIPO, a lightweight block cipher, which was proposed in ICISC 2020. The PIPO was designed for providing robust security strength while having less overhead when using the side-channel analysis countermeasure. A differential fault attack is a type of side-channel analysis that induces fault in cryptographic operations and utilises difference information that occurs. They proposed a single-bit flip-based differential fault attack on PIPO, where, through 64 fault ciphertexts, their proposed attack has a 98.9% probability of recovering the correct secret key of PIPO 64/128. They evaluated the proposed attack not only through simulations but also through electromagnetic fault injection.

All of the papers selected for this Special Issue show that further improvements of information security and cryptography are made in the topic areas of post-quantum cryptography and security analysis on block ciphers. Especially, various experimental results by authors will clearly show the reader how advanced their results are, compared to the current research works related to six selected papers. In the meanwhile, there are still many challenges in this field that require future research attentions, such as efficient construction of lattice-based cryptographic primitives, analysis on lattice-based reduction algorithms, and more realistic quantum attacks against post-quantum cryptographic primitives and their underlying complexity assumptions. We hope to see more advanced research results on these topics in the near future.