研究成果

書籍

  • Public-Key Cryptography – PKC 2022, Part I
    著者
    G. Hanaoka, J. Shikata, and Y. Watanabe
    出版社
    Springer
    発行年
    2022
    Introdcution

    The two-volume proceedings set LNCS 13177 and 13178 constitutes the proceedings of the 25th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2022, which took place virtually during March 7-11, 2022. The conference was originally planned to take place in Yokohama, Japan, but had to change to an online format due to the COVID-19 pandemic. The 40 papers included in these proceedings were carefully reviewed and selected from 137 submissions. They focus on all aspects of public-key cryptography, covering cryptanalysis; MPC and secret sharing; cryptographic protocols; tools; SNARKs and NIZKs; key exchange; theory; encryption; and signatures.

  • Public-Key Cryptography – PKC 2022, Part II
    著者
    G. Hanaoka, J. Shikata, and Y. Watanabe
    出版社
    Springer
    発行年
    2022
    Introdcution

    The two-volume proceedings set LNCS 13177 and 13178 constitutes the proceedings of the 25th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2022, which took place virtually during March 7-11, 2022. The conference was originally planned to take place in Yokohama, Japan, but had to change to an online format due to the COVID-19 pandemic. The 40 papers included in these proceedings were carefully reviewed and selected from 137 submissions. They focus on all aspects of public-key cryptography, covering cryptanalysis; MPC and secret sharing; cryptographic protocols; tools; SNARKs and NIZKs; key exchange; theory; encryption; and signatures.

  • Proceedings of the 5th ACM Asia Public-Key Cryptography Workshop (APKC 2018)
    著者
    K. Emura, J.H. Seo, and Y. Watanabe
    出版社
    ACM
    発行年
    2018
    Abstract

    It is our great pleasure to welcome you to The 5th ACM Asia Public-Key Cryptography Workshop - APKC'18, held on June 4, 2018, in conjunction with The 13th ACM Asia Conference on Computer and Communications Security (AsiaCCS'18). Public-key cryptography plays an essential role in ensuring many security properties required in data processing of various kinds. The theme of this workshop is novel public-key cryptosystems for solving a wide range of reallife application problems. This workshop solicits original contributions on both applied and theoretical aspects of public-key cryptography. We also solicit systematization of knowledge (SoK) papers, which should aim to evaluate, systematize, and contextualize existing knowledge. The call for papers attracted 20 submissions from Asia, America, and Europe. The program committee accepted 7 papers based on their overall quality and novelty (acceptance ratio: 35%). We hope these proceedings will serve as a valuable reference for researchers and practitioners in the field of public-key cryptography and its applications.

  • 数学ゲーム必勝法
    著者
    小林欣吾, 佐藤創 (監訳)
    出版社
    共立出版
    発行年
    2016
    原著   Elwyn R. Berlekamp, John H. Conway, Richard K. Guy, “Winning Ways for Your Mathematical Plays,” A K Peters/CRC Press, 2001.

    第 1 巻, 第 5 章の翻訳を担当 (岩本)
  • 情報理論 —基礎と広がり—
    著者
    山本 博資, 古賀 弘樹, 有村 光晴, 岩本貢 (訳)
    出版社
    共立出版
    発行年
    2012
    原著   T.M. Cover and J.A. Thomas: “The Elements of Information Theory, 2nd. ed.,” Wiley–InterScience, 2006.

    第4, 11, 16, 17章を担当 (岩本)
  • 電子情報通信学会 知識ベース
    著者
    岩本 貢
    出版社
    オーム社
    発行年
    2010
    第一群, 第一編 13.3 節「秘密分散」(分担執筆)

学術論文誌

  • Covert Vehicle Misguidance and Its Detection: A Hypothesis Testing Game over Continuous-Time Dynamics
    著者
    T. Tanaka, K. Sawada, Y. Watanabe, and M. Iwamoto
    雑誌名
    IEEE Control Systems Letters
    出版社
    IEEE
    発行年
    2024
    (To appear)
    Abstract

    We formulate a stochastic zero-sum game over continuous-time dynamics to analyze the competition between the attacker, who tries to covertly misguide the vehicle to an unsafe region, versus the detector, who tries to detect the attack signal based on the observed trajectory of the vehicle. Based on Girsanov’s theorem and the generalized Neyman-Pearson lemma, we show that a constant bias injection attack as the attacker’s strategy and a likelihood ratio test as the detector’s strategy constitute the unique saddle point of the game. We also derive the first-order and the second-order exponents of the type II error as a function of the data length.

  • Printing Protocol: Physical ZKPs for Decomposition Puzzles
    著者
    S. Ruangwises and M. Iwamoto
    雑誌名
    New Generation Computing
    42
    ページ
    331–343
    出版社
    Springer
    発行年
    2024
    Abstract

    Decomposition puzzles are pencil-and-paper logic puzzles that involve partitioning a rectangular grid into several regions to satisfy certain rules. In this paper, we construct a generic card-based protocol called printing protocol, which can be used to physically verify solutions of decompositon puzzles. We apply the printing protocol to develop card-based zero-knowledge proof protocols for two such puzzles: Five Cells and Meadows. These protocols allow a prover to physically show that he/she knows solutions of the puzzles without revealing them.

  • Card-based Protocols for Private Set Intersection and Union
    著者
    A. Doi, T. Ono, Y. Abe, T. Nakai, K. Shinagawa, Y. Watanabe, K. Nuida, and M. Iwamoto
    雑誌名
    New Generation Computing
    42
    ページ
    359–380
    出版社
    Springer
    発行年
    2024
    Abstract

    Card-based cryptography aims to realize secure multiparty computation with physical cards. This paper is the first to address Private Set Intersection (PSI) and Private Set Union (PSU) in card-based cryptography. PSI and PSU are well-studied secure computation protocols to compute the set intersection and the set union, respectively. We show two-party PSI and PSU protocols in each of the two operation models: one is the shuffle-based model in which parties perform all operations publicly, and the other is the private-permutation-based model that allows parties to perform some operations privately. In the shuffle-based model, we show PSI and PSU protocols can be realized with existing secure AND and OR protocols, respectively. However, these protocols have an issue of increasing the number of shuffles depending on the size of the universal set. To resolve the issue, we further propose PSI and PSU protocols with only one shuffle at the cost of increasing the number of cards. In the private-permutation-based model, we show PSI and PSU protocols can be achieved with existing secure AND and OR protocols, respectively, as in the shuffle-based protocols. These protocols have an advantage of requiring only one private permutation and one communication. We further show that the number of cards of these protocols can be reduced at the cost of increasing the number of private permutations and communications.

  • Card-based Cryptography with a Standard Deck of Cards, Revisited: Efficient Protocols in the Private Mode
    著者
    T. Nakai, K. Iwanari, T. Ono, Y. Abe, Y. Watanabe, and M. Iwamoto
    雑誌名
    New Generation Computing
    42
    ページ
    345–358
    出版社
    Springer
    発行年
    2024
    Abstract

    Card-based cryptography is a secure computation protocol realized by using physical cards. There are two models on card-based cryptography: public and private models. We adopt private one that allows players to handle cards privately. While much of the existing works for card-based cryptography use two-colored cards, it is also a vital task to construct an efficient protocol with playing cards. In the public model, 2n cards are necessary for any n-bit input protocol since at least two cards are required to express a Boolean value. It holds true for both two-colored and playing-card settings. On the other hand, the private model enables us to construct a protocol with fewer than 2n cards. However, all existing protocols that achieve such properties are only in the two-colored setting. This paper shows that the private model enables us to construct a protocol with fewer than 2n cards using the playing cards. We first show two-bit input protocols with fewer than four cards for logical operations, AND, OR, and XOR. Furthermore, we show a three-input majority voting protocol using only three cards, which is constructed by combining our AND and OR protocols. Notably, our proposed protocols require no randomness. All operations are deterministic and depend only on players' private inputs.

  • NP-Completeness and Physical Zero-Knowledge Proofs for Sumplete, a Puzzle Generated by ChatGPT
    著者
    K. Hatsugai, S. Ruangwises, K. Asano, and Y. Abe
    雑誌名
    New Generation Computing
    出版社
    Springer
    発行年
    2024
    Abstract

    Sumplete is a logic puzzle generated by ChatGPT in March 2023. The puzzle consists of a rectangular grid, with each cell containing an integer. Each row and column also has an integer called target value assigned to it. The objective of this puzzle is to cross out some numbers in the grid such that the sum of uncrossed numbers in each row and column is equal to the corresponding target value. In this paper, we prove that Sumplete is NP-complete. We also propose a physical zero-knowledge proof protocol for the puzzle using physical cards.

  • 時間ドロボー問題に対する健全性誤りのない物理的ゼロ知識証明
    著者
    初貝 恭祐, 安部 芳紀, 中井 雄士, 品川 和雅, 渡邉 洋平, 岩本 貢
    雑誌名
    電子情報通信学会 和文論文誌A
    J107-A
    11
    ページ
    102–113
    出版社
    電子情報通信学会
    発行年
    2024
    概要

    時間ドロボー問題とは,各面がn色のいずれかで塗られたn個のキューブが与えられ,それらを一列に積み上げて各側面にn色を揃えるパズルである.2013 年に上田と西村は時間ドロボー問題に対するカードを用いたゼロ知識証明プロトコルを提案した.このプロトコルは,時間ドロボー問題の解答(キューブの積み上げ方)を知る証明者が,解答を公開せずに解答が存在することを検証者に納得させるプロトコルである.しかし,彼らのプロトコルは,問題となるキューブが差し替えられてないことと解答が存在することをそれぞれ1/2の確率で検証するため,健全性誤りが1/2の確率で生じる問題がある.本研究では,上田と西村のプロトコルを改良し,健全性誤り確率0を実現するプロトコルを提案する.提案プロトコルでは,問題となるキューブが差し替えられてないことと解答が存在することの検証を同時に行うために2つの同時検証から生じる情報漏洩を防ぐため,キューブの構造を保持しつつカード列をランダム化する立方体シャッフルを新たに導入する.

  • Information-Theoretic Perspectives for Simulation-Based Security in Multi-Party Computation
    著者
    M. Iwamoto
    雑誌名
    IEICE Transactions on Fundamentals
    E107-A
    3
    ページ
    360–372
    出版社
    IEICE
    発行年
    2024
    Abstract

    Information-theoretic security and computational security are fundamental paradigms of security in the theory of cryptography. The two paradigms interact with each other but have shown different progress, which motivates us to explore the intersection between them. In this paper, we focus on Multi-Party Computation (MPC) because the security of MPC is formulated by simulation-based security, which originates from computational security, even if it requires information-theoretic security. We provide several equivalent formalizations of the security of MPC under a semi-honest model from the viewpoints of information theory and statistics. The interpretations of these variants are so natural that they support the other aspects of simulation-based security. Specifically, the variants based on conditional mutual information and sufficient statistics are interesting because security proofs for those variants can be given by information measures and factorization theorem, respectively. To exemplify this, we show several security proofs of BGW (Ben-Or, Goldwasser, Wigderson) protocols, which are basically proved by constructing a simulator.

  • More Efficient Adaptively Secure Lattice-based IBE with Equality Test in the Standard Model
    著者
    K. Asano, K. Emura, and A. Takayasu
    雑誌名
    IEICE Transactions on Fundamentals
    E107-A
    3
    ページ
    248–259
    出版社
    IEICE
    発行年
    2024
    Abstract

    Identity-based encryption with equality test (IBEET) is a variant of identity-based encryption (IBE), in which any user with trapdoors can check whether two ciphertexts are encryption of the same plaintext. Although several lattice-based IBEET schemes have been proposed, they have drawbacks in either security or efficiency. Specifically, most IBEET schemes only satisfy selective security, while public keys of adaptively secure schemes in the standard model consist of matrices whose numbers are linear in the security parameter. In other words, known lattice-based IBEET schemes perform poorly compared to the state-of-the-art lattice-based IBE schemes (without equality test). In this paper, we propose a semi-generic construction of CCA-secure lattice-based IBEET from a certain class of lattice-based IBE schemes. As a result, we obtain the first lattice-based IBEET schemes with adaptive security and CCA security in the standard model without sacrificing efficiency. This is because, our semi-generic construction can use several state-of-the-art lattice-based IBE schemes as underlying schemes, e.g. Yamada's IBE scheme (CRYPTO'17).

  • Designated Verifier Signature with Claimability
    著者
    K. Yamahista, K. Hara, Y. Watanabe, N. Yanai, and J. Shikata
    雑誌名
    IEICE Transactions on Fundamentals
    E107-A
    3
    ページ
    203–217
    出版社
    IEICE
    発行年
    2024
    Abstract

    This paper considers the problem of balancing traceability and anonymity in designated verifier signatures (DVS), which are a kind of group-oriented signatures. That is, we propose claimable designated verifier signatures (CDVS), where a signer is able to claim that he/she indeed created a signature later. Ordinal DVS does not provide any traceability, which could indicate too strong anonymity. Thus, adding claimability, which can be seen as a sort of traceability, moderates anonymity. We demonstrate two generic constructions of CDVS from (i) ring signatures, (non-ring) signatures, pseudorandom function, and commitment scheme, and (ii) claimable ring signatures (by Park and Sealfon, CRYPTO'19).

  • Anonymous Broadcast Authentication with One-to-Many Transmission to Control IoT Devices
    著者
    K. Minematsu, J. Shikata, Y. Watanabe, and N. Yanai
    雑誌名
    IEEE Access
    11
    ページ
    62955–62969
    出版社
    IEEE
    発行年
    2023
    Abstract

    We consider a basic system to securely and remotely control many IoT devices. Specifically, we require that: (1) a system manager broadcasts information to IoT devices, e.g., wireless environment, only the designated devices can identify operations sent from the manager; (2) each IoT device can detect (malicious) manipulation of the broadcast information and hence prevents maliciously generated operations from being executed. In this paper, we introduce anonymous broadcast authentication (ABA) as a core cryptographic primitive of the basic remote-control system. Specifically, we formally define the syntax and security notions for ABA so that it achieves the above requirements. We then show provably-secure ABA constructions and their implementations to provide their practical performance. Our promising results show that the ABA constructions can remotely control devices over a typical wireless network within a second.

  • Tight Lower Bounds and Optimal Constructions of Anonymous Broadcast Encryption and Authentication
    著者
    H. Kobayashi, Y. Watanabe, K. Minematsu, and J. Shikata
    雑誌名
    Designs, Codes and Cryptography
    91
    ページ
    2523–2562
    出版社
    Springer
    発行年
    2023
    Abstract

    Broadcast Encryption (BE) is public-key encryption allowing a sender to encrypt a message by specifying recipients, and only the specified recipients can decrypt the message. In several BE applications, since the privacy of recipients allowed to access the message is often as important as the confidentiality of the message, anonymity is introduced as an additional but important security requirement for BE. Kiayias and Samari (IH 2013) presented an asymptotic lower bound on the ciphertext sizes in BE schemes satisfying anonymity (ANO-BE for short). More precisely, their lower bound is derived under the assumption that ANO-BE schemes have a special property. However, it is insufficient to show their lower bound is asymptotically tight since it is unclear whether existing ANO-BE schemes meet the special property. In this work, we derive asymptotically tight lower bounds on the ciphertext size in ANO-BE by assuming only properties that most existing ANO-BE schemes satisfy. With a similar technique, we first derive asymptotically tight lower bounds on the authenticator sizes in Anonymous Broadcast Authentication (ABA). Furthermore, we extend the above result and present (non-asymptotically) tight lower and upper bounds on the ciphertext sizes in ANO-BE. We show that a variant of ANO-BE scheme proposed by Li and Gong (ACNS 2018) is optimal. We also provide tight bounds on the authenticator sizes in ABA via the same approach as ANO-BE, and propose an optimal construction for ABA.

  • A Computationally Efficient Card-Based Majority Voting Protocol with Fewer Cards in the Private Model
    著者
    Y. Abe, T. Nakai, Y. Watanabe, M. Iwamoto, and K. Ohta
    雑誌名
    IEICE Transactions on Fundamentals
    E106-A
    3
    ページ
    315–324
    出版社
    IEICE
    発行年
    2023
    Abstract

    Card-based cryptography realizes secure multiparty computation using physical cards. In 2018, Watanabe et al. proposed a card-based three-input majority voting protocol using three cards. In a card-based cryptographic protocol with n-bit inputs, it is known that a protocol using shuffles requires at least 2n cards. In contrast, as Watanabe et al.'s protocol, a protocol using private permutations can be constructed with fewer cards than the lower bounds above. Moreover, an n-input protocol using private permutations would not even require n cards in principle since a private permutation depending on an input can represent the input without using additional cards. However, there are only a few protocols with fewer than n cards. Recently, Abe et al. extended Watanabe et al.'s protocol and proposed an n-input majority voting protocol with n cards and n + \floor{n/2} + 1 private permutations. This paper proposes an n-input majority voting protocol with \ceil{n/2}+1 cards and 2n-1 private permutations, which is also obtained by extending Watanabe et al.'s protocol. Compared with Abe et al.'s protocol, although the number of private permutations increases by about n/2, the number of cards is reduced by about n/2. In addition, unlike Abe et al.'s protocol, our protocol includes Watanabe et al.'s protocol as a special case where n=3.

  • Multi-Designated Receiver Authentication Codes: Models and Constructions
    著者
    Y. Watanabe, T. Seito, and J. Shikata
    雑誌名
    IEICE Transactions on Fundamentals
    E106-A
    3
    ページ
    394–405
    出版社
    IEICE
    発行年
    2023
    Abstract

    An authentication code (A-code) is a two-party message authentication code in the information-theoretic security setting. One of the variants of A-codes is a multi-receiver authentication code (MRA-code), where there are a single sender and multiple receivers and the sender can create a single authenticator so that all receivers accepts it unless it is maliciously modified. In this paper, we introduce a multi-designated receiver authentication code (MDRA-code) with information-theoretic security as an extension of MRA-codes. The purpose of MDRA-codes is to securely transmit a message via a broadcast channel from a single sender to an arbitrary subset of multiple receivers that have been designated by the sender, and only the receivers in the subset (i.e., not all receivers) should accept the message if an adversary is absent. This paper proposes a model and security formalization of MDRA-codes, and provides constructions of MDRA-codes.

  • How to Make a Secure Index for Searchable Symmetric Encryption, Revisited
    著者
    Y. Watanabe, T. Nakai, K. Ohara, T. Nojima, Y. Liu, M. Iwamoto, and K. Ohta
    雑誌名
    IEICE Transactions on Fundamentals
    E105-A
    12
    ページ
    1559–1579
    出版社
    IEICE
    発行年
    2022
    Abstract

    Searchable symmetric encryption (SSE) enables clients to search encrypted data. Curtmola et al. (ACM CCS 2006) formalized a model and security notions of SSE and proposed two concrete constructions called SSE-1 and SSE-2. After the seminal work by Curtmola et al., SSE becomes an active area of encrypted search. In this paper, we focus on two unnoticed problems in the seminal paper by Curtmola et al. First, we show that SSE-2 does not appropriately implement Curtmola et al.'s construction idea for dummy addition. We refine SSE-2's (and its variants') dummy-adding procedure to keep the number of dummies sufficiently many but as small as possible. We then show how to extend it to the dynamic setting while keeping the dummy-adding procedure work well and implement our scheme to show its practical efficiency. Second, we point out that the SSE-1 can cause a search error when a searched keyword is not contained in any document file stored at a server and show how to fix it.

  • Efficient Card-Based Majority Voting Protocols
    著者
    Y. Abe, T. Nakai, Y. Kuroki, S. Suzuki, Y. Koga, Y. Watanabe, M. Iwamoto, and K. Ohta
    雑誌名
    New Generation Computing
    40
    ページ
    173–198
    出版社
    Springer
    発行年
    2022
    Open Access
    Abstract

    Card-based cryptography is a variety of secure multiparty computation (MPC). Recently, a new technique called private operations was introduced because the protocol can be implemented with fewer cards than that by using the conventional technique called the shuffle. For example, Nakai et al. showed that if the private operations are available, secure computations of AND and OR operations for two inputs can be realized simultaneously by using four cards, and the protocol is applied to a four-card majority voting protocol with three inputs. This paper shows that only three cards are sufficient to construct a majority voting protocol with three inputs. Specifically, we propose two constructions of three-input majority voting protocols. One is a protocol assuming that players can announce their output, and the other is not allowed. Compared to Nakai et al.'s protocol, the protocol with the announcement is realized without any additional private operations and communications. On the other hand, the second construction requires two more private operations and communications because it removes the assumption on the announcement from the first construction. More importantly, the idea of the second protocol can be extended to an n-input majority voting protocol with n cards, which is the main result of this paper.

  • Secure Computation for Threshold Functions with Physical Cards: Power of Private Permutations
    著者
    T. Nakai, S. Shirouchi, Y. Tokushige, M. Iwamoto, and K. Ohta
    雑誌名
    New Generation Computing
    40
    95–113
    出版社
    Ohmsha and Springer
    発行年
    2022
    Open Access
    Abstract

    Card-based cryptography is a variant of multi-party computation by using physical cards like playing cards. There are two models on card-based cryptography, called public and private models. The public model assumes that all operations are executed publicly, while the private model allows the players private operations called private permutations (PP, for short). Much of the existing card-based protocols were developed under the public model. Under the public model, 2n cards are necessary for every protocol with n-bit input since at least two cards are required to express a bit. In this paper, we propose n-bit input protocols with fewer than 2n cards by utilizing PP, which shows the power of PP. In particular, we show that a protocol for (n-bit input) threshold function can be realized with only n+1 cards by reducing the threshold function to the majority voting. Toward this end, we first offer that two-bit input protocols for logic gates can be realized with fewer than four cards. Furthermore, we construct a new protocol for three-input majority voting with only four cards by observing the relationship between AND/OR operations. This protocol can be easily extended to more participants, and to the protocol for threshold functions.

  • Identity-Based Encryption with Security against the KGC: A Formal Model and Its Instantiations
    著者
    K. Emura, S. Katsumata, and Y. Watanabe
    雑誌名
    Theoretical Computer Science
    900
    ページ
    97–119
    出版社
    Elsevier
    発行年
    2022
    Abstract

    The key escrow problem is one of the main barriers to the widespread real-world use of identity-based encryption (IBE). Specifically, a key generation center (KGC), which generates secret keys for a given identity, has the power to decrypt all ciphertexts. At PKC 2009, Chow defined a notion of security against the KGC, that relies on assuming that it cannot discover the underlying identities behind ciphertexts. However, this is not a realistic assumption since, in practice, the KGC manages an identity list, and hence it can easily guess the identities corresponding to given ciphertexts. Chow later amended this issue by introducing a new entity called an identity-certifying authority (ICA) and proposed an anonymous key-issuing protocol. Essentially, this allows the users, KGC, and ICA to interactively generate secret keys without users ever having to reveal their identities to the KGC. Unfortunately, since Chow separately defined the security of IBE and that of the anonymous key-issuing protocol, his IBE definition did not provide any formal treatment when the ICA is used to authenticate the users. Effectively, all of the subsequent works following Chow lack the formal proofs needed to determine whether or not it delivers a secure solution to the key escrow problem. In this paper, based on Chow's work, we formally define an IBE scheme that resolves the key escrow problem and provide formal definitions of security against corrupted users, KGC, and ICA. Along the way, we observe that if we are allowed to assume a fully trusted ICA, as in Chow's work, then we can construct a trivial (and meaningless) IBE scheme that is secure against the KGC. Finally, we present two instantiations in our new security model: a lattice-based construction based on the Gentry-Peikert-Vaikuntanathan IBE scheme (STOC 2008) and Rückert's lattice-based blind signature scheme (ASIACRYPT 2010), and a pairing-based construction based on the Boneh-Franklin IBE scheme (CRYPTO 2001) and Boldyreva's blind signature scheme (PKC 2003).

  • Efficient Identity-Based Encryption with Hierarchical Key-Insulation from HIBE
    著者
    K. Emura, A. Takayasu, and Y. Watanabe
    雑誌名
    Designs, Codes and Cryptography
    89
    10
    ページ
    2397–2431
    出版社
    Springer
    発行年
    2021
    Abstract

    Hierarchical key-insulated identity-based encryption (HKIBE) is identity-based encryption (IBE) that allows users to update their secret keys to achieve (hierarchical) key-exposure resilience, which is an important notion in practice. However, existing HKIBE constructions have limitations in efficiency: sizes of ciphertexts and secret keys depend on the hierarchical depth. In this paper, we first triumph over the barrier by proposing simple but effective design methodologies to construct efficient HKIBE schemes. First, we show a generic construction from any hierarchical IBE (HIBE) scheme that satisfies a special requirement, called MSK evaluatability introduced by Emura et al. (ePrint, 2020). It provides several new and efficient instantiations since most pairing-based HIBE schemes satisfy the requirement. It is worth noting that it preserves all parameters' sizes of the underlying HIBE scheme, and hence we obtain several efficient HKIBE schemes under the k-linear assumption in the standard model. Since MSK evaluatability is dedicated to pairing-based HIBE schemes, the first construction restricts pairing-based instantiations. To realize efficient instantiation from various assumptions, we next propose a generic construction of an HKIBE scheme from any plain HIBE scheme. It is based on Hanaoka et al.'s HKIBE scheme (Asiacrypt 2005), and does not need any special properties. Therefore, we obtain new efficient instantiations from various assumptions other than pairing-oriented ones. Though the sizes of secret keys and ciphertexts are larger than those of the first construction, it is more efficient than Hanaoka et al.'s scheme in the sense of the sizes of master public/secret keys.

  • Adaptively Secure Revocable Hierarchical IBE from k-linear Assumption
    著者
    K. Emura, A. Takayasu, and Y. Watanabe
    雑誌名
    Designs, Codes and Cryptography
    89
    7
    ページ
    1535–1574
    出版社
    Springer
    発行年
    2021
    Abstract

    Revocable identity-based encryption (RIBE) is an extension of IBE with an efficient key revocation mechanism. Revocable hierarchical IBE (RHIBE) is its further extension with key delegation functionality. Although there are various adaptively secure pairing-based RIBE schemes, all known hierarchical analogs only satisfy selective security. In addition, the currently known most efficient adaptively secure RIBE and selectively secure RHIBE schemes rely on non-standard assumptions, which are referred to as the augmented DDH assumption and q-type assumptions, respectively. In this paper, we propose a simple but effective design methodology for RHIBE schemes. We provide a generic design framework for RHIBE based on an HIBE scheme with a few properties. Fortunately, several state-of-the-art pairing-based HIBE schemes have the properties. In addition, our construction preserves the sizes of master public keys, ciphertexts, and decryption keys, as well as the complexity assumptions of the underlying HIBE scheme. Thus, we obtain the first RHIBE schemes with adaptive security under the standard k-linear assumption. We prove adaptive security by developing a new proof technique for RHIBE. Due to the compactness-preserving construction, the proposed R(H)IBE schemes have similar efficiencies to the most efficient existing schemes.

  • Efficient Revocable Identity-Based Encryption with Short Public Parameters
    著者
    K. Emura, J.H. Seo, and Y. Watanabe
    雑誌名
    Theoretical Computer Science
    863
    ページ
    127–155
    出版社
    Elsevier
    発行年
    2021
    Abstract

    Revocation functionality is vital to real-world cryptographic systems for managing their reliability. In the context of identity-based encryption (IBE), Boldyreva, Goyal, and Kumar (ACM CCS 2008) first showed an efficient revocation method for IBE, and such an IBE scheme with the scalable revocation method is called revocable IBE (RIBE). Seo and Emura (PKC 2013) introduced a new security notion, called decryption key exposure resistance (DKER), which is a desirable security notion for RIBE. However, all existing RIBE schemes that achieve adaptive security with DKER require long public parameters or composite-order bilinear groups. In this paper, we first show an RIBE scheme that (1) satisfies adaptive security; (2) achieves DKER; (3) realizes constant-size public parameters; and (4) is constructed over prime-order bilinear groups. Our core technique relies on Seo and Emura's one (PKC 2013), which transform the Waters IBE (EUROCRYPT 2005) to the corresponding RIBE scheme. Specifically, we construct an IBE scheme that satisfies constant-size public parameters over prime-order groups and some requirements for the Seo-Emura technique, and then transform the IBE scheme to an RIBE scheme. We also discuss how to extend the proposed RIBE scheme to a chosen-ciphertext secure one and server-aided one (ESORICS 2015).

  • A single shuffle is enough for secure card-based computation of any Boolean circuit
    著者
    K. Shinagawa and K. Nuida
    雑誌名
    Discrete Applied Mathematics
    289
    ページ
    248–261
    出版社
    Elsevier
    発行年
    2021
    Abstract

    Secure computation enables a number of players each holding a secret input value to compute a function of the inputs without revealing the inputs. It is known that secure computation is possible physically when the inputs are given as a sequence of physical cards. This research area is called card-based cryptography. One of the important problems in card-based cryptography is to minimize the number of cards and shuffles, where a shuffle is the most important (and somewhat heavy) operation in card-based protocols. In this paper, we determine the minimum number of shuffles for achieving general secure computation. Somewhat surprisingly, the answer is just one, i.e., we design a protocol which securely computes any Boolean circuit with only a single shuffle. The number of cards required for our protocol is proportional to the size of the circuit to be computed.

  • Revocable Identity-based Encryption with Bounded Decryption Key Exposure Resistance: Lattice-based Construction and More
    著者
    A. Takayasu and Y. Watanabe
    雑誌名
    Theoretical Computer Science
    849
    ページ
    64–98
    出版社
    Elsevier
    発行年
    2021
    Abstract

    In general, identity-based encryption (IBE) does not support an efficient revocation procedure. In ACM CCS’08, Boldyreva et al. proposed revocable identity-based encryption (RIBE), which enables us to efficiently revoke (malicious) users in IBE. In PKC 2013, Seo and Emura introduced an additional security notion for RIBE, called decryption key exposure resistance (DKER). Roughly speaking, RIBE with DKER guarantees that the security is not compromised even if an adversary gets (a number of) short-term decryption keys. Therefore, DKER captures realistic scenarios and is an important notion. In this paper, we introduce bounded decryption key exposure resistance (B-DKER), where an adversary is allowed to get a-priori bounded number of short-term decryption keys in the security game. B-DKER is a weak version of DKER, but it seems to be sufficient for practical use. We obtain the following results:
    - We propose a lattice-based (anonymous) RIBE scheme with B-DKER, which is the first lattice-based construction resilient to decryption key exposure. Our lattice-based construction is secure under the learning with errors assumption. A previous lattice-based construction satisfies anonymity but is vulnerable even with a single decryption key exposure.
    - We propose the first pairing-based RIBE scheme that simultaneously realizes anonymity and B-DKER. Our pairing-based construction is adaptively secure under the symmetric external Diffie-Hellman assumption.
    Our two constructions rely on cover free families to satisfy B-DKER, whereas all the existing works rely on the key re-randomization property to achieve DKER.

  • Card-based Cryptography with Dihedral Symmetry
    著者
    K. Shinagawa
    雑誌名
    New Generation Computing
    39
    ページ
    41–71
    出版社
    Springer
    発行年
    2021
    Open Access
    Abstract

    It is known that secure computation can be done by using a deck of physical cards. This area is called card-based cryptography. Shinagawa et al. (ProvSec 2015) proposed regular n-sided polygon cards that enable to compute functions over Z/nZ. In particular, they designed efficient protocols for linear functions (e.g. addition and constant multiplication) over Z/nZ. Here, efficiency is measured by the number of cards used in the protocol. In this paper, we propose a new type of cards, dihedral cards, as a natural generalization of regular polygon cards. Based on them, we construct efficient protocols for various interesting functions such as carry of addition, equality, and greater-than, whose efficient construction has not been known before. Beside this, we introduce a new protocol framework that captures a wide class of card types including binary cards, regular polygon cards, dihedral cards, and so on.

  • How to Solve Millionaires’ Problem with Two Kinds of Cards
    著者
    T. Nakai, Y. Misawa, Y. Tokushige, M. Iwamoto, and K. Ohta
    雑誌名
    New Generation Computing
    39
    ページ
    73–96
    出版社
    Springer
    発行年
    2021
    Open Access
    Abstract

    Card-based cryptography, introduced by den Boer aims to realize multiparty computation (MPC) by using physical cards. We propose several efficient card-based protocols for the millionaires’ problem by introducing a new operation called Private Permutation (PP) instead of the shuffle used in most of existing card-based cryptography. Shuffle is a useful randomization technique by exploiting the property of card shuffling, but it requires a strong assumption from the viewpoint of arithmetic MPC because shuffle assumes that public randomization is possible. On the other hand, private randomness can be used in PPs, which enables us to design card-based protocols taking ideas of arithmetic MPCs into account. Actually, we show that Yao’s millionaires’ protocol can be easily transformed into a card-based protocol by using PPs, which is not straightforward by using shuffles because Yao’s protocol uses private randomness. Furthermore, we propose entirely novel and efficient card-based millionaire protocols based on PPs by securely updating bitwise comparisons between two numbers, which unveil a power of PPs. As another interest of these protocols, we point out they have a deep connection to the well-known logical puzzle known as “The fork in the road.”

  • An IC-level Countermeasure against Laser Fault Injection Attack by Information Leakage Sensing Based on Laser-Induced Opto-Electric Bulk Current Density
    著者
    K. Matsuda, S. Tada, M. Nagata, Y. Komano, Y. Li, T. Sugawara, M. Iwamoto, K. Ohta, K. Sakiyama, and N. Miura
    雑誌名
    Japanese Journal of Applied Physics
    59
    SG
    ページ
    SGGL02
    出版社
    IOPscience
    発行年
    2020
    Abstract

    Laser fault injection (LFI) attacks on cryptographic processor ICs are a critical threat to information systems. This paper proposes an IC-level integrated countermeasure employing an information leakage sensor against an LFI attack. Distributed bulk current sensors monitor abnormal bulk current density caused by laser irradiation for LFI. Time-interleaved sensor operation and sensitivity tuning can obtain partial secret key leakage bit information with small layout area penalty. Based on the leakage information, the secret key can be securely updated to realize high-availability resilient systems. The test chip was designed and fabricated in a 0.18 μm standard CMOS, integrating a 128-bit advanced encryption standard cryptographic processor with the proposed information leakage sensor. This evaluation successfully demonstrated bulk current density and leakage bit monitoring.

  • Key-Updatable Public-Key Encryption with Keyword Search (Or: How to Realize PEKS with Efficient Key Updates for IoT Environments)
    著者
    H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe
    雑誌名
    International Journal of Information Security
    19
    ページ
    15–38
    出版社
    Springer
    発行年
    2020
    Abstract

    Security and privacy are the key issues for the Internet of Things (IoT) systems. Especially, secure search is an important functionality for cooperation among users’ devices and non-trusted servers. Public-key encryption with keyword search (PEKS) enables us to search encrypted data and is expected to be used between a cloud server and users’ mobile devices or IoT devices. However, those mobile devices might be lost or stolen. For IoT devices, it might be difficult to store keys in a tamper-proof manner due to prohibitive costs. In this paper, we deal with such a key-exposure problem on PEKS and introduce the concept of PEKS with key-updating functionality, which we call key-updatable PEKS (KU-PEKS). Specifically, we propose two models of KU-PEKS: the key-evolution model and the key-insulation model. In the key-evolution model, a pair of public and secret keys can be updated if needed (e.g., the secret key is exposed). In the key-insulation model, the public key remains fixed while the secret key can be updated if needed. The former model makes a construction simple and more efficient than the latter. On the other hand, the latter model is preferable for practical use since a user never updates their public key. We show constructions in each model in a black-box manner. We also give implementation results on Raspberry Pi 3, which can be regarded as a reasonable platform of IoT devices.

  • Multi-Party Computation for Modular Exponentiation Based on Replicated Secret Sharing
    著者
    K. Ohara, Y. Watanabe, M. Iwamoto, and K. Ohta
    雑誌名
    IEICE Transactions on Fundamentals
    102-A
    9
    ページ
    1079–1090
    出版社
    IEICE
    発行年
    2019
    Abstract

    In recent years, multi-party computation (MPC) frameworks based on replicated secret sharing schemes (RSSS) have attracted the attention as a method to achieve high efficiency among known MPCs. However, the RSSS-based MPCs are still inefficient for several heavy computations like algebraic operations, as they require a large amount and number of communication proportional to the number of multiplications in the operations (which is not the case with other secret sharing-based MPCs). In this paper, we propose RSSS-based three-party computation protocols for modular exponentiation, which is one of the most popular algebraic operations, on the case where the base is public and the exponent is private. Our proposed schemes are simple and efficient in both of the asymptotic and practical sense. On the asymptotic efficiency, the proposed schemes require O(n)-bit communication and O(1) rounds,where n is the secret-value size, in the best setting, whereas the previous scheme requires O(n2)-bit communication and O(n) rounds. On the practical efficiency, we show the performance of our protocol by experiments on the scenario for distributed signatures, which is useful for secure key management on the distributed environment (e.g., distributed ledgers). As one of the cases, our implementation performs a modular exponentiation on a 3,072-bit discrete-log group and 256-bit exponent with roughly 300ms, which is an acceptable parameter for 128-bit security, even in the WAN setting.

  • Shortening the Libert–Peters–Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology
    著者
    K. Ohara, K. Emura, G. Hanaoka, A. Ishida, K. Ohta, and Y. Sakai
    雑誌名
    IEICE Transactions on Fundamentals
    E102-A
    9
    ページ
    1101–1117
    出版社
    IEICE
    発行年
    2019
    Abstract

    At EUROCRYPT 2012, Libert, Peters and Yung (LPY) proposed the first scalable revocable group signature (R-GS) scheme in the standard model which achieves constant signing/verification costs and other costs regarding signers are at most logarithmic in N, where N is the maximum number of group members. However, although the LPY R-GS scheme is asymptotically quite efficient, this scheme is not sufficiently efficient in practice. For example, the signature size of the LPY scheme is roughly 10 times larger than that of an RSA signature (for 160-bit security). In this paper, we propose a compact R-GS scheme secure in the random oracle model that is efficient not only in the asymptotic sense but also in practical parameter settings. We achieve the same efficiency as the LPY scheme in an asymptotic sense, and the signature size is nearly equal to that of an RSA signature (for 160-bit security). It is particularly worth noting that our R-GS scheme has the smallest signature size compared to those of previous R-GS schemes which enable constant signing/verification costs. Our technique, which we call parallel Boneh-Boyen-Shacham group signature technique, helps to construct an R-GS scheme without following the technique used in LPY, i.e., we directly apply the Naor-Naor-Lotspiech framework without using any identity-based encryption.

  • Identity-based Encryption with Hierarchical Key-Insulation in the Standard Model
    著者
    J. Shikata and Y. Watanabe
    雑誌名
    Designs, Codes and Cryptography
    87
    5
    ページ
    1005–1033
    出版社
    Springer
    発行年
    2019
    Abstract

    A key exposure problem is unavoidable since it seems human error can never be eliminated completely, and key-insulated encryption is one of the cryptographic solutions to the problem. At Asiacrypt’05, Hanaoka et al. introduced hierarchical key-insulation functionality, which is attractive functionality that enhances key exposure resistance, and proposed an identity-based hierarchical key-insulated encryption (hierarchical IKE) scheme in the random oracle model. In this paper, we first propose the hierarchical IKE scheme in the standard model (i.e., without random oracles). Our hierarchical IKE scheme is secure under the symmetric external Diffie–Hellman (SXDH) assumption, which is a static assumption. Particularly, in the non-hierarchical case, our construction is the first IKE scheme that achieves constant-size parameters including public parameters, secret keys, and ciphertexts. Furthermore, we also propose the first public-key-based key-insulated encryption (PK-KIE) in the hierarchical setting by using our technique.

  • Single-Round Pattern Matching Key Generation Using Physically Unclonable Function
    著者
    Y. Komano, K. Ohta, K. Sakiyama, M. Iwamoto, and I. Verbauwhede
    雑誌名
    Security and Communication Networks
    2019
    ページ
    13 pages
    出版社
    Hindawi
    発行年
    2019
    Article ID   1719585
    Abstract

    Paral and Devadas introduced a simple key generation scheme with a physically unclonable function (PUF) that requires no error correction, e.g., by using a fuzzy extractor. Their scheme, called a pattern matching key generation (PMKG) scheme, is based on pattern matching between auxiliary data, assigned at the enrollment in advance, and a substring of PUF output, to reconstruct a key. The PMKG scheme repeats a round operation, including the pattern matching, to derive a key with high entropy. Later, to enhance the efficiency and security, a circular PMKG (C-PMKG) scheme was proposed. However, multiple round operations in these schemes make them impractical. In this paper, we propose a single-round circular PMKG (SC-PMKG) scheme. Unlike the previous schemes, our scheme invokes the PUF only once. Hence, there is no fear of information leakage by invoking the PUF with the (partially) same input multiple times in different rounds, and, therefore, the security consideration can be simplified. Moreover, we introduce another hash function to generate a check string which ensures the correctness of the key reconstruction. The string enables us not only to defeat manipulation attacks but also to prove the security theoretically. In addition to its simple construction, the SC-PMKG scheme can use a weak PUF like the SRAM-PUF as a building block if our system is properly implemented so that the PUF is directly inaccessible from the outside, and, therefore, it is suitable for tiny devices in the IoT systems. We discuss its security and show its feasibility by simulations and experiments.

  • A Proactive Secret Image Sharing Scheme with Resistance to Machine Learning Based Steganalysis
    著者
    A. Espejel-Trujillo, M. Iwamoto, and M. Nakano-Miyatake
    雑誌名
    Multimedia Tools And Applications
    77
    12
    ページ
    15161–15179
    出版社
    Springer
    発行年
    2018
    Abstract

    In secret image sharing (SIS) schemes, a secret image is shared among a set of n images called stego-images. Each stego-image is preserved by a participant. In the recovery stage, at least k out of n stego-images are required to obtain the secret image, while k−1 cannot reveal the secret in the sense of perfect secrecy. Hence, SIS guarantees long-term security. However, as the longer the stego-images remain stored, the higher is the probability of being vulnerable against steganalysis. To resolve this issue, this paper proposes the use of proactive secret sharing in an SIS scheme (P-SIS). P-SIS allows the stego-images to be renewed frequently while these are stored, without changing both cover and secret images. However, direct implementation of a proactive SIS requires more embedding rate (ER), causing high steganalysis accuracy detection and loss of quality in the stego-images. Our proposal addresses this issue and presents the combination of a (k, L, n)-threshold ramp secret sharing scheme and least significant bit matching (LSBM) steganography to reduce the steganalysis accuracy detection. The results of the evaluation show effectiveness of the proposal in terms of good quality of the stego-images, accurate recovery of the secret, and reduce the ER. Note that, despite the extensive research of SIS presented until now, only a few previous work is found on steganalysis in SIS. Not only constructing P-SIS scheme, but we also experimented the tolerance of the proposed P-SIS scheme against stganalysis in this paper. As a result, it is shown that the proposed scheme can withstand steganalysis based on machine learning (i.e., based on subtractive pixel adjacency matrix, SPAM).

  • Implementation and Analysis of Fully Homomorphic Encryption in Resource-Constrained Devices
    著者
    A. Prasitsupparote, Y. Watanabe, J. Sakamoto, J. Shikata, and T. Matsumoto
    雑誌名
    International Journal of Digital Information and Wireless Communications (IJDIWC)
    8
    4
    ページ
    288–303
    出版社
    SDIWC Library
    発行年
    2018
    Abstract

    Currently, resource-constrained devices, which are known as one of the Internet of things (IoT) devices, have been widely used for healthcare systems. Most healthcare systems store users’ health data, which is encrypted by ordinary symmetric-key encryption and/or public-key encryption schemes, in a (cloud) server. However, the encrypted data needs to be decrypted for data analysis, and it means that sensitive information would be leaked to the server. One promising solution is to use fully homomorphic encryption (FHE), which enables ones to perform any computation among encrypted data while keeping it encrypted, though FHE generally requires high computational and communication costs in the theoretical sense.
    In this paper, we investigate practical feasibility of FHE in resource-constrained devices for healthcare systems. First, we define a privacy-preserving protocol for healthcare systems, and implement it on PC and Raspberry Pi by using a network simulator to measure its communication overhead, computational cost, and energy consumption over wireless body area network (WBAN). For this implementation, we suppose PC and Raspberry Pi as a cloud server and a resource-constrained device such as a smartphone or a wearable device, respectively. We use two FHE libraries, HElib and SEAL, for the implementation. Our result shows that the protocol with SEAL is better than that with HElib in terms of the communication overhead and energy consumption in transmission. On the other hand, HElib is better than SEAL regarding the running time, while SEAL can perform more homomorphic operations than HElib for the almost same plaintext size. Furthermore, the energy to execute each algorithm in the libraries is very small compared to the energy required in transmission. SEAL produces smaller sizes of ciphertexts than HElib, and therefore consumes few energy consumptions. As a result, we observe that both HElib and SEAL would be used on restricted resource devices, and in particular, SEAL would be more suitable for practical use in resource-constrained devices from our analysis.

  • Timed-Release Computational Secret Sharing and Threshold Encryption
    著者
    Y. Watanabe and J. Shikata
    雑誌名
    Designs, Codes and Cryptography
    86
    1
    ページ
    17–54
    出版社
    Springer
    発行年
    2018
    Abstract

    In modern cryptography, a secret sharing scheme is an important cryptographic primitive. In particular, Krawczyk proposed a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme. In this paper, we focus on a CSS scheme with timed-release functionality, which we call a timed-release computational secret sharing (TR-CSS) scheme. In TR-CSS, participants more than or equal to a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Our main purpose is to realize a TR-CSS scheme in a generic and efficient way in terms of the share size. Specifically, we first introduce a model and formalization of security of TR-CSS. In addition, we propose two kinds of constructions of TR-CSS: the first one is a simple and generic construction starting from an identity-based key encapsulation mechanism (IB-KEM); the second one, which is a more efficient construction than the first one, is built using a specific IB-KEM as the underlying IB-KEM. As a result, we can regard TR-CSS as a natural extension of Krawczyk’s CSS in terms of both a model and constructions, and we finally succeed to add timed-release functionality to Krawczyk’s CSS with small overhead, which is almost optimal. Moreover, our proposal of TR-CSS is important for constructing threshold encryption and multiple encryption with timed-release functionality in a generic and efficient way. Dodis and Katz showed (i) a simple and generic construction of threshold encryption from multiple encryption; and (ii) a simple, elegant and generic construction of multiple encryption. By using TR-CSS, we can effectively apply the Dodis–Katz paradigm even in the context of timed-release security.

  • Security Formalizations and Their Relationships for Encryption and Key Agreement in Information-Theoretic Cryptography
    著者
    M. Iwamoto, K. Ohta, and J. Shikata
    雑誌名
    IEEE Transactions on Information Theory
    64
    1
    ページ
    654–685
    出版社
    IEEE
    発行年
    2018
    Abstract

    This paper analyzes the formalizations of information-theoretic security for the fundamental primitives in cryptography: symmetric-key encryption and key agreement. Revisiting the previous results, we can formalize information-theoretic security using different methods, by extending Shannon's perfect secrecy, by information-theoretic analogues of indistinguishability and semantic security, and by the frameworks for composability of protocols. We show the relationships among the security formalizations and obtain the following results. First, in the case of encryption, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy or a variant of information-theoretic indistinguishability is the strongest notion. Second, in the case of key agreement, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy is the strongest notion. In particular, in both encryption and key agreement, the formalization of composable security is not stronger than any other formalizations. Furthermore, as an application of the relationships in encryption and key agreement, we simultaneously derive a family of lower bounds on the size of secret keys and security quantities required under the above formalizations, which also implies the importance and usefulness of the relationships.

  • Q-class Authentication System for Double Arbiter PUF
    著者
    R. Yashiro, T. Sugawara, M. Iwamoto, and K. Sakiyama
    雑誌名
    IEICE Transactions on Fundamentals
    E101–A
    1
    ページ
    129–137
    出版社
    IEICE
    発行年
    2018
    Abstract

    Physically Unclonable Function (PUF) is a cryptographic primitive that is based on physical property of each entity or Integrated Circuit (IC) chip. It is expected that PUF be used in security applications such as ID generation and authentication. Some responses from PUF are unreliable, and they are usually discarded. In this paper, we propose a new PUF-based authentication system that exploits information of unreliable responses. In the proposed method, each response is categorized into multiple classes by its unreliability evaluated by feeding the same challenges several times. This authentication system is named Q-class authentication, where Q is the number of classes. We perform experiments assuming a challenge-response authentication system with a certain threshold of errors. Considering 4-class separation for 4-1 Double Arbiter PUF, it is figured out that the advantage of a legitimate prover against a clone is improved form 24% to 36% in terms of success rate. In other words, it is possible to improve the tolerance of machine-learning attack by using unreliable information that was previously regarded disadvantageous to authentication systems.

  • CCA-secure Revocable Identity-Based Encryption Schemes with Decryption Key Exposure Resistance
    著者
    Y. Ishida, J. Shikata, and Y. Watanabe
    雑誌名
    International Journal of Applied Cryptography (IJACT)
    3
    3
    ページ
    288–311
    出版社
    Inderscience Publishers
    発行年
    2017
    Abstract

    Key revocation functionality is important for identity-based encryption (IBE) to manage users dynamically. Revocable IBE (RIBE) realises such revocation functionality with scalability. In PKC 2013, Seo and Emura first considered decryption key exposure resistance (DKER) as a new realistic threat, and proposed the first RIBE scheme with DKER. Their RIBE scheme is adaptively secure against chosen plaintext attacks (CPA), and there is no concrete RIBE scheme adaptively secure against chosen ciphertext attacks (CCA) even without DKER so far. In this paper, we first propose three constructions of adaptively CCA-secure RIBE schemes with DKER. The first and second schemes are based on an existing transformation, which is called a BCHK transformation, that a CPA-secure hierarchical IBE scheme can be transformed into a CCA-secure scheme. The third scheme is constructed via the KEM/DEM framework. Specifically, we newly propose a revocable identity-based key encapsulation mechanism (RIB-KEM), and we show a generic construction of a CCA-secure RIBE scheme from the RIB-KEM and a data encapsulation mechanism (DEM). The third scheme is more efficient than the first and second ones in terms of the ciphertext size.

  • Unconditionally Secure Broadcast Encryption Schemes with Tradeoffs between Communication and Storage
    著者
    Y. Watanabe and J. Shikata
    雑誌名
    IEICE Transactions on Fundamentals
    99-A
    6
    ページ
    1097–1106
    発行年
    2016
    Abstract

    An (≤n,≤ω)-one-time secure broadcast encryption scheme (BES) allows a sender to choose any subset of receivers so that only the designated users can decrypt a ciphertext. In this paper, we first show an efficient construction of an (≤n,≤ω)-one-time secure BES with general ciphertext sizes. Specifically, we propose a generic construction of an (≤n,≤ω)-one-time secure BES from key predistribution systems (KPSs) when its ciphertext size is equal to integer multiple of the plaintext size, and our construction includes all known constructions. However, there are many possible combinations of the KPSs to realize the BES in our construction methodology, and therefore, we show that which combination is the best one in the sense that secret-key size can be minimized. Our (optimized) construction provides a flexible parameter setup (i.e. we can adjust the secret-key sizes) by setting arbitrary ciphertext sizes based on restrictions on channels such as channel capacity and channel bandwidth.

  • Information-Theoretically Secure Timed-Release Secret Sharing Schemes
    著者
    Y. Watanabe and J. Shikata
    雑誌名
    Journal of Information Processing
    24
    4
    ページ
    680–689
    出版社
    IPSJ
    発行年
    2016
    Abstract

    In modern cryptography, the secret sharing scheme is an important cryptographic primitive, and it is used in various situations. In this paper, timed-release secret sharing (TR-SS) schemes with information-theoretic security is first studied. TR-SS is a secret sharing scheme with the property that more than a threshold number of participants can reconstruct a secret by using their shares only when the time specified by a dealer has come. Specifically, in this paper we first introduce models and formalization of security for two kinds of TR-SS based on the traditional secret sharing scheme and information-theoretic timed-release security. We also derive tight lower bounds on the sizes of shares, time-signals, and entities' secret-keys required for each TR-SS scheme. In addition, we propose direct constructions for the TR-SS schemes. Each direct construction is optimal in the sense that the construction meets equality in each of our bounds, respectively. As a result, it is shown that timed-release security can be realized without any additional redundancy on the share size.

  • A New Arbiter PUF for Enhancing Unpredictability on FPGA
    著者
    T. Machida, D. Yamamoto, M. Iwamoto, and K. Sakiyama
    雑誌名
    The Scientific World Journal
    2015
    ページ
    13 pages
    出版社
    Hindawi
    発行年
    2015
    Article ID   864812
    Abstract

    In general, conventional Arbiter-based Physically Unclonable Functions (PUFs) generate responses with low unpredictability. The N-XOR Arbiter PUF, proposed in 2007, is a well-known technique for improving this unpredictability. In this paper, we propose a novel design for Arbiter PUF, called Double Arbiter PUF, to enhance the unpredictability on field programmable gate arrays (FPGAs), and we compare our design to conventional N-XOR Arbiter PUFs. One metric for judging the unpredictability of responses is to measure their tolerance to machine-learning attacks. Although our previous work showed the superiority of Double Arbiter PUFs regarding unpredictability, its details were not clarified. We evaluate the dependency on the number of training samples for machine learning, and we discuss the reason why Double Arbiter PUFs are more tolerant than the N-XOR Arbiter PUFs by evaluating intrachip variation. Further, the conventional Arbiter PUFs and proposed Double Arbiter PUFs are evaluated according to other metrics, namely, their uniqueness, randomness, and steadiness. We demonstrate that 3-1 Double Arbiter PUF archives the best performance overall.

  • A New Method for Enhancing Variety and Maintaining Reliability of PUF Responses and Its Evaluation on ASICs
    著者
    D. Yamamoto, K. Sakiyama, M. Iwamoto, K. Ohta, M. Takenaka, K. Itoh, and N. Torii
    雑誌名
    Journal of Cryptographic Engineering
    5
    3
    ページ
    187–199
    出版社
    Springer
    発行年
    2015
    Abstract

    Physically unclonable functions (PUFs) are expected to provide a breakthrough in anti-counterfeiting devices for secure ID generation and authentication, etc. Factory-manufactured PUFs are generally more secure if the number of outputs (the variety of responses) is larger (e.g., a 256-bit full-entropy response is more secure than a 128-bit response). In Yamamoto et al. (J. Cryptogr. Eng. 3(4):197–211, 2013), we presented a latch-based PUF structure, which enhances the variety of responses by utilizing the location information of the RS (Reset-Set) latches outputting random numbers. We confirmed the effectiveness of this method using two kinds of different Xilinx FPGA chips: Spartan-3E and Spartan-6. In this paper, we propose a novel method of further enhancing the variety of responses while maintaining the reliability of responses, i.e., consistency over repeated measurements. The core idea in this method is to effectively utilize the information on the proportion of `1’s in the random number sequence output by the RS latches. This proportion information is determined during the manufacturing process, making it relatively stable and reliable once PUFs are manufactured. We estimated the variety of responses generated by the PUFs to which the proposed method was applied. According to our experiment with 73 ASIC chips fabricated by a 0.18-㎛ CMOS process, latch-based PUFs with 256 RS latches can improve the variety of responses to as much as 2379. This is much larger than 2220 for conventional methods, and 2314 for our previous method presented in Yamamoto et al., (J. Cryptogr. Eng. 3(4):197–211, 2013). The average error rate (reliability) of responses is only 0.064 when both temperature and voltage are changed to −20∼60℃ and 1.80 ± 0.15V, respectively. Our proposed PUF enhances the variety of responses dramatically while maintaining reliability.

  • Information-Theoretically Secure Blind Authentication Codes without Verifier’s Secret Keys
    著者
    N. Takei, Y. Watanabe, and J. Shikata
    雑誌名
    Josai Mathematical Monograph
    8
    ページ
    115–133
    出版社
    Graduate School of Sciences, Josai University
    発行年
    2015
    Abstract

    In modern cryptography, information-theoretic security is formalized by means of some probability (e.g., success probability of adversary’s guessing) or some information-theoretic measure (e.g., Shannon entropy), and the study on cryptographic protocols with information-theoretic security is one of effective applications of the probability theory, statistics, and information theory. In this paper, we study the blind authentication code (BA-code), a kind of information-theoretically secure authentication protocols, in which verifier’s secret keys are not required. For realizing it, we utilize a unidirectional low-bandwidth auxiliary channel which is called a manual channel. Specifically, in this paper we propose a model, a security definition, and a construction of BA-codes in the manual channel model. Furthermore, we consider BA-codes in other models, i.e., the noisy channel model and the bounded storage model, in which no verifier's secret key is required.

  • クロック間衝突を漏洩モデルとする新たなサイドチャネル解析と並列実装AES暗号ハードウェアにおける弱い鍵
    著者
    中曽根 俊貴,李 陽,岩本 貢,太田 和夫,崎山 一男
    雑誌名
    電子情報通信学会 論文誌 A
    J97–A
    11
    ページ
    695–703
    出版社
    電子情報通信学会 論文誌 A
    発行年
    2014
    概要

    クロック間衝突を用いた電磁波解析 (CC-EMA)は2クロック間のデータ衝突を漏洩モデルとする新たなサイドチャネル解析 (SCA)である.CC-EMAでは,クロック間衝突時の磁界強度が極めて小さくなること利用し解析を行う.一方で,相関電磁波解析 (CEMA)のようなハミング距離 (HD)を漏洩モデルに利用するSCAでは2クロック間のデータのHDと消費電力に相関があると仮定している.本論文では,クロック間衝突を漏洩モデルとしたSCAとHDを漏洩モデルとしたSCAが鍵復元時に必要とする波形数をシミュレーションを用いて比較する.また,並列実装AES暗号ハードウェアの最終ラウンドでは,鍵の値によりS-box回路でのクロック間衝突の発生頻度が変化する.本論文では,鍵の値を変化させ,クロック間衝突の発生頻度の差とSCAコストの関係を明らかにする.最後に,並列実装AES暗号ハードウェアにはCC-EMAに対して弱い鍵が存在することを示す.

  • Information-Theoretically Secure Anonymous Group Authentication with Arbitration: Formal Definition and Construction
    著者
    T. Seito, Y. Watanabe, K. Kinose, and J. Shikata
    雑誌名
    Josai Mathematical Monograph
    雑誌/会議名
    Josai Mathematical Monograph
    7
    ページ
    85–110
    出版社
    Graduate School of Sciences, Josai University
    発行年
    2014
    Abstract

    In cryptographic applications, there is often a need for protecting privacy of users besides integrity of message transmitted in a public channel. In information-theoretic (or unconditional) security setting, a model of GA-codes (Group Authentication codes) which can ensure both the integrity of the message and the anonymity for senders was proposed. In this model, there are multiple senders and a single receiver. And, one of the senders can generate an authenticated message anonymously. That is, the receiver can verify the validity of the authenticated message, but he cannot specify the sender of it. In GA-codes, it is assumed that both the sender and receiver are honest. However, it may be unnatural and an ideal assumption in several situations. In this paper, we remove the assumption and newly propose a formal definition (i.e., the model and security definitions) of GA2-codes (Group Authentication codes with Arbitration). In GA2-codes, it is assumed that the sender or the receiver can be dishonest and thus a dispute between them may occur. To resolve such a dispute, we introduce an honest arbiter in GA2-codes. This model can be considered as natural extension of that of both the GAcodes and the traditional A2-codes (Authentication codes with Arbitration). In addition, we propose a construction which meets our security definition of GA2-codes by using polynomials over finite fields. We also consider the case that the arbiter is not always honest and call this model GA3-codes (GA2-codes with protection against arbiter’s attack), which is further extension of GA2-codes and be naturally considered from a similar setting of the traditional A3-codes (A2-code with protection against arbiter’s attack).

  • Practical DFA Strategy for AES Under Limited-Access Conditions
    著者
    K. Sakiyama, Y. Li, S. Gomisawa, Y. Hayashi, M. Iwamoto, N. Homma, T. Aoki, and K. Ohta
    雑誌名
    Journal of Information Processing
    55
    2
    ページ
    142–151
    出版社
    IPSJ
    発行年
    2014
    Abstract

    Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks.The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.

  • Variety Enhancement of PUF Responses Using the Locations of Random Outputting RS Latches
    著者
    D. Yamamoto, K. Sakiyama, M. Iwamoto, K. Ohta, M. Takenaka, and K. Itoh
    雑誌名
    Journal of Cryptographic Engineering
    3
    4
    ページ
    197–211
    出版社
    Springer
    発行年
    2013
    Abstract

    Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, manufactured PUFs are considered to be more secure when the pattern of outputs (the variety of responses) is larger, i.e., the response bit length is longer (e.g., 192-bit response is more secure than 128-bit one). However, the actual bit length is reduced because some response bits are inconsistent (random) for repeated measurements, which are regarded as unnecessary for ID generation and discarded. Latch-based PUFs with N RS latches, for example, generate ideally 2N responses depending on binary values output from RS latches (0/1). However, some RS latches output random responses which are inconsistent and cannot be used for reliable ID generation, so the variety of responses becomes smaller than 2N. In this paper, we propose a novel Latch-based PUF structure, which outputs larger variety of responses by utilizing location information of the RS latches outputting the random responses. Differently from random responses themselves, this location information is determined during a manufacturing process, so almost fixed once PUFs are manufactured. The proposed PUF generates 3N≈ 21.58N responses by considering random responses as the third stable value: using ternary values (0/1/random). We estimate the variety of responses generated by the proposed PUFs. According to our experiment with 40 FPGAs, a Latch-based PUF with 128 RS latches can improve it from 2116 to 2192.7, this being maximized when the 128 latches outputs 0s, 1s, or random outputs with equal probability. We also show the appropriate RS latch structure for satisfying this condition, and validate it using two kinds of different Xilinx FPGAs: Spartan-3E and Spartan-6. The average error rate of responses is only 5.3% when the core voltage is changed within the rated voltage range of the FPGAs. Our proposed PUF using ternary values enhances dramatically the variety of responses while keeping the reliability.

  • Coding Theorems for a (2, 2)–Threshold Scheme with Detectability of Impersonation Attacks
    著者
    M. Iwamoto, H. Koga, and H. Yamamoto
    雑誌名
    IEEE Transactions on Information Theory
    58
    9
    ページ
    6194–6206
    出版社
    IEEE
    発行年
    2012
    Abstract

    In this paper, we discuss coding theorems on a (2,2)–threshold scheme in the presence of an opponent who impersonates one of the two shareholders in an asymptotic setup. We consider a situation where n secrets Sn from a memoryless source is blockwisely encoded to two shares and the two shares are decoded to Sn with permitting negligible decoding error. We introduce correlation level of the two shares and characterize the minimum attainable rates of the shares and a uniform random number for realizing a (2,2)–threshold scheme that is secure against the impersonation attack by an opponent. It is shown that, if the correlation level between the two shares equals to an ℓ≥0, the minimum attainable rates coincide with H(S)+ℓ, where H(S) denotes the entropy of the source, and the maximum attainable exponent of the success probability of the impersonation attack equals to ℓ. We also give a simple construction of an encoder and a decoder using an ordinary (2,2)–threshold scheme where the two shares are correlated and attains all the bounds.

  • A Cheating Prevention EVC Scheme Using Watermarking Techniques
    著者
    A. E. Torujillo, M. N. Miyatake, M. Iwamoto, and H. P. Maena
    雑誌名
    Revista Facultad de Ingeniería
    63
    ページ
    30–42
    出版社
    The University of Antioquia
    発行年
    2012
    Abstract

    Visual Cryptography (VC), proposed by Naor and Shamir in 1994, is a variation of the conventional secret sharing scheme. In VC, instead of a numerical secret key, a secret image is shared among participants in the form of images called shares. Each participant possesses his own share which cannot reveal the secret image being alone, making it necessary to stack more than one share of a qualified participant in order to reveal the secret image. Thus in VC the stacking of shares is equivalent to the decryption process, where neither extra computations nor previous knowledge are required to reveal the secret image. Until now some important VC schemes, such as the (k,n)-VC scheme, the general access structure for VC and the extended VC (EVC), have been proposed. Unfortunately all schemes can be cheated, if one or more participants try to generate their fake shares to force the revealed secret image to be a faked one. In this paper, we propose a cheating prevention VC scheme, in which the shares can be identified and authenticated using the EVC scheme and watermarking techniques. In the proposed VC scheme, the share of each participant can be identified by its meaningful appearance instead of noise-like image used in the conventional VC scheme. For the purpose of authentication of each share two binary watermark images are encrypted using shift operation. Before the secret image is revealed, the validation of the shares must be carried out, extracting two watermark images. If they can be extracted correctly, the revealed secret image is considered as authentic; otherwise it is determined as a faked one. The simulation results show the desirable performance of the proposed EVC scheme.

  • A Weak Security Notion for Visual Secret Sharing Schemes
    著者
    M. Iwamoto
    雑誌名
    IEEE Transactions on Information Forensics and Security
    7
    2
    ページ
    372–382
    出版社
    IEEE
    発行年
    2012
    Abstract

    We propose a weak security notion for visual secret sharing (VSS) schemes. Under such a weak security notion, VSS schemes are designed to be secure against attackers' eyesight, but are not unconditionally secure, in general. In this paper, we theoretically discuss the relation between unconditionally secure (US) and weakly secure (WS) VSS schemes and present two constructions of WS-VSS schemes for color images. We show that WS-VSS schemes can achieve clearer color reproduced images with a smaller pixel expansion compared to those using US-VSS schemes, while we clarify that the basis matrices in both types of VSS schemes for black-white binary images are the same. These results suggest that the proposed VSS schemes can be regarded as ramp (or nonperfect) VSS schemes for color secret images.

  • Information-Theoretic Approach to Optimal Differential Fault Analysis
    著者
    K. Sakiyama, Y. Li, M. Iwamoto, and K. Ohta
    雑誌名
    IEEE Transactions on Information Forensics and Security
    7
    1
    ページ
    109–120
    出版社
    IEEE
    発行年
    2012
    Abstract

    This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retrieve the secret internal information, e.g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA at tacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.

  • Optimal Multiple Assignments Based on Integer Programming in Secret Sharing Schemes with General Access Structures
    著者
    M. Iwamoto, H. Yamamoto, and H. Ogawa
    雑誌名
    IEICE Transactions on Fundamentals
    E90–A
    1
    ページ
    101–112
    出版社
    IEICE
    発行年
    2007
    Abstract

    It is known that for any general access structure, a secret sharing scheme (SSS) can be constructed from an (m,m)-threshold scheme by using the so-called cumulative map or from a (t,m)-threshold SSS by a modified cumulative map. However, such constructed SSSs are not efficient generally. In this paper, a new method is proposed to construct a SSS from a (t,m)-threshold scheme for any given general access structure. In the proposed method, integer programming is used to derive the optimal (t,m)-threshold scheme and the optimal distribution of the shares to minimize the average or maximum size of the distributed shares to participants. From the optimality, it can always attain lower coding rate than the cumulative maps because the cumulative maps cannot attain the optimal distribution in many cases. The same method is also applied to construct SSSs for incomplete access structures and/or ramp access structures.

  • Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares
    著者
    M. Iwamoto, L. Wang, K. Yoneyama, N. Kunihiro, and K. Ohta
    雑誌名
    IEICE Transactions on Fundamentals
    E89–A
    5
    ページ
    1382–1395
    出版社
    IEICE
    発行年
    2006
    Abstract

    In this paper, a method is proposed to construct a visual secret sharing (VSS) scheme for multiple secret images in which each share can be rotated with 180 degrees in decryption. The proposed VSS scheme can encrypt more number of secret images compared with the normal VSS schemes. Furthermore, the proposed technique can be applied to the VSS scheme that allows to turn over some shares in decryption. From the theoretical point of view, it is interesting to note that such VSS schemes cannot be obtained from so-called basis matrices straightforwardly.

  • Strongly Secure Ramp Secret Sharing Schemes for General Access Structures
    著者
    M. Iwamoto and H. Yamamoto
    雑誌名
    Information Processing Letters
    97
    2
    ページ
    52–57
    出版社
    Elsevier
    発行年
    2006
    Abstract

    Ramp secret sharing (SS) schemes can be classified into strong ramp SS schemes and weak ramp SS schemes. The strong ramp SS schemes do not leak out any part of a secret explicitly even in the case that some information about the secret leaks out from some set of shares, and hence, they are more desirable than the weak ramp SS schemes. In this paper, it is shown that for any feasible general access structure, a strong ramp SS scheme can be constructed from a partially decryptable ramp SS scheme, which can be considered as a kind of SS scheme with plural secrets. As a byproduct, it is pointed out that threshold ramp SS schemes based on Shamir's polynomial interpolation method are not always strong.

  • Quantum Secret Sharing Schemes and Reversibility of Quantum Operations
    著者
    T. Ogawa, A. Sasaki, M. Iwamoto, and H. Yamamoto
    雑誌名
    Physical Review A
    72
    3
    出版社
    APS Physics
    発行年
    2005
    Abstract

    Quantum secret sharing schemes encrypting a quantum state into a multipartite entangled state are treated. The lower bound on the dimension of each share given by Gottesman [Phys. Rev. A 61, 042311 (2000)] is revisited based on a relation between the reversibility of quantum operations and the Holevo information. We also propose a threshold ramp quantum secret sharing scheme and evaluate its coding efficiency.

  • A Construction Method of Visual Secret Sharing Schemes for Plural Secret Images
    著者
    M. Iwamoto and H. Yamamoto
    雑誌名
    IEICE Transactions on Fundamentals
    E86–A
    10
    ページ
    2577–2588
    出版社
    IEICE
    発行年
    2003
    Abstract

    In this paper, a new method is proposed to construct a visual secret sharing scheme with a general access structure for plural secret images. Although the proposed scheme can be considered as an extension of Droste's method that can encode only black-white images, it can encode plural gray-scale and/or color secret images.

  • The Optimal n-out-of-n Visual Secret Sharing Scheme for Gray-Scale Images
    著者
    M. Iwamoto and H. Yamamoto
    雑誌名
    IEICE Transactions on Fundamentals
    E85–A
    10
    ページ
    2238–2247
    出版社
    IEICE
    発行年
    2002
    Abstract

    In this paper, a method is proposed to construct an n-out-of-n visual secret sharing scheme for gray-scale images, for short an (n, n)-VSS-GS scheme, which is optimal in the sense of contrast and pixel expansion, i.e., resolution. It is shown that any (n, n)-VSS-GS scheme can be constructed based on the so- called polynomial representation of basis matrices treated in (15), (16). Furthermore, it is proved that such construction can attain the optimal (n, n)-VSS-GS scheme.

  • An Analytic Construction of the Visual Secret Sharing Scheme for Color Images
    著者
    H. Koga, M. Iwamoto, and H. Yamamoto
    雑誌名
    IEICE Transactions on Fundamentals
    E84–A
    1
    ページ
    262– 272
    出版社
    IEICE
    発行年
    2001
    Abstract

    This paper proposed a new construction of the visual secret sharing scheme for the (n, n)-threshold access structure applicable to color images. The construction uses matrices with n rows that can be identifield with homogeneous polynomials of degree n. It is shown that, if we find a set of homogeneous polynomials of degree n satisfying a certain system of simultaneous partial differential equations, we can construct a visual secret sharing scheme for the (n, n)-threshold access structure by using the matrices corresponding to the homogeneous polynomials. The construction is easily extended to the cases of the (t, n)-threshold access structure and more general access structures.

国際会議

  • Dynamic Collateral Management in Decentralized Sealed-Bid Auctions
    著者
    K. Abdullah, M. Iwamoto, and Y. Watanabe
    会議名
    The International Conference of Informatics, Multimedia, Cyber, and Information System (ICIMCIS) 2024
    発行年
    2024
    発表日
    2024/11/20–21
    (To appear)
    Abstract

    The evolution of decentralized platforms has introduced significant advancements in auction systems; however, these advancements bring forth complex challenges in collateral management within sealed-bid auctions. Traditional approaches, reliant on static collateral, often fail to account for dynamic market conditions and participant behavior, thereby limiting participation from individuals with restricted capital and reducing overall auction efficiency. This research identifies a critical gap in dynamic collateral management for decentralized sealed-bid auctions and proposes a novel framework to address these challenges. The proposed method integrates dynamic collateral management within the Riggs-TC (Timed Commitment) protocol, enhancing its existing capabilities to handle collateral more flexibly. By leveraging cryptographic advancements, specifically Pedersen Commitments and Zero-Knowledge Proofs, the framework ensures that collateral adjustments are made in real-time, reflecting each auction phase and participant actions effectively. This method not only secures bid confidentiality but also upholds the integrity and fairness of the auction process. Empirical results from deploying this framework demonstrate a significant reduction in entry barriers for participants, an increase in capital efficiency, and heightened security and fairness across the auction lifecycle. Additionally, the framework's adaptability to various decentralized environments suggests its broad applicative potential beyond the initial case studies.

  • Double-Sided Multimodal Attack Sensing and Partial Re-Keying in Shared Group Key System
    著者
    R. Ikemoto, S. Fujii, K. Naruse, J. Shiomiand, Y. Midoh, Y. Yamashita, M. Taguchi, T. Miki, M. Nagata, Y. Komano, M. Iwamoto, K. Sakiyama, and N. Miura
    会議名
    European Solid-State Electronics Research Conference (ESSERC 2024)
    出版社
    IEEE
    発行年
    2024
    To appear.
    Abstract

    This paper presents an integrated sense-and-react countermeasure for a Shared Group Key (SGK) system. 1) A set of fully CMOS-compatible integrated sensors detects multimodal physical attacks exploiting direct-probing, side channel, and laser-injection from both front- and back-side of a silicon chip. 2) Upon the attack detection, the system immediately updates SGK based on the detailed attack information obtained by the sensor for reactive SGK protection. Prototype test-chip measurements successfully demonstrate the double-sided multimodal attack detection and counter-reaction capability with small hardware overhead for future resource-constrained information systems.

  • PreLock: Precision Locking for Protecting Embedded Processor
    著者
    T. Ichioka, Y. Watanabe, and Y. Hara
    会議名
    AsianHOST 2024
    出版社
    ACM
    発行年
    2024
    (To appear)
    Abstract

    Logic locking and eFPGA-based redaction are effective hardware design methods to thwart various threats that may happen when hardware designs containing intellectual properties (IPs) are outsourced to untrusted third-party fabrication facilities. Although a number of methods have been proposed, they focused on protecting an application-specific datapath IP and/or controller IP–protecting the datapath IP of general-purpose systems (such as processors) has not been studied yet even though they could also contain datapath IPs (e.g., custom operators added to the datapath through processor extension). Because applications executed on the processors may have different errortolerance when a locked (functionally-incorrect) datapath IP is used, the challenge here is to disable the processor's functionality for various applications (i.e., achieve the sufficient security level) while mitigating the circuit overheads induced by the protection. In this work, we present an eFPGA-based redaction method to protect a datapath IP in processors. Varying the number of bits and the operator for redaction, we quantitatively evaluate the effects on various applications with different error-tolerance and figure out appropriate eFPGA settings for protection from both the application and circuit overhead perspectives.

  • On the Attack Detection Performance of Information-theoretic Method in Industrial Control System
    著者
    T. Nishiuchi, Y. Abe, Y. Watanabe, M. Iwamoto, K. Sawada, and S. Shin
    会議名
    IECON 2024
    出版社
    IEEE
    発行年
    2024
    (To appear)
    Abstract

    Several relative entropy-based methods have been studied in cyber-attack detection of control systems. Most existing studies set the threshold values of relative entropy by trial and error such that their error probabilities become small. Meanwhile, the relationship between threshold values and error probabilities in likelihood ratio tests is clarified by Information theory. Information theory also clarifies the relationship between relative entropy and likelihood ratio test. To theoretically set the threshold, the authors have investigated the relationship between relative entropy and the likelihood ratio test using experimental data from DoS attacks and man-in-the-middle attacks on control communication (Modbus TCP). This paper investigates the relationship between threshold values and error probabilities in actual experiments. Error probabilities are classified as false positive rates and false negative rates. Neyman-Pearson lemma shows how to construct a detector that considers the trade-off between false positive and false negative rates. Stein's lemma shows how to give optimal threshold values. We build a detector from the two lemmas that consider the trade-off with probability models of delay time between Response and ACK of Modbus TCP. We conduct experiments and discuss optimal threshold setting methods in the sense that the false positive rates cannot be further reduced when false positive rates are fixed.

  • Card-Based Overwriting Protocol for Equality Function and Applications
    著者
    S. Ruangwises, T. Ono, Y. Abe, K. Hatsugai, and M. Iwamoto
    会議名
    UCNC 2024
    LNCS 14776
    ページ
    18–27
    出版社
    Springer
    発行年
    2024
    発表日
    2024/6/19
    Abstract

    Research in the area of secure multi-party computation with an unconventional method of using a physical deck of playing cards began in 1989 when den Boer proposed a protocol to compute the logical AND function using five cards. Since then, the area has gained interest from many researchers and several card-based protocols to compute various functions have been developed. In this paper, we propose a card-based protocol called the overwriting protocol that can securely compute the k-candidate n-variable equality function f: {0,1, ..., k-1}^n \to {0,1}. We also apply the technique used in this protocol to compute other similar functions.

  • Multi-User Dynamic Searchable Encryption for Prefix-Fixing Predicates from Symmetric-Key Primitives
    著者
    T. Hirano, Y. Kawai, Y. Koseki, S. Yasuda, Y. Watanabe, T. Amada, M. Iwamoto, and K. Ohta
    会議名
    SAC 2024
    出版社
    Springer
    発行年
    2024
    To appear.
    Abstract

    Dynamic searchable symmetric encryption (SSE) enables clients to update and search encrypted data stored on a server and provides efficient search operations instead of leakages of inconsequential information. Towards dynamic SSE for more practical situations, researchers have tackled research on multi-user dynamic SSE (dynamic MUSE for short), sometimes with flexible access control. However, existing schemes assumed a trusted authority that played a crucial role during the search protocol, used pairings/lattices for their constructions, or provided no security proofs. In this paper, we show the first dynamic MUSE scheme with reasonable access control without the above limitations. Namely, our dynamic MUSE model requires no trusted authority, and our concrete dynamic MUSE scheme with prefix-fixing predicates, which yields a reasonable, hierarchical access control, can be constructed from only symmetric-key primitives and with rigorous security proof. Our experimental results show that our dynamic MUSE scheme is reasonably efficient.

  • Constant-Deposit Multiparty Lotteries on Bitcoin for Arbitrary Number of Players and Winners
    著者
    S. Uchizono, T. Nakai, Y. Watanabe, and M. Iwamoto
    会議名
    ICISC 2023
    LNCS 14562
    ページ
    133–156
    出版社
    Springer
    発行年
    2024
    発表日
    2023/11/29
    Abstract

    Secure lottery is a cryptographic protocol that allows multiple players to determine a winner from them uniformly at random, without any trusted third party. Bitcoin enables us to construct a secure lottery to guarantee further that the winner receives reward money from the other losers. Many existing works for Bitcoin-based lottery use deposits to ensure that honest players never be disadvantaged in the presence of adversaries. Bartoletti and Zunino (FC 2017) proposed a Bitcoin-based lottery protocol with a constant deposit, i.e., the deposit amount is independent of the number of players. However, their scheme is limited to work only when the number of participants is a power of two. We tackle this problem and propose a lottery protocol applicable to an arbitrary number of players based on their work. Furthermore, we generalize the number of winners; namely, we propose a secure (k, n)- lottery protocol. To the best of our knowledge, this is the first work to address Bitcoin-based (k, n)-lottery protocol. Notably, our protocols maintain the constant deposit property.

  • Single-Shuffle Card-Based Protocols with Six Cards per Gate
    著者
    T. Ono, K. Shinagawa, T. Nakai, Y. Watanabe, and M. Iwamoto
    会議名
    ICISC 2023
    LNCS 14562
    ページ
    157–169
    出版社
    Springer
    発行年
    2024
    発表日
    2023/11/29
    Abstract

    Card-based cryptography refers to a secure computation with physical cards, and the number of cards and shuffles measures the efficiency of card-based protocols. This paper proposes new card-based protocols for any Boolean circuits with only a single shuffle. Although our protocols rely on Yao’s garbled circuit as in previous single-shuffle card-based protocols, our core construction idea is to encode truth tables of each Boolean gate with fewer cards than previous works while being compatible with Yao’s garbled circuit. As a result, we show single-shuffle card-based protocols with six cards per gate, which are more efficient than previous single-shuffle card-based protocols.

  • Efficient Result-Hiding Searchable Encryption with Forward and Backward Privacy
    著者
    T. Amada, M. Iwamoto, and Y. Watanabe
    会議名
    ICISC 2023
    LNCS 14562
    ページ
    170–193
    出版社
    Springer
    発行年
    2024
    発表日
    2023/11/30
    Abstract

    Dynamic searchable symmetric encryption (SSE) realizes efficient update and search operations for encrypted databases, and there has been an increase in this line of research in the recent decade. Dynamic SSE allows the leakage of insignificant information to ensure efficient search operations, and it is important to understand and identify what kinds of information are insignificant. In this paper, we propose an efficient dynamic SSE scheme Laura under the small leakage, which leads to appealing security requirements such as forward privacy, (Type- II) backward privacy, and result hiding. Laura is constructed based on Aura (NDSS 2021) and is almost as efficient as Aura while only allowing less leakage than Aura. We also provide experimental results to show the concrete efficiency of Laura.

  • Lattice-based Multi-Entity Identification Protocols
    著者
    Y. Watanabe, T. Tomita, and J. Shikata
    会議名
    MobiSec 2023
    CCIS 2095
    ページ
    51–65
    出版社
    Springer
    発行年
    2024
    発表日
    2023/12/19
    Abstract

    It is crucial for IoT networks to produce new methods to efficiently handle communications among multiple IoT devices. Aggregate MAC/signatures provide efficient multi-entity authentication protocols. However, a server cannot identify malicious entities, i.e., impersonated ones, though it can detect that there are some malicious ones. Recently, Hirose and Shikata introduced aggregate entity authentication protocols, which enable the server to simultaneously check the validity of multiple entities and identify malicious ones. Their aggregate entity authentication protocol is based on symmetric-key primitives, and hence it is lightweight. However, it requires key agreements between the server and entities beforehand. In this paper, we introduce multi-entity identification, which is a public-key analogy of aggregate entity authentication protocols, and propose two generic constructions. Since all the building blocks of our generic constructions can be instantiated from lattices, our constructions can be post-quantum ones.

  • The Two Sheriffs Problem: Cryptographic Formalization and Generalization
    著者
    K. Sugimoto, T. Nakai, Y. Watanabe, and M. Iwamoto
    会議名
    COCOA 2023
    LNCS 14461
    ページ
    512–523
    出版社
    Springer
    発行年
    2023
    発表日
    2023/12/17
    Abstract

    The two sheriffs problem is the following problem. There are two sheriffs, and each of them has their own list of suspects. Assuming that these lists are the result of a proper investigation, we can say that a culprit is the intersection of them even if the sheriffs do not know who the culprit is. Now, they wish to identify the culprit through an open channel, i.e., to compute the intersection of two lists, without letting an eavesdropper know the culprit who observed all communications. This cryptographic problem was proposed by Beaver et al., and a combinatorial solution using a bipartite graph was proposed. In this paper, we propose a formulation of the two sheriffs problem by introducing a secrecy evaluation based on the eavesdropper’s attack success probability. Furthermore, we propose an improved version of Beaver et al.’s protocol that an arbitrary number of players can execute and has less attack success probability.

  • A Physical Zero-knowledge Proof for Sumplete, a Puzzle Generated by ChatGPT
    著者
    K. Hatsugai, K. Asano, and Y. Abe
    会議名
    COCOON 2023
    LNCS 14422
    ページ
    398–410
    出版社
    Springer
    発行年
    2023
    発表日
    2023/12/16
    Abstract

    In March 2023, ChatGPT generated a new puzzle, Sumplete. Sumplete consists of an n x n grid, each whose cell has an integer. In addition, each row and column of the grid has an integer, which we call a target value. The goal of Sumplete is to make the sum of integers in each row and column equal to the target value by deleting some integers of the cells. In this paper, we prove that Sumplete is NP-complete and propose a physical zero-knowledge proof for Sumplete. To show the NP-completeness, we give a polynomial reduction from the subset sum problem to Sumplete. In our physical zero-knowledge proof protocol, we use a card protocol that realizes the addition of negative and positive integers using cyclic permutation on a sequence of cards. To keep the solution secret, we use a technique named decoy technique.

  • Packet Analysis and Information Theory on Attack Detection for Modbus TCP
    著者
    T. Nishiuchi, Y. Abe, Y. Watanabe, M. Iwamoto, and K. Sawada
    会議名
    IECON 2023
    ページ
    1–6
    出版社
    IEEE
    発行年
    2023
    Abstract

    Cyber attacks on control system communication are increasing. In information systems, a lot of security counter-measure focusing on the distribution of communication packets has been studied so far. Such attack detection methods evaluate normal and abnormal packets based on the likelihood and the relative entropy. Whether the methods for information systems are also effective for control systems is another question. Then, this paper conducts attack detection experiments based on the likelihood and the relative entropy of DoS and spoofing attacks on Modbus TCP communication used in industrial control systems.

  • IoT-REX: A Secure Remote-Control System for IoT Devices from Centralized Multi-Designated Verifier Signatures
    著者
    Y. Watanabe, N. Yanai, and J. Shikata
    会議名
    ISPEC 2023
    LNCS 14341
    ページ
    105–122
    出版社
    Springer
    発行年
    2023
    発表日
    2023/8/24
    Abstract

    IoT technology has been developing rapidly, while at the same time, notorious IoT malware such as Mirai is a severe and inherent threat. We believe it is essential to consider systems that enable us to remotely control infected devices in order to prevent or limit malicious behaviors of infected devices. In this paper, we design a promising candidate for such remote-control systems, called IoT-REX (REmote-Control System for IoT devices). IoT-REX allows a systems manager to designate an arbitrary subset of all IoT devices in the system and every device can confirm whether or not the device itself was designated; if so, the device executes a command given from the systems manager. Towards realizing IoT-REX, we introduce a novel cryptographic primitive called centralized multi-designated verifier signatures (CMDVS). Although CMDVS works under a restricted condition compared to conventional MDVS, it is sufficient for realizing IoT-REX. We provide an efficient CMDVS construction from any approximate membership query structures and digital signatures, yielding compact communication sizes and efficient verification procedures for IoT-REX. We then discuss the feasibility of IoT-REX through cryptographic implementation of the CMDVS construction on a Raspberry Pi. Our promising results demonstrate that the CMDVS construction can compress communication size to about 30% compared to a trivial construction, and thus its resulting IoT-REX becomes three times faster than a trivial construction over typical low-power wide area networks with an IoT device.

  • Designated Verifier Signature with Claimability
    著者
    K. Yamashita, K. Hara, Y. Watanabe, N. Yanai, and J. Shikata,
    会議名
    APKC 2023
    ページ
    21–32
    出版社
    ACM
    発行年
    2023
    Abstract

    This paper considers the problem of balancing traceability and anonymity in designated verifier signatures (DVS), which are a kind of group-oriented signatures. That is, we propose claimable designated verifier signatures (CDVS), where a signer is able to claim that he/she indeed created a signature later. Ordinal DVS does not provide any traceability, which could indicate too strong anonymity. Thus, adding claimability, which can be seen as a sort of traceability, moderates anonymity. We demonstrate two generic constructions of CDVS from (i) ring signatures, (non-ring) signatures, pseudorandom function, and commitment scheme, and (ii) claimable ring signatures (by Park and Sealfon, CRYPTO'19). This paper also shows the first formal reduction from DVS to ring signature, which has been folklore until now.

  • Forward and Backward Private Dynamic Searchable Encryption with Better Space Efficiency
    著者
    Y. Liu, Y. Watanabe, and J. Shikata
    会議名
    CISS 2023
    ページ
    1–6
    出版社
    IEEE
    発行年
    2023
    Abstract

    Dynamic searchable symmetric encryption (SSE) provides efficient update and search operations over encrypted data, while it leaks some inconsequential information to increase search efficiency. Since the more dynamic SSE allows leakage, the easier it is to break its security, it is important to realize efficient schemes with less leakages. For that reason, most recent works on dynamic SSE focus on forward and backward privacy, which are important security notions for dynamic SSE. In particular, Sun et al. (NDSS 2021) recently proposed Aura, an efficient dynamic SSE scheme with forward and backward privacy. Although Aura provides good update and search efficiency, it requires large encrypted database. Taking into account the practical use of dynamic SSE, i.e., search systems that many users involve, the sizes of encrypted databases should be small enough. In this paper, based on Aura, we propose a new dynamic SSE scheme with forward and backward privacy, called Aura+; it provides not only efficient update and search operations but also smaller encrypted database than Aura, though Aura+ requires a few more interactions than Aura.

  • Lightweight Authentication using Noisy Key Derived from Physically Unclonable Function
    著者
    Y. Komano, M. Iwamoto, K. Ohta, and K. Sakiyama
    会議名
    SecITC 2022
    LNCS 13809
    ページ
    203–221
    出版社
    Springer
    発行年
    2023
    Abstract

    Internet of things (IoT) systems consist of many devices that send their sensor data to cloud servers. Cryptographic authentication is essential for maintaining the consistency of these systems, and lightweight authentication in particular is required because most IoT devices are resource-constrained. Physically unclonable functions (PUF) are promising tools for protecting such devices from cyber-attacks. It can naturally generate a unique but noisy (i.e., erroneous) key for a device without implementing costly secure key storage in the device. However, a costly error correction technique is required to remove the noise. In this paper, we propose a lightweight authentication scheme with a noisy key (i.e., an uncorrected key) {\em naturally} derived from a PUF. The security of our scheme is based on a combinatorial problem with small noise. We also discuss its security and feasibility.

  • More Efficient Adaptively Secure Lattice-based IBE with Equality Test in the Standard Model
    著者
    K. Asano, K. Emura, and A. Takayasu
    会議名
    ISC 2022
    LNCS 13640
    ページ
    75–83
    出版社
    Springer
    発行年
    2022
    発表日
    2022/12/19
    Abstract

    Identity-based encryption with equality test (IBEET) is a variant of identity-based encryption (IBE), where any users who have trapdoors can check whether two ciphertexts are encryption of the same plaintext. Although several lattice-based IBEET schemes have been proposed, they have drawbacks in either security or efficiency. Specifically, most schemes satisfy only selective security, while adaptively secure schemes in the standard model suffer from large master public keys that consist of linear numbers of matrices. In other words, known lattice-based IBEET schemes perform poorly compared to the state-of-the-art lattice-based IBE schemes (without equality test). In this paper, we propose a semi-generic construction of CCA-secure lattice-based IBEET from a certain class of lattice-based IBE schemes. As a result, we obtain the first lattice-based IBEET schemes with adaptive security and CCA security in the standard model. Furthermore, our semi-generic construction can use several state-of-the-art lattice-based IBE schemes as underlying schemes. Then, we have adaptively secure lattice-based IBEET schemes whose public keys have only poly-log matrices.

  • A Generic Construction of CCA-secure Attribute-based Encryption with Equality Test
    著者
    K. Asano, K. Emura, A. Takayasu, and Y. Watanabe
    会議名
    ProvSec 2022
    LNCS 13600
    ページ
    3–19
    出版社
    Springer
    発行年
    2022
    発表日
    2022/11/11
    Abstract

    Attribute-based encryption with equality test (ABEET) is an extension of the ordinary attribute-based encryption (ABE), where trapdoors enable us to check whether two ciphertexts are encryptions of the same message. Thus far, several CCA-secure ABEET schemes have been proposed for monotone span programs satisfying selective security under q-type assumptions. In this paper, we propose a generic construction of CCA-secure ABEET from delegatable ABE. Specifically, our construction is an attribute-based extension of Lee et al.'s generic construction of identity-based encryption with equality test from hierarchical identity-based encryption. Even as far as we know, there are various delegatable ABE schemes. Therefore, we obtain various ABEET schemes with new properties that have not been achieved before such as various predicates, adaptive security, standard assumptions, compact ciphertexts/secret keys, and lattice-based constructions.

  • Card-based Cryptographic Protocols for Private Set Intersection
    著者
    A. Doi, T. Ono, T. Nakai, K. Shinagawa, Y. Watanabe, K. Nuida, and M. Iwamoto
    会議名
    ISITA 2022
    出版社
    IEEE
    発行年
    2022
    Abstract

    Card-based cryptography is a cryptographic technique that realizes Multi-Party Computation (MPC) using physical cards. Although various protocols have been studied in card-based cryptography, there is no research on card-based Private Set Intersection (PSI). PSI is one of the well-studied MPC protocols which enables parties to compute the set intersection while keeping their data sets secret. This paper focuses on PSI in card-based cryptography for the first time, and shows several card-based PSI protocols. In card-based cryptography, there are two operation models: one assumes that all operations are performed publicly, and the other allows private operations. We propose PSI protocols under each model. We first show that PSI can be realized under each model by utilizing the existing card-based AND protocols. Furthermore, we propose more efficient PSI protocols than the PSI protocols based on AND protocols under each model.

  • An Improvement of Multi-Party Private Set Intersection Based on Oblivious Programmable PRFs
    著者
    S. Shimizu, T. Nakai, Y. Watanabe, and M. Iwamoto
    会議名
    ISITA 2022
    出版社
    IEEE
    発行年
    2022
    (To appear)
    Abstract

    Multi-party private set intersection (PSI) allows parties to compute the set intersection of their private data sets without revealing outside of the intersection. Kolesnikov et al. (ACM CCS 2017) introduced Oblivious Programmable Pseudorandom Function (OPPRF) and showed a practical multi-party PSI protocol secure for arbitrary collusion of parties under the semi-honest model. We point out that their protocol contains some overkill OPPRFs for the required functionality. On the basis of this finding, we improve their PSI protocol by replacing these OPPRFs with more lightweight procedures. More precisely, we introduce a new functionality called Extended Programmable Pseudorandom Function (EPPRF). It provides functionality that excludes an expensive public-key operation from the OPPRF. We show that a multi-party PSI protocol can be realized even if the OPPRFs are replaced with EPPRFs. As a result of the replacement, we reduce the number of public-key operations n-1 times from Kolesnikov et al.'s protocol, where n is the number of parties.

  • State-free End-to-End Encrypted Storage and Chat Systems based on Searchable Encryption
    著者
    K. Emura, R. Ito, S. Kanamori, R. Nojima, and Y. Watanabe
    会議名
    ICEIS 2022
    2
    ページ
    106–113
    出版社
    SciTePress
    発行年
    2022
    Abstract

    Searchable symmetric encryption (SSE) has attracted significant attention because it can prevent data leakage from external devices, e.g., on clouds. SSE appears to be effective to construct such a secure system; however, it is not trivial to construct such a system from SSE in practice because other parts must be designed, e.g., user login management, defining the keyword space, and sharing secret keys among multiple users who usually do not have public key certificates. In this paper, we describe the implementation of two systems based upon the state-free dynamic SSE (DSSE) (Watanabe et al., ePrint 2021), i.e., a secure storage system (for a single user) and a chat system (for multiple users). In addition to the Watanabe et al. DSSE protocol, we employ a secure multipath key exchange (SMKEX) protocol (Costea et al., CCS 2018), which is secure against some classes of unsynchronized active attackers. It allows the chat system users without certificates to share a secret key of the DSSE protocol in a secure manner. To realize end-to-end encryption, the shared key must be kept secret; thus, we must consider how to preserve the secret on, for example, a user’s local device. However, this requires additional security assumptions, e.g., tamper resistance, and it seems difficult to assume that all users have such devices. Thus, we propose a secure key agreement protocol by combining the SMKEX and login information (password) that does not require an additional tamper-resistant device. Combining the proposed key agreement protocol and the underlying state-free DSSE protocol allow users who know the password to use the systems on multiple devices.

  • Efficient Dynamic Searchable Encryption with Forward Privacy under the Decent Leakage
    著者
    Y. Watanabe, K. Ohara, M. Iwamoto, and K. Ohta
    会議名
    ACM CODASPY 2022
    ページ
    312–323
    出版社
    ACM
    発行年
    2022
    Abstract

    Dynamic searchable symmetric encryption (SSE) enables clients to update and search encrypted data stored on a server and provides efficient search operations instead of leakages of inconsequential information. The amount of permitted leakage is a crucial factor of dynamic SSE; more leakage allows us to design an efficient scheme, while leakage attacks tell us that the leakage has a real-world impact. Leakage-abuse attacks (NDSS 2012) and subsequent works suggest that dynamic SSE schemes should not unnecessarily reveal extra information during the search procedure, and in particular, file-injection attacks (USENIX Security 2016) showed that forward privacy, which restricts the leakage during the addition procedure, is a vital security notion for dynamic SSE. In this paper, we propose a new dynamic SSE scheme with a good balance of efficiency and security levels; our scheme achieves both high efficiency and forward-privacy and only requires the decent leakage, i.e., only allows the leakage of search and access patterns during search operations. Specifically, we first show there is still no such scheme by uncovering a flaw in the security proof of Etemad et al.'s scheme (PoPETs 2018) and showing that extra leakage is required to fix it. We then propose the first forward-private dynamic SSE scheme that only requires symmetric-key primitives and the standard, decent leakage to prove the security. Although the client's information is slightly larger than existing schemes, our experimental results show that our scheme is comparable to Etemad et al.'s scheme, which is the most-efficient-ever scheme with forward privacy, in terms of efficiency.

  • Multi-Designated Receiver Authentication-Codes with Information-Theoretic Security
    著者
    T. Seito, J. Shikata, and Y. Watanabe
    会議名
    CISS 2022
    ページ
    84–89
    出版社
    IEEE
    発行年
    2022
    Abstract

    A multi-designated receiver authentication code (MDRA-code) with information-theoretic security is proposed as an extension of the traditional multi-receiver authentication code. The purpose of the MDRA-code is to securely transmit a message via a broadcast channel from a single sender to an arbitrary subset of multiple receivers that have been designated by the sender, and only the receivers in the subset (i.e., not all receivers) should accept the message if an adversary is absent. This paper proposes a model and security formalization of MDRA-codes, and provides constructions of MDRA-codes.

  • Secure Computation with Non-equivalent Penalties in Constant Rounds
    著者
    T. Nakai and K. Shinagawa
    会議名
    Tokenomics 2021
    OASIcs 97
    ページ
    5:1–5:16
    出版社
    Schloss Dagstuhl
    発行年
    2022
    Abstract

    It is known that Bitcoin enables to achieve fairness in secure computation by imposing a monetary penalty on adversarial parties. This functionality is called secure computation with penalties. Bentov and Kumaresan (Crypto 2014) showed that it could be realized with O(n) rounds and O(n) broadcasts for any function, where n is the number of parties. Kumaresan and Bentov (CCS 2014) posed an open question: ``Is it possible to design secure computation with penalties that needs only O(1) rounds and O(n) broadcasts?'' In this work, we introduce secure computation with non-equivalent penalties, and design a protocol achieving this functionality with O(1) rounds and O(n) broadcasts only. The new functionality is the same as secure computation with penalties except that every honest party receives more than a predetermined amount of compensation while the previous one requires that every honest party receives the same amount of compensation. In particular, both are the same if all parties behave honestly. Thus, our result gives a partial answer to the open problem with a slight and natural modification of functionality.

  • Asymptotically Tight Lower Bounds in Anonymous Broadcast Encryption and Authentication
    著者
    H. Kobayashi, Y. Watanabe, and J. Shikata
    会議名
    IMACC 2021
    LNCS 13129
    ページ
    105–128
    出版社
    Springer
    発行年
    2021
    Abstract

    Broadcast Encryption (BE) is a cryptosystem that allows a sender to specify recipients so that only the specified recipients can perform decryption. Anonymity, which is one of additional but important security requirements of BE, guarantees that no information of the designated recipients is leaked from ciphertexts, and several BE schemes with anonymity (ANO-BE) have been proposed so far. Kiayias and Samari (IH 2013) analyzed a lower bound on the ciphertext size required for ANO-BE. In their analysis, they derived the lower bound under the assumption that ANO-BE schemes meets a special property. However, it is unclear whether the special property holds for existing ANO-BE schemes. In other words, their analysis is insufficient to show that the existing ANO-BE schemes achieve the optimal ciphertext size. In this paper, we derive a lower bound on the ciphertext size in ANO-BE, assuming only properties that most existing ANO-BE schemes satisfy. In our analysis, we newly define several properties abstracted from existing (even non-anonymous) BE schemes and carefully analyze them to replace the Kiayias—Samari assumption with ours. As a result, we show that the existing ANO-BE schemes achieve the optimal ciphertext size. We further show that our analysis can be extended to the authentication setting. Specifically, we first derive a lower bound on the authenticator sizes required for anonymous broadcast authentication.

  • Efficient Threshold Public Key Encryption from the Computational Bilinear Diffie-Hellman Assumption
    著者
    M. Ebina, J. Mita, J. Shikata, and Y. Watanabe
    会議名
    APKC 2021
    ページ
    23–32
    出版社
    ACM Press
    発行年
    2021
    発表日
    2021/6/7
    Abstract

    In this paper, we show the first efficient threshold public-key encryption (TPKE) scheme under the difficulty of search problems. More specifically, our TPKE scheme simultaneously achieves: (1) Chosen ciphertext security (CCA security) under the computational bilinear Diffie-Hellman (CBDH) assumption in the standard model; (2) re-splittability, which is a useful property that makes partial secret keys refreshable; and (3) O(kappa)-bit ciphertexts and public keys. Most previous CCA-secure TPKE schemes rely on decisional complexity assumptions or random oracles. Although there exist CCA-secure TPKE schemes under the difficulty of search problems, all such schemes are inefficient or work over small plaintext spaces. Technically, we begin with a direct construction of a threshold identity-based key encapsulation mechanism (TIB-KEM) with a weak security notion. Then, we transform the weakly-secure TIB-KEM into a CCA-secure TPKE scheme via the tag-KEM/DEM approach.

  • Anonymous Broadcast Authentication for Securely Remote-Controlling IoT Devices
    著者
    Y. Watanabe, N. Yanai, and J. Shikata
    会議名
    AINA 2021
    LNNS 226
    ページ
    679–690
    出版社
    Springer
    発行年
    2021
    発表日
    2021/05/14
    Abstract

    In this paper, we present a basic system for controlling IoT devices in remote environments with the following requirements: (1) in a situation where an operation center broadcasts information to IoT devices, e.g., wireless environment, only the designated devices can identify operations sent from the center; (2) the devices can detect manipulation of the broadcast information and hence prevents maliciously generated operations from being executed. We formalize a model of the basic system and its essential requirements and propose anonymous broadcast authentication (ABA) as its core cryptographic primitive. We formally define the syntax and security notions for ABA and show provably-secure ABA constructions.

  • A Key Recovery Algorithm Using Random Key Leakage from AES Key Schedule
    著者
    T. Uemura, Y. Watanabe, Y. Li, N. Miura, M. Iwamoto, K. Sakiyama, and K. Ohta
    会議名
    ISITA 2020
    ページ
    382–386
    出版社
    IEEE
    発行年
    2020
    発表日
    2020/10/24
    Abstract

    A key recovery algorithm using parts of the key schedules is proposed for evaluating the threat of probing attack. Suppose that we have an information leakage sensor, and we can detect a leak (attacked) point where an attacker makes electrical/physical contact with a laser, a probe, etc. We assume that the attacked bits (leaked bits) are completely known to the attacker, whereas the other non-attacked bits are not leaked at all. We also assume that each bit leaks with a constant probability. Our key recovery algorithm is constructed by modifying the pruning phase that for cold boot attacks proposed by Tsow. Experimental result shows that, using our algorithm, more than 15% leakage recovers the key with almost probability 1, whereas less than 10% is recovered with small probability close to 0.

  • How to Detect Malicious Behaviors in a Card-Based Majority Voting Protocol with Three Inputs
    著者
    Y. Abe, M. Iwamoto, and K. Ohta
    会議名
    ISITA 2020
    ページ
    377–381
    出版社
    IEEE
    発行年
    2020
    Abstract

    Card-based protocol is a multi-party computation using cards. The card-based protocol using operations called private operation has an advantage that the number of cards and the number of times of communication are smaller than the card-based protocol using operations called shuffle. However, there is a disadvantage that private operation allows dishonest players to perform malicious behaviors. Although the method to detect malicious behaviors in private operations was proposed, the method was available only in committed-format protocols, where inputs and outputs are represented by a pair of cards called commitment. In this paper, we show how to detect malicious behaviors in non-committed-format protocol with an example of a three-input majority voting protocol using private operations. Our majority voting protocol requires a smaller number of cards than the minimum number of cards required for committed-format protocols.

  • On the Power of Interaction in Signcryption
    著者
    J. Ida, J. Shikata, and Y. Watanabe
    会議名
    ISITA 2020
    ページ
    348–352
    出版社
    IEEE
    発行年
    2020
    Abstract

    Signcryption (SC) achieves the goal with lower computational costs than simply combining public-key encryption (PKE) and digital signatures (DS). Meanwhile, at SCN 2014, Dodis and Fiore formalized interactive PKE and DS. In particular, in the interactive setting, they showed a CCA-secure PKE scheme can be constructed assuming only CPA-secure PKE schemes in a black-box manner. In this paper, we focus on SC schemes in the interactive setting (ISC for short). Specifically, we newly define a model and security notions for ISC schemes. We then propose generic constructions of ISC schemes by using CPA-secure PKE schemes rather than CCA-secure ones, whereas such a realization is unknown in the context of non-interactive SC schemes. We show that two rounds are sufficient to construct an ISC scheme from only CPA-secure PKE schemes. Furthermore, we also show the first SC scheme that can be efficiently instantiated from simple assumptions in the standard model without pairings or lattices by allowing interaction.

  • Efficient Private PEZ Protocols for Symmetric Functions
    著者
    Y. Abe, M. Iwamoto, and K. Ohta
    会議名
    TCC 2019
    LNCS 11891
    ページ
    372–392
    出版社
    Springer
    発行年
    2019
    発表日
    Dec. 3, 2019
    Abstract

    A private PEZ protocol is a variant of secure multi-party computation performed using a (long) PEZ dispenser. The original paper by Balogh et al. presented a private PEZ protocol for computing an arbitrary function with n inputs. This result is interesting, but no follow-up work has been presented since then, to the best of our knowledge. We show herein that it is possible to shorten the initial string (the sequence of candies filled in a PEZ dispenser) and the number of moves (a player pops out a specified number of candies in each move) drastically if the function is symmetric. Concretely, it turns out that the length of the initial string is reduced from O(2n!) for general functions in Balogh et al.’s results to O(n·n!)$ for symmetric functions, and 2n moves for general functions are reduced to n2 moves for symmetric functions. Our main idea is to utilize the recursive structure of symmetric functions to construct the protocol recursively. This idea originates from a new initial string we found for a private PEZ protocol for the three-input majority function, which is different from the one with the same length given by Balogh et al. without describing how they derived it.

  • Identity-Based Encryption with Security against the KGC: A Formal Model and Its Instantiation from Lattices
    著者
    K. Emura, S. Katsumata, and Y. Watanabe
    会議名
    ESORICS 2019
    LNCS 11736
    ページ
    113–133
    出版社
    Springer
    発行年
    2019
    発表日
    Sep. 25, 2019
    Abstract

    The key escrow problem is one of the main barriers to the widespread real-world use of identity-based encryption (IBE). Specifically, a key generation center (KGC), which generates secret keys for a given identity, has the power to decrypt all ciphertexts. At PKC 2009, Chow defined a notion of security against the KGC, that relies on assuming that it cannot discover the underlying identities behind ciphertexts. However, this is not a realistic assumption since, in practice, the KGC manages an identity list and hence it can easily guess the identities corresponding to given ciphertexts. Chow later closed the gap between theory and practice by introducing a new entity called an identity-certifying authority (ICA) and proposed an anonymous key-issuing protocol. Essentially, this allows the users, KGC, and ICA to interactively generate secret keys without users ever having to reveal their identities to the KGC. Unfortunately, the proposed protocol did not include a concrete security definition, meaning that all of the subsequent works following Chow lack the formal proofs needed to determine whether or not it delivers a secure solution to the key escrow problem.
    In this paper, based on Chow’s work, we formally define an IBE scheme that resolves the key escrow problem and provide formal definitions of security against corrupted users, KGC, and ICA. Along the way, we observe that if we are allowed to assume a fully trusted ICA, as in Chow’s work, then we can construct a trivial (and meaningless) IBE scheme that is secure against the KGC. Finally, we present a lattice-based construction in our new security model based on the Gentry–Peikert–Vaikuntanathan (GPV) IBE scheme (STOC 2008) and Rückert’s lattice-based blind signature scheme (ASIACRYPT 2010).

  • Optimal Multiple Assignment Schemes Using Ideal Multipartite Secret Sharing Schemes
    著者
    R. Eriguchi, N. Kunihiro, and M. Iwamoto
    会議名
    IEEE ISIT 2019
    ページ
    3047–3051
    出版社
    IEEE
    発行年
    2019
    発表日
    Jul. 12, 2019
    Abstract

    A multiple assignment scheme (MAS) is a method to construct secret sharing schemes (SSSs) for general access structures. There are MASs using threshold and ramp SSSs. The paper proposes new MASs using ideal SSSs realizing compartmented access structures and those using SSSs realizing multi-level access structures. Since the ideal SSSs realizing compartmented access structures and SSSs realizing multi-level access structures are natural generalizations of threshold and ramp SSSs, respectively, the new MASs cannot be less efficient than those using threshold or ramp SSSs.

  • An Abstraction Model for 1-bit Probing Attack on Block Ciphers
    著者
    N. Shoji, T. Sugawara, M. Iwamoto, and K. Sakiyama
    会議名
    ICCCS 2019
    ページ
    502–506
    出版社
    IEEE
    発行年
    2019
    発表日
    Feb. 23–25, 2019
    Abstract

    The threat of physical attacks on crypto devices has been reported. Attack efficiency is determined by the attacker's ability to measure the physical information leaked from the device, for example, side-channel information, or to control physical disturbance against a device, for example, laser fault injection. Intuitively, the higher the ability of the attacker, the more information can be retrieved. In order to assess attack efficiency, this paper focuses on the 1-bit probing attack, which is one of the strongest attacks in a real-world setting. In the 1-bit probing attack, the attacker can observe a specific 1-bit intermediate value at a certain timing in the cryptographic operation. Firstly, we explain previous studies on an abstraction model for physical attacks. Secondly, we introduce a new model with an ideal property with regard to the probing attacks. Finally, we compare the attack efficiency of seven reported block ciphers with the proposed model value.

  • Implementation and Analysis of Fully Homomorphic Encryption in Wearable Devices
    著者
    A. Prasitsupparote, Y. Watanabe, and J. Shikata
    会議名
    ISDF 2018
    ページ
    1–14
    出版社
    SDIWC Library
    発行年
    2018
    発表日
    2018
    Abstract

    Currently, wearable devices, which are known as one of the Internet of things (IoT) devices, have been widely used for healthcare systems. Most of the healthcare systems store users’ healthcare data, which is encrypted by ordinary symmetric-key en- cryption and/or public-key encryption schemes, in a (cloud) server. However, the encrypted data needs to be decrypted for data analysis, and it means that sensitive information is leaked to the server. One promising solution is to use fully homomorphic encryption (FHE), which enables ones to perform any computation among encrypted data while keep- ing it encrypted. Although FHE generally requires high computational and communication costs in the theoretical sense, several researchers have imple- mented FHE schemes to measure their practical efficiency. In this paper, we consider a privacy- preserving protocol for healthcare systems employ- ing wearable devices, and implement this proto- col over Raspberry Pi, which is a popular single- board computer, to measure the actual efficiency of FHE over wearable devices. Specifically, we implemented the protocol by using two FHE li- braries, HElib and SEAL, on Raspberry Pi and net- work simulator to measure both computational and communication costs in wireless body area network (WBAN). In terms of the communication overhead, our result shows that the protocol with SEAL is bet- ter than that with HElib. In particular, the proto- col with SEAL has almost the same communication costs as the trivial protocol, which is the same pro- tocol without encryption. On the other hand, HE- lib is better than SEAL regarding the running time, while SEAL can perform more homomorphic op- erations than HElib for the almost same plaintext- size. Therefore, HElib is suitable for applications which require small time complexity, and SEAL is suitable for applications which require many homo- morphic operations.

  • Card-Based Majority Voting Protocols with Three Inputs Using Three Cards
    著者
    Y. Watanabe, Y. Kuroki, S. Suzuki, Y. Koga, M. Iwamoto, and K. Ohta
    会議名
    ISITA 2018
    ページ
    218–222
    出版社
    IEEE
    発行年
    2018
    Abstract

    Private operations (private permutations) were independently introduced by Nakai et al. and Marcedone et al. for implementing card-based cryptographic protocols efficiently. Recently, Nakai et al. showed that, if the private operations are available, secure computations of AND and OR operations for two inputs can be realized simultaneously by using four cards, and the protocol is applied to four-card majority voting protocol with three inputs. In this paper, it is shown that only three cards are sufficient to construct the majority voting protocol with three inputs. Specifically, we propose two constructions of three-input majority voting protocols. First, assuming that players are allowed to announce their outputs, we show that one card can be reduced from Nakai et al.'s protocol without any additional private operations and communications. Our second construction requires two more private operations and communications, whereas it removes the assumption on announcement from the first construction.

  • Key-Updatable Public-Key Encryption with Keyword Search: Models and Generic Constructions
    著者
    H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe
    会議名
    ACISP 2018
    LNCS 10946
    ページ
    341–359
    出版社
    Springer
    発行年
    2018
    Abstract

    Public-key encryption with keyword search (PEKS) enables us to search over encrypted data, and is expected to be used between a cloud server and users’ devices such as laptops or smartphones. However, those devices might be lost accidentally or be stolen. In this paper, we deal with such a key-exposure problem on PEKS, and introduce a concept of PEKS with key-updating functionality, which we call key-updatable PEKS (KU-PEKS). Specifically, we propose two models of KU-PEKS: The key-evolution model and the key-insulation model. In the key-evolution model, a pair of public and secret keys can be updated if needed (e.g., the secret key is exposed). In the key-insulation model, a public key remains fixed while a secret key can be updated if needed. The former model makes a construction simple and more efficient than the latter model. On the other hand, the latter model is preferable for practical use since a user never updates his/her public key. We show constructions of a KU-PEKS scheme in each model in a black-box manner. We also give an experimental result for the most efficient instantiation, and show our proposal is practical.

  • Broadcast Encryption with Guessing Secrecy
    著者
    Y. Watanabe
    会議名
    ICITS 2017
    LNCS 10681
    ページ
    39–57
    出版社
    Springer
    発行年
    2017
    Abstract

    Perfect secrecy, which is a fundamental security notion introduced by Shannon, guarantees that no information on plaintexts is leaked from corresponding ciphertexts in the information-theoretic sense. Although it captures the strongest security, it is well-known that the secret-key size must be equal or larger than the plaintext-size to achieve perfect secrecy. Furthermore, probability distribution on secret keys must be uniform. Alimomeni and Safavi-Naini (ICITS 2012) proposed a new security notion, called guessing secrecy, to relax the above two restrictions, and showed that unlike perfect secrecy, even non-uniform keys can be used for providing guessing secrecy. Iwamoto and Shikata (ISIT 2015) showed secure concrete constructions of a symmetric-key encryption scheme with non-uniform keys in the guessing secrecy framework. In this work, we extend their results to the broadcast encryption setting. We first define guessing secrecy of broadcast encryption, and show relationships among several guessing-secrecy notions and perfect secrecy. We derive lower bounds on secret keys, and show the Fiat-Naor one-bit construction with non-uniform keys is also secure in the sense of guessing secrecy.

  • Four Cards Are Enough for Card-Based Three-Input Voting Protocol Utilizing Private Permutations
    著者
    T. Nakai, S. Shirouchi, M. Iwamoto, and K. Ohta
    会議名
    ICITS 2017
    LNCS 10681
    ページ
    153–165
    出版社
    Springer
    発行年
    2017
    Abstract

    The card-based cryptographic protocol is a variant of multi-party computation that enables us to compute a certain function securely by using playing cards. In existing card-based cryptographic protocols, a special operation of cards called a shuffle is used to achieve the information-theoretic security. Recently, card-based cryptographic protocols have been reconsidered from the viewpoint of multi-party computations. In this direction, a new model of card-based cryptographic protocol including a new assumption called Private Permutations (PP, for short) is introduced and succeeds in constructing efficient protocols for the millionaires’ protocol. In this paper, we construct efficient card-based cryptographic OR and XOR protocols based on the existing AND protocol. Furthermore, by unifying AND and OR protocols, it is shown that a majority voting protocol with three inputs is efficiently obtained. Our construction requires only four cards thanks to PPs, whereas the previous work requires eight cards.

  • Lattice-Based Revocable Identity-Based Encryption with Bounded Decryption Key Exposure Resistance
    著者
    A. Takayasu and Y. Watanabe
    会議名
    ACISP 2017
    LNCS 10342
    ページ
    184–204
    出版社
    Springer
    発行年
    2017
    Abstract

    A revocable identity-based encryption (RIBE) scheme, proposed by Boldyreva et al., provides a revocation functionality for managing a number of users dynamically and efficiently. To capture a realistic scenario, Seo and Emura introduced an additional important security notion, called decryption key exposure resistance (DKER), where an adversary is allowed to query short-term decryption keys. Although several RIBE schemes that satisfy DKER have been proposed, all the lattice-based RIBE schemes, e.g., Chen et al.’s scheme, do not achieve DKER, since they basically do not have the key re-randomization property, which is considered to be an essential requirement for achieving DKER. In particular, in every existing lattice-based RIBE scheme, an adversary can easily recover plaintexts if the adversary is allowed to issue even a single short-term decryption key query. In this paper, we propose a new lattice-based RIBE scheme secure against exposure of a-priori bounded number of decryption keys (for every identity). We believe that this bounded notion is still meaningful and useful from a practical perspective. Technically, to achieve the bounded security without the key re-randomization property, key updates in our scheme are short vectors whose corresponding syndrome vector changes in each time period. For this approach to work correctly and for the scheme to be secure, cover free families play a crucial role in our construction.

  • Unconditionally Secure Searchable Encryption
    著者
    T. Yoshizawa, Y. Watanabe, and J. Shikata
    会議名
    CISS 2017
    ページ
    1–6
    出版社
    IEEE
    発行年
    2017
    Abstract

    Searchable symmetric encryption (SSE) enables us to search encrypted data with an arbitrarily chosen keyword without leaking information on the data and keyword. SSE is expected to be used in, for example, cloud computing and genome analyses. In particular, privacy of genome data must be guaranteed for long periods, and therefore unconditionally secure cryptographic protocols, rather than computationally secure ones, should be used for protecting genome data. For this reason, we propose new constructions of unconditionally secure SSE schemes in this paper. Specifically, we define a model and security of unconditionally secure SSE, and we show a lower bound on secret-key sizes. We propose two kinds of constructions of unconditionally secure SSE schemes: One is asymptotically optimal in the sense of the secret-key size with some restriction on the security definition; and the other achieves full security at the sacrifice of the secret-key size.

  • New Revocable IBE in Prime-Order Groups: Adaptively Secure, Decryption Key Exposure Resistant, and with Short Public Parameters
    著者
    Y. Watanabe, K. Emura, and J.H. Seo
    会議名
    CT-RSA 2017
    LNCS 10159
    ページ
    432–449
    出版社
    Springer
    発行年
    2017
    Abstract

    Revoking corrupted users is a desirable functionality for cryptosystems. Since Boldyreva, Goyal, and Kumar (ACM CCS 2008) proposed a notable result for scalable revocation method in identity-based encryption (IBE), several works have improved either the security or the efficiency of revocable IBE (RIBE). Currently, all existing scalable RIBE schemes that achieve adaptively security against decryption key exposure resistance (DKER) can be categorized into two groups; either with long public parameters or over composite-order bilinear groups. From both practical and theoretical points of views, it would be interesting to construct adaptively secure RIBE scheme with DKER and short public parameters in prime-order bilinear groups.
    In this paper, we address this goal by using Seo and Emura’s technique (PKC 2013), which transforms the Waters IBE to the corresponding RIBE. First, we identify necessary requirements for the input IBE of their transforming technique. Next, we propose a new IBE scheme having several desirable properties; satisfying all the requirements for the Seo-Emura technique, constant-size public parameters, and using prime-order bilinear groups. Finally, by applying the Seo-Emura technique, we obtain the first adaptively secure RIBE scheme with DKER and constant-size public parameters in prime-order bilinear groups.

  • Unconditionally Secure Revocable Storage: Tight Bounds, Optimal Construction, and Robustness
    著者
    Y. Watanabe, G. Hanaoka, and J. Shikata
    会議名
    ICITS 2016
    LNCS 10015
    ページ
    213–237
    出版社
    Springer
    発行年
    2016
    Abstract

    Data stored in cloud storage sometimes requires long-term security due to its sensitivity (e.g., genome data), and therefore, it also requires flexible access control for handling entities who can use the data. Broadcast encryption can partially provide such flexibility by specifying privileged receivers so that only they can decrypt a ciphertext. However, once privileged receivers are specified, they can be no longer dynamically added and/or removed. In this paper, we propose a new type of broadcast encryption which provides long-term security and appropriate access control, which we call unconditionally secure revocable-storage broadcast encryption (RS-BE). In RS-BE, privileged receivers of a ciphertext can be dynamically updated without revealing any information on the underlying plaintext. Specifically, we define a model and security of RS-BE, and derive tight lower bounds on sizes of secret keys required for a one-time secure RS-BE scheme when the ciphertext size is equal to the plaintext size. Our lower bounds can be applied to traditional broadcast encryption. We then construct a one-time secure RS-BE scheme with a trade-off between sizes of ciphertexts and secret keys, and our construction for the smallest ciphertext size meets all bounds with equalities. Furthermore, to detect an improper update, we consider security against modification attacks to a ciphertext, and present a concrete construction secure against this type of attacks.

  • Efficient Card-Based Cryptographic Protocols for Millionaires’ Problem Utilizing Private Permutations
    著者
    T. Nakai, Y. Misawa, Y. Tokushige, M. Iwamoto, and K. Ohta
    会議名
    CANS 2016
    LNCS 10052
    ページ
    350–364
    出版社
    Springer
    発行年
    2016
    発表日
    Nov. 15, 2016
    Abstract

    We propose several efficient card-based cryptographic protocols for the millionaires’ problem by introducing a new operation called Private Permutation (PP) instead of the shuffle used in existing card-based cryptographic protocols. Shuffles are useful randomization techniques for designing card-based cryptographic protocols for logical gates, and this approach seems to be almost optimal. This fact, however, implies that there is room for improvements if we do not use logical gates as building blocks for secure computing, and we show that such an improvement is actually possible for the millionaires’ problem. Our key technique, PP, is a natural randomization operation for permuting a set of cards behind the player’s back, and hence, a shuffle can be decomposed into two PPs with one communication between them. Thus PP not only allows us to transform Yao’s seminal protocol into a card-based cryptographic protocol, but also enables us to propose entirely novel and efficient protocols by securely updating bitwise comparisons between two numbers. Furthermore, it is interesting to remark that one of the proposed protocols has a remarkably deep connection to the well-known logical puzzle known as “The fork in the road”.

  • Probabilistic Generation of Trapdoors: Reducing Information Leakage of Searchable Symmetric Encryption
    著者
    K. Hayasaka, Y. Kawai, Y. Koseki, T. Hirano, K. Ohta, and M. Iwamoto
    会議名
    CANS 2016
    LNCS 10052
    ページ
    500–517
    出版社
    Springer
    発行年
    2016
    Abstract

    Searchable symmetric encryption (SSE) enables a user to outsource a collection of encrypted documents in the cloud and to perform keyword searching without revealing information about the contents of the documents and queries. On the other hand, the information (called search pattern) whether or not the same keyword is searched in each query is always leaked in almost all previous schemes whose trapdoors are generated deterministically. Therefore, reducing the search pattern leakage is outside the scope of almost all previous works. In this paper, we tackle to the leakage problem of search pattern, and study methodology to reduce this leakage. Especially, we discuss that it might be possible to reduce the search pattern leakage in cases where a trapdoor does not match any encrypted document. We also point out that the same search pattern is leaked regardless of probabilistic or deterministic generation of trapdoors when the user searches using a keyword which has already searched and matched a certain encrypted document. Thus, we further aim to construct SSE schemes with fast “re-search” process, in addition to reducing the search pattern leakage. In order to achieve the above, we introduce a new technique “trapdoor locked encryption” which can extract a deterministic trapdoor from a probabilistic trapdoor, and then propose a new SSE scheme which can generate trapdoors probabilistically and reduce the search pattern leakage. Our scheme is constructed by applying our technique to the well-known and influential scheme SSE-2 (ACM CCS 2006) and can be proved secure in the standard model.

  • Simple, Secure, and Efficient Searchable Symmetric Encryption with Multiple Encrypted Indexes
    著者
    T. Hirano, M. Hattori, Y. Kawai, N. Matsuda, M. Iwamoto, K. Ohta, Y. Sakai, and T. Munaka
    会議名
    IWSEC 2016
    LNCS 9836
    ページ
    91–110
    出版社
    Springer
    発行年
    2016
    発表日
    Sep., 2016
    Abstract

    In searchable symmetric encryption (SSE), adding documents to a database is an indispensable functionality in real situations, and there are two approaches for executing the process: One approach is to update the encrypted index, and the other is to generate a new encrypted index. The former approach is called dynamic SSE, which has been extensively studied recently due to its importance. The latter approach has an advantage such that it can be directly applied to any existing SSE scheme without degrading its original functionalities, but previous methods are not satisfactory from a viewpoint of security, storage size, or efficiency. In this paper, we propose a simple document adding method that resolve the problem occurred in the latter approach. Our method is quite generic, and therefore can be applied to any existing SSE scheme (e.g. non-dynamic one with useful functionalities). Our key idea is to utilize publicly available information and hash chains in construction of encrypted indexes. In order to exhibit the ability of our method, we present a concrete scheme which is led by applying our method to the well-known and influential scheme SSE-2 (ACM CCS 2006). Thanks to the simplicity of our method, the scheme can be easily proved secure under a naturally generalized setting of the most widely used security model.

  • Deep-Learning-Based Security Evaluation on Authentication Systems Using Arbiter PUF and Its Variants
    著者
    R. Yashiro, T. Machida, M. Iwamoto, and K. Sakiyama
    会議名
    IWSEC 2016
    LNCS 9836
    ページ
    267–285
    出版社
    Springer
    発行年
    2016
    発表日
    2016
    Abstract

    Fake integrated circuit (IC) chips are in circulation on the market, which is considered a serious threat in the era of the Internet of Things (IoTs). A physically unclonable function (PUF) is expected to be a fundamental technique to separate the fake IC chips from genuine ones. Recently, the arbiter PUF (APUF) and its variants are intensively researched aiming at using for a secure authentication system. However, vulnerability of APUFs against machine-learning attacks was reported. Upon the situation, the double arbiter PUF (DAPUF), which has a tolerance against support vector machine (SVM)-based machine-learning attacks, was proposed as another variant of APUF in 2014. In this paper, we perform a security evaluation for authentication systems using APUF and its variants against Deep-learning (DL)-based attacks. DL has attracted attention as a machine-learning method that produces better results than SVM in various research fields. Based on the experimental results, we show that these DAPUFs could be used as a core primitive in a secure authentication system if setting an appropriate threshold to distinguish a legitimate IC tags from fake ones.

  • Sequential Aggregate Authentication Codes with Information Theoretic Security
    著者
    S. Tomita, Y. Watanabe, and J. Shikata
    会議名
    CISS 2016
    ページ
    192–197
    出版社
    IEEE
    発行年
    2016
    Abstract

    Sequential aggregate signature (SAS) schemes provide a single, compact signature, which is generated from a number of signatures, that simultaneously ensures that each signature is legally generated from the corresponding message with a defined order. Although SAS schemes have various applications such as a secure border gateway protocol, all existing schemes are computationally secure (i.e., assuming computationally bounded adversaries). In this paper, we first propose sequential aggregate authentication codes (SAA-codes), which has similar functionality of SAS in the information theoretic security setting. Specifically, we give a model and security formalization of SAA-codes, derive lower bounds on sizes of secret keys and authenticators required in secure SAA-codes, and present two kinds of optimal constructions in the sense that each construction meets the lower bounds with equalities.

  • Identity-Based Hierarchical Key-Insulated Encryption without Random Oracles
    著者
    Y. Watanabe and J. Shikata
    会議名
    PKC 2016
    LNCS 9614
    ページ
    255–279
    出版社
    Springer
    発行年
    2016
    Abstract

    Key-insulated encryption is one of the effective solutions to a key exposure problem. Recently, identity-based encryption (IBE) has been used as one of fundamental cryptographic primitives in a wide range of various applications, and it is considered that the identity-based key-insulated security has a huge influence on the resulting applications. At Asiacrypt’05, Hanaoka et al. proposed an identity-based hierarchical key-insulated encryption (hierarchical IKE) scheme. Although their scheme is secure in the random oracle model, it has a “hierarchical key-updating structure,” which is attractive functionality that enhances key exposure resistance.

  • Constructions of Unconditionally Secure Broadcast Encryption from Key Predistribution Systems with Trade-offs between Communication and Storage
    著者
    Y. Watanabe and J. Shikata
    会議名
    ProvSec 2015
    LNCS 9451
    ページ
    489–502
    出版社
    Springer
    発行年
    2015
    Abstract

    An (≤n,≤ω)-one-time secure broadcast encryption schemes (BESs) allows a sender to specify any subset of receivers so that only the specified recievers can decrypt a ciphertext. In this paper, we first show an efficient construction of a BES with general ciphertext sizes. Specifically, we propose a generic construction of a BES from key predistribution systems (KPSs) when its ciphertext size is equal to integer multiple of the plaintext size, and our construction includes all known constructions. However, there are many possible combinations of the KPSs to realize the BES in our construction methodology, and therefore, we show that which combination is the best one in the sense that secret-key size can be minimized. Deriving a tight bound on the secret-key size required for (≤n,≤ω)-one-time secure BES with any ciphertext size still remains an open problem.Our result also means that we first show an upper bound on the size of secret keys for general ciphertext sizes.

  • Keyword Revocable Searchable Encryption with Trapdoor Exposure Resistance and Re-Generateability
    著者
    K. Emura, L. T. Phong, and Y. Watanabe
    会議名
    IEEE TrustCom 2015
    ページ
    167–174
    出版社
    IEEE
    発行年
    2015
    Abstract

    In searchable encryption in the public key setting, a trapdoor is uploaded to a server, and the server runs the test algorithm by using the trapdoor. However, if trapdoors stored in the server will be exposed due to unexpected situations, then anyone can run the test algorithm. Therefore, the trapdoor revocation functionality is desirable in practice. Moreover, even certain keyword revocation functionality is supported, the impact of trapdoor exposure should be minimized. In addition to this, it seems difficult to assume that revoked keywords will never be used. Therefore, we need to consider the case where a new trapdoor can be generated even a trapdoor has been revoked before. In this paper, we give a formal definition of keyword revocable public key encryption with keyword search (KR-PEKS), and propose a generic construction of KR-PEKS from revocable identity-based encryption with a certain anonymity. Our construction is not only a generalization of revocable keyword search proposed by with Yu, Ni, Yang, Mu, and Susilo (Security and Communication Networks 2014), but also supports trapdoor exposure resistance which guarantees that an exposure of a trapdoor does not infect of other trapdoors, and trapdoor re-generateability which guarantee that a new trapdoor can be generated even a keyword has been revoked before.

  • Construction of Symmetric-Key Encryption with Guessing Secrecy
    著者
    M. Iwamoto and J. Shikata
    会議名
    IEEE ISIT 2015
    ページ
    725–729
    出版社
    IEEE
    発行年
    2015
    発表日
    Jun. 14–19, 2015
    Abstract

    Constructions of symmetric-key encryption with guessing secrecy are discussed. In the previous works, only a construction of symmetric-key encryption with average guessing secrecy is proposed for one-bit plaintexts. In this paper, we analyze a symmetric-key encryption with average guessing secrecy through OTP (one-time pad) constructions for a wide class of probability distributions of plaintexts and keys. As a result, we show a necessary and sufficient condition that such class of distributions satisfies average guessing secrecy in OTP constructions. On the other hand, we prove that optimal guessing secrecy is essentially equivalent to perfect secrecy under several natural restrictions. Therefore, only average guessing secrecy is meaningful for considering guessing secrecy other than perfect secrecy.

  • Implementation of Double Arbiter PUF and Its Performance Evaluation on FPGA
    著者
    T. Machida, D. Yamamoto, M. Iwamoto, and K. Sakiyama
    会議名
    ASP-DAC 2015
    ページ
    6–7
    発行年
    2015
    発表日
    Jan. 19–22, 2015
    Abstract

    Low uniqueness and vulnerability to machine-learning attacks are known as two major problems of Arbiter-Based Physically Unclonable Function (APUF) implemented on FPGAs. In this paper, we implement Double APUF (DAPUF) that duplicates the original APUF in order to overcome the problems. From the experimental results on Xilinx Virtex-5, we show that the uniqueness of DAPUF becomes almost ideal, and the prediction rate of the machine-learning attack decreases from 86% to 57%.

  • Constructions of CCA-Secure Revocable Identity-Based Encryption
    著者
    Y. Ishida, Y. Watanabe, and J. Shikata
    会議名
    ACISP 2015
    LNCS 9144
    ページ
    174–191
    出版社
    Springer
    発行年
    2015
    Abstract

    Key revocation functionality is important for identity-based encryption (IBE) to manage users dynamically. Revocable IBE (RIBE) realizes such revocation functionality with scalability. In PKC 2013, Seo and Emura first considered decryption key exposure resistance (DKER) as a new realistic threat, and proposed the first RIBE scheme with DKER. Their RIBE scheme is adaptively secure against chosen plaintext attacks (CPA), and there is no concrete RIBE scheme adaptively secure against chosen ciphertext attacks (CCA) even without DKER so far. In this paper, we first propose two constructions of adaptively CCA-secure RIBE schemes with DKER. The first scheme is based on an existing transformation, which is called a BCHK transformation, that a CPA-secure hierarchical IBE scheme can be transformed into a CCA-secure scheme. The second scheme is constructed via the KEM/DEM framework. Specifically, we newly propose a revocable identity-based key encapsulation mechanism (RIB-KEM), and we show a generic construction of a CCA-secure RIBE scheme from the RIB-KEM and a data encapsulation mechanism (DEM). The second scheme is more efficient than the first one in terms of the ciphertext size.

  • Secure (M+1)st-Price Auction with Automatic Tie-Break
    著者
    T. Nishide, M. Iwamoto, A. Iwasaki, and K. Ohta
    会議名
    InTrust 2014
    LNCS 9473
    422–436
    出版社
    Springer
    発行年
    2015
    Abstract

    In auction theory, little attention has been paid to a situation where the tie-break occurs because most of auction properties are not affected by the way the tie-break is processed. Meanwhile, in secure auctions where private information should remain hidden, the information of the tie can unnecessarily reveal something that should remain hidden. Nevertheless, in most of existing secure auctions, ties are handled outside the auctions, and all the winning candidates or only the non-tied partial bidders are identified in the case of ties, assuming that a subsequent additional selection (or auction) to finalize the winners is held publicly. However, for instance, in the case of the (M+1) st-price auction, the tied bidders in the (M+1)st-price need to be identified for such a selection, which implies that their bids (unnecessary private information) are revealed. Hence it is desirable that secure auctions reveal neither the existence of ties nor the losing tied bidders.
    To overcome these shortcomings, we propose a secure (M+1)st-price auction protocol with automatic tie-breaks and no leakage of the tie information by improving the bit-slice auction circuit without increasing much overhead.

  • A New Model of Client–Server Communications under Information Theoretic Security
    著者
    M. Iwamoto, T. Omino, Y. Komano, and K. Ohta
    会議名
    IEEE ITW 2014
    ページ
    512–516
    出版社
    IEEE
    発行年
    2014
    発表日
    Nov. 5, 2014
    Abstract

    A new model for a Client-Server Communication (CSC) system satisfying information theoretic security is proposed, and its fundamental properties are discussed. Our CSC allows n users to upload their respective messages to a server securely by using symmetric key encryptions with their own keys, and all ciphertexts are decrypted by the server. If we require all messages to be perfectly secure in CSC against the corrupted clients and adversaries without any keys, it is proved that a one time pad or more inefficient encryption must be used for each communication link between a client and the server. This means that, in order to realize more efficient CSC, it is necessary to leak out some information of each message. Based on these observations, we introduce a new model for such a secure CSC formally, and discuss its fundamental properties. In addition, we propose the optimal construction of CSC under several constraints on security parameters called security rates.

  • Cheating on a Visual Secret Sharing Scheme under a Realistic Scenario
    著者
    P. Lumyong, M. Iwamoto, and K. Ohta
    会議名
    ISITA 2014
    ページ
    546–550
    出版社
    IEEE
    発行年
    2014
    発表日
    Oct. 29, 2014
    Abstract

    Cheating on a (2, n)-threshold visual secret sharing (VSS) schemes is discussed under a realistic scenario. Horng et al. pointed out an ordinary VSS scheme is vulnerable against a certain kind of cheating, and they proposed a countermeasure against it. In their work, so-called Kerckhoffs's principle and availability of computing power are implicitly assumed in cheating detection. Namely, this work follows a scenario where a victim knows basis matrices and can use computational ability in cheating detection. Under this scenario, Horng et al. showed that their countermeasure attains negligible success probability of generating the victim's share. However, recalling the fact that the decryption of VSS schemes does not depend on computations but depends on human visual system, we can naturally assume a realistic scenario where the victim does not know the basis matrices and has no computing power. Under this scenario, we show that the cheaters can make the victim recover an arbitrary forged secret image in Horng et al.'s countermeasure with probability 1.

  • Timed-Release Computational Secret Sharing Scheme and Its Applications
    著者
    Y. Watanabe and J. Shikata
    会議名
    ProvSec 2014
    LNCS 8782
    ページ
    326–333
    出版社
    Springer
    発行年
    2014
    Abstract

    A secret sharing scheme is an important cryptographic primitive. In this paper, we focus on a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme, with timed-release functionality, which we call a timed-release computational secret sharing (TR-CSS) scheme. In TR-CSS, participants more than or equal to a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Our TR-CSS can be regarded as a natural extension of Krawczyk’s CSS, and we finally succeed to add timed-release functionality to Krawczyk’s CSS with small overhead, which seems to be almost optimal. Moreover, we show our proposal of TR-CSS is important for constructing threshold encryption and multiple encryption with timed-release functionality in a generic and efficient way.

  • Timed-Release Secret Sharing Schemes with Information Theoretic Security
    著者
    Y. Watanabe and J. Shikata
    会議名
    BalkanCryptSec 2014
    LNCS 9024
    ページ
    219–236
    出版社
    Springer
    発行年
    2014
    Abstract

    In modern cryptography, the secret sharing scheme is an important cryptographic primitive and it is used in various situations. In this paper, timed-release secret sharing (TR-SS) schemes with information-theoretic security is first studied. TR-SS is a secret sharing scheme with the property that participants more than a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Specifically, in this paper we first introduce models and formalization of security for two kinds of TR-SS based on the traditional secret sharing scheme and information-theoretic timed-release security. We also derive tight lower bounds on the sizes of shares, time-signals, and entities’ secret-keys required for each TR-SS scheme. In addition, we propose direct constructions for the TR-SS schemes. Each direct construction is optimal in the sense that the construction meets equality in each of our bounds, respectively. As a result, it is shown that the timed-release security can be realized without any additional redundancy on the share size.

  • A New Mode of Operation for Arbiter PUF to Improve Uniqueness on FPGA
    著者
    T. Machida, D. Yamamoto, M. Iwamoto, and K. Sakiyama
    会議名
    EAIS 2014
    ページ
    877–884
    出版社
    IEEE
    発行年
    2014
    発表日
    Sep. 7–10, 2014
    Abstract

    Arbiter-based Physically Unclonable Function (PUF) is one kind of the delay-based PUFs that use the time difference of two delay-line signals. One of the previous work suggests that Arbiter PUFs implemented on Xilinx Virtex-5 FPGAs generate responses with almost no difference, i.e. with low uniqueness. In order to overcome this problem, Double Arbiter PUF was proposed, which is based on a novel technique for generating responses with high uniqueness from duplicated Arbiter PUFs on FPGAs. It needs the same costs as 2-XOR Arbiter PUF that XORs outputs of two Arbiter PUFs. Double Arbiter PUF is different from 2-XOR Arbiter PUF in terms of mode of operation for Arbiter PUF: the wire assignment between an arbiter and output signals from the final selectors located just before the arbiter. In this paper, we evaluate these PUFs as for uniqueness, randomness, and steadiness. We consider finding a new mode of operation for Arbiter PUF that can be realized on FPGA. In order to improve the uniqueness of responses, we propose 3-1 Double Arbiter PUF that has another duplicated Arbiter PUF, i.e. having 3 Arbiter PUFs and output 1-bit response. We compare 3-1 Double Arbiter PUF to 3-XOR Arbiter PUF according to the uniqueness, randomness, and steadiness, and show the difference between these PUFs by considering the mode of operation for Arbiter PUF. From our experimental results, the uniqueness of responses from 3-1 Double Arbiter PUF is approximately 50%, which is better than that from 3-XOR Arbiter PUF. We show that we can improve the uniqueness by using a new mode of operation for Arbiter PUF.

  • Secret Sharing Schemes Based on Min-Entropies
    著者
    M. Iwamoto and J. Shikata
    会議名
    IEEE ISIT 2014
    ページ
    401–405
    出版社
    IEEE
    発行年
    2014
    Abstract

    Fundamental results are clarified with respect to secret sharing schemes (SSSs) in which security and each share size are measured by (conditional) min-entropies. We first formalize a unified framework of SSS based on conditional Rényi entropies, which includes SSSs based on Shannon and min entropies etc., as special cases. By deriving the lower bound of share sizes in terms of Rényi entropies, we can derive the lower bounds of share sizes measured by Shannon and min entropies in a unified manner. Then, we focus on the existence of SSSs based on min-entropies for several important settings. In the traditional SSSs based on (conditional) Shannon entropies, it is known that; (1) there exists a SSS for arbitrary secret information and arbitrary access structure, and; (2) for every integers k and n (k ≤ n), the ideal (k,n)-threshold scheme exists when secret information is uniform or deterministic. Corresponding to these results, we clarify the following: (1') there exists a SSS for arbitrary binary secret information and arbitrary access structure, and; (2') for every integers k and n (k ≤ n), the ideal (k,n)-threshold scheme exists even if the secret is neither uniform nor deterministic.

  • Privacy-Preserving Smart Metering with Verifiability for Both Billing and Energy Management
    著者
    K. Ohara, Y. Sakai, F. Yoshida, M. Iwamoto, and K. Ohta
    会議名
    ACM ASIAPKC 2014
    ページ
    23–32
    出版社
    ACM
    発行年
    2014
    Abstract

    In smart grid systems, security and privacy prevention is great concerns. The suppliers of the power in smart grid systems demand to know the consumption of each customer for correctly calculating billing price and the total amount of consumption in a certain region for managing energy supply adopted real-time needs. On the other hand, the customer of the power desires to hide his/her own consumption profile, since it contains privacy information of the customer. However, hiding the consumption allows customers to reduce billing price. Previous privacy-preserving smart metering schemes provide only one of billing or energy management functionality, or even if both of them are achieved, these schemes cannot verify the integrity of the consumption issued by the smart meter. We propose a novel smart metering scheme that provides both of billing and energy management functionality, as well as verifiability of the integrity of total amount of the consumption or billing price.

  • An Automated Evaluation Tool for Improved Rebound Attack: New Distinguishers and Proposals of ShiftBytes Parameters for Grøstl
    著者
    Y. Sasaki, Y. Tokushige, L. Wang, M. Iwamoto, and K. Ohta
    会議名
    CT-RSA 2014
    LNCS 8366
    ページ
    424–443
    出版社
    Springer
    発行年
    2014
    Abstract

    In this paper, we study the security of AES-like permutations against the improved rebound attack proposed by Jean et al. at FSE 2012 which covers three full-active rounds in the inbound phase. The attack is very complicated and hard to verify its optimality when the state size is large and rectangle, namely the numbers of rows and columns are different. In the inbound phase of the improved rebound attack, several SuperSBoxes are generated for each of forward analysis and backward analysis. The attack searches for paired values that are consistent with all SuperSBoxes. The attack complexity depends on the order of the SuperSBoxes to be analyzed, and detecting the best order is hard. In this paper, we develop an automated complexity evaluation tool with several fast implementation techniques. The tool enables us to examine all the possible orders of the SuperSBoxes, and provides the best analysis order and complexity. We apply the tool to large block Rijndael in the known-key setting and the Grøstl-512 permutation. As a result, we obtain the first 9-round distinguisher for Rijndael-192 and Rijndael-224. It also shows the impossibility of the improved rebound attack against 9-round Rijndael-160 and 10-round Rijndael-256, and the optimality of the previous distinguisher against the 10-round Grøstl-512 permutation. Moreover, the efficiency of the improved rebound attack depends on the parameter of the ShiftRows operation. Our tool can exhaustively examine all the possible ShiftRows parameters to search for the ones that can resist the attack. We show new parameters for the Grøstl-512 permutation obtained by our tool, which can resist a 10-round improved rebound attack while the specification parameter cannot resist it.

  • Limited-Birthday Distinguishers for Hash Functions—Collisions beyond the Birthday Bound Can Be Meaningful
    著者
    M. Iwamoto, T. Peyrin, and Y. Sasaki
    会議名
    ASIACRYPT 2013
    LNCS 8269
    ページ
    505–523
    発行年
    2013
    Abstract

    In this article, we investigate the use of limited-birthday distinguishers to the context of hash functions. We first provide a proper understanding of the limited-birthday problem and demonstrate its soundness by using a new security notion Differential Target Collision Resistance (dTCR) that is related to the classical Target Collision Resistance (TCR) notion. We then solve an open problem and close the existing security gap by proving that the best known generic attack proposed at FSE 2010 for the limited-birthday problem is indeed the best possible method.
    Moreover, we show that almost all known collision attacks are in fact more than just a collision finding algorithm, since the difference mask for the message input is usually fixed. A direct and surprising corollary is that these collision attacks are interesting for cryptanalysis even when their complexity goes beyond the 2n/2 birthday bound and up to the 2n preimage bound, and can be used to derive distinguishers using the limited-birthday problem. Interestingly, cryptanalysts can now search for collision attacks beyond the 2n/2 birthday bound.
    Finally, we describe a generic algorithm that turns a semi-free-start collision attack on a compression function (even if its complexity is beyond the birthday bound) into a distinguisher on the whole hash function when its internal state is not too wide. To the best of our knowledge, this is the first result that exploits classical semi-free-start collisions on the compression function to exhibit a weakness on the whole hash function. As an application of our findings, we provide distinguishers on reduced or full version of several hash functions, such as RIPEMD-128, SHA-256, Whirlpool, etc.

  • Information-Theoretically Secure Entity Authentication in the Multi-User Setting
    著者
    S. Hajime, Y. Watanabe, and J. Shikata
    会議名
    ICISC 2013
    LNCS 8565
    ページ
    400–417
    出版社
    Springer
    発行年
    2013
    Abstract

    In this paper, we study unilateral entity authentication protocols and mutual entity authentication protocols with information-theoretic security in the multi-user setting. To the best of our knowledge, only one paper by Kurosawa studied an entity authentication protocol with information-theoretic security, and an unilateral entity authentication protocol in the two-user setting was considered in his paper. In this paper, we extend the two-user unilateral entity authentication protocol to the multi-user one. In addition, we formally study an information-theoretically secure mutual entity authentication protocol in the multi-user setting for the first time. Specifically, we formalize a model and security definition, and derive tight lower bounds on size of users’ secret-keys, and we show an optimal direct construction.

  • Information Theoretic Security for Encryption Based on Conditional Rényi Entropies
    著者
    M. Iwamoto and J. Shikata
    会議名
    ICITS 2013
    LNSC 8317
    ページ
    101–121
    出版社
    Springer
    発行年
    2013
    Abstract

    In this paper, information theoretic cryptography is discussed based on conditional Rényi entropies. Our discussion focuses not only on cryptography but also on the definitions of conditional Rényi entropies and the related information theoretic inequalities. First, we revisit conditional Rényi entropies, and clarify what kind of properties are required and actually satisfied. Then, we propose security criteria based on Rényi entropies, which suggests us deep relations between (conditional) Rényi entropies and error probabilities by using several guessing strategies. Based on these results, unified proof of impossibility, namely, the lower bounds on key sizes are derived based on conditional Rényi entropies. Our model and lower bounds include the Shannon’s perfect secrecy, and the min-entropy based encryption presented by Dodis, and Alimomeni and Safavi-Naini at ICITS2012. Finally, a new optimal symmetric key encryption protocol achieving the lower bounds is proposed.

  • Unconditionally Secure Blind Authentication Codes in the Manual Channel Model
    著者
    N. Takei, Y. Watanabe, and J. Shikata
    会議名
    3rd ISEEE
    ページ
    297–302
    発行年
    2013
    発表日
    2013
    Abstract

    In this paper, as a fundamental cryptographic protocol with information-theoretic security, we propose unconditionally secure blind authentication codes in the manual channel model. The blind authentication code is a protocol in which a user can obtain a signer's authenticator of a message with anonymity of a message and a verifier can verify the validity of it. To realize such a mechanism, it is known that each entity of the system, a user, a signer, and a verifier needs to have secret information. In our model of blind authentication codes in the manual channel model, a verifier can verify the validity of an authenticated message without any secret key. In this paper we propose a formal model and security formalization of blind authentication codes in the manual channel model. In addition, we present a construction of unconditionally secure blind authentication codes in the manual channel model.

  • Unconditionally Secure Anonymous Group Authentication with an Arbiter
    著者
    T. Seito, Y. Watanabe, K. Kinose, and J. Shikata
    会議名
    3rd ISEEE
    ページ
    291–296
    発行年
    2013
    Abstract

    In cryptographic application, there is need for protecting privacy of users besides integrity of data transmitted in a public channel. In unconditional (or information-theoretic) security setting, a model of GA-codes (Group Authentication codes) which ensures the anonymity for senders like the computationally secure group signature was proposed. In this model, it is assumed that both the sender and the receiver are mutually trusted. In this paper, we remove the assumption and newly propose a model and security definition of the GA2-code (Group Authentication codes with an Arbiter) in which a trusted arbiter is provided so that the arbiter can resolve a dispute between the sender and the receiver. This model can be considered as extension of both the GA-codes and the traditional A2-codes (Authentication codes with an Arbiter). In addition, we propose a construction which meets our security definition of GA2-codes by using polynomials over finite fields. We also consider the case that the arbiter is not always honest and call this model GA3-codes (GA-codes with protecting against arbiter's attack), which is similar to the setting of the traditional A3-codes.

  • Information-Theoretically Secure Aggregate Authentication Code: Model, Bounds, and Constructions
    著者
    A. Kubai, J. Shikata, and Y. Watanabe
    会議名
    CD-ARES Workshop, MoCrySEn 2013
    LNCS 8128
    ページ
    16–28
    出版社
    Springer
    発行年
    2013
    発表日
    Sep. 2–6, 2013
    Abstract

    In authentication schemes where many users send authenticated messages to a receiver, it is desirable to aggregate them into a single short authenticated message in order to reduce communication complexity. In this paper, in order to realize such a mechanism in information-theoretic security setting, we first propose aggregate authentication codes. Specifically, we newly propose a model and a security definition for aggregate authentication codes. We also show tight lower bounds on sizes of entities’ secret-keys and (aggregated) tags. Furthermore, we present optimal (i.e., most efficient) constructions for aggregate authentication codes.

  • Meet-in-the-Middle Preimage Attacks Revisited: New Results on MD5 and HAVAL
    著者
    Y. Sasaki, W. Komatsubara, Y. Sakai, L. Wang, M. Iwamoto, K Sakiyama, and K. Ohta
    会議名
    SECRYPT 2013
    ページ
    111–122
    発行年
    2013
    発表日
    Jul. 29–31, 2013
    Abstract

    In this paper, we revisit previous meet-in-the-middle preimage attacks on hash functions. We firstly present a technical improvement for the existing local-collision and initial-structure techniques. With applying some equivalent transformation, we can significantly reduce the memory requirement from the original proposals. We then revisit the previous preimage attacks on MD5 and HAVAL with recent techniques. Consequently, we can improve the memory complexity of the previous preimage attack on full MD5 from 245 to 213 and on full 4-pass HAVAL from 264 to 232 . Moreover, we extend the preimage attack on 5-pass HAVAL from 151 steps to 158 steps, and present the first preimage attack with a single block message for 3-pass HAVAL.

  • Key-Dependent Weakness of AES-Based Ciphers Under Clockwise Collision Distinguisher
    著者
    T. Nakasone, Y. Li, Y. Sasaki, M. Iwamoto, K. Ohta, and K. Sakiyama
    会議名
    ICISC 2012
    LNCS 7839
    ページ
    395–409
    出版社
    Springer
    発行年
    2012
    発表日
    Dec., 2012
    Abstract

    In 2011, Li et al. proposed a series of side-channel attacks that are related to a fundamental side-channel leakage source called clockwise collision. This paper discloses the fact that hardware implementations of AES-based ciphers could have weak keys assuming that the leakage of clockwise collision is distinguishable. In order to explain this, we firstly set up an evaluation method by introducing a threshold-based distinguisher that takes an advantage of the locality of ElectroMagnetic (EM) measurements. Secondly, we discuss that the probability of clockwise collision depends on the key values and the byte positions in the AES states. Thirdly, based on practical EM measurements and mathematical analysis, we quantitatively evaluate the relationship between the probability of clockwise collision and the vulnerability to the side-channel attack. Finally, the discussion is extended to the design methodology of AES-based ciphers, i.e., the parameter selection for S-box and ShiftRows.

  • Information-Theoretic Timed-Release Security: Key-Agreement, Encryption and Authentication Codes
    著者
    Y. Watanabe, T. Seito, and J. Shikata
    会議名
    ICITS 2012
    LNCS 7412
    ページ
    167–186
    出版社
    Springer
    発行年
    2012
    Abstract

    In this paper, we study timed-release cryptography with information-theoretic security. As fundamental cryptographic primitives with information-theoretic security, we can consider key-agreement, encryption, and authentication codes. Therefore, in this paper, we deal with information-theoretic timed-release security for all those primitives. Specifically, we propose models and formalizations of security for information-theoretic timed-release key-agreement, encryption, and authentication codes, and we present constructions of those ones. In particular, information-theoretic timed-release encryption and authentication codes can be constructed from information-theoretic timed-release key-agreement in a generic and simple way. Also, we derive tight lower bounds of sizes of secret-keys and show an optimal construction for information-theoretic timed-release key-agreement. Furthermore, we investigate a relationship of mechanisms between information-theoretic timed-release key-agreement and information-theoretic key-insulated key-agreement. It turns out that there exists a simple algorithm which converts the former into the latter, and vice versa. In the sense, we conclude that these two mechanisms are essentially close.

  • Variations of Information Theoretic Security Notions
    著者
    M. Iwamoto and K. Ohta
    会議名
    AEW 7
    ページ
    73–76
    発行年
    2011
    発表日
    Jul., 2011
    Non-peer reviewed paper.
  • Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches
    著者
    D. Yamamoto, K. Sakiyama, M. Iwamoto, K. Ohta, T. Ochiai, M. Takenaka, and K. Itoh
    会議名
    CHES 2011
    LNCS 6917
    ページ
    391–406
    出版社
    Springer
    発行年
    2011
    発表日
    Oct., 2011
    Abstract

    Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, PUFs are considered to be more secure the larger their output entropy. However, the entropy of conventional PUFs is lower than the output bit length, because some output bits are random numbers, which are regarded as unnecessary for ID generation and discarded. We propose a novel PUF structure based on a Butterfly PUF with multiple RS latches, which generates larger entropy by utilizing location information of the RS latches generating random numbers. More specifically, while conventional PUFs generate binary values (0/1), the proposed PUF generates ternary values (0/1/random) in order to increase entropy. We estimate the entropy of the proposed PUF. According to our experiment with 40 FPGAs, a Butterfly PUF with 128 RS latches can improve entropy from 116 bits to 192.7 bits, this being maximized when the frequency of each ternary value is equal. We also show the appropriate RS latch structure for satisfying this condition, and validate it through an FPGA experiment.

  • Security Notions for Information Theoretically Secure Encryptions
    著者
    M. Iwamoto and K. Ohta
    会議名
    IEEE ISIT 2011
    ページ
    1743–1747
    出版社
    IEEE
    発行年
    2011
    発表日
    Jul. 31–Aug. 5, 2011
    Abstract

    This paper is concerned with several security notions for information theoretically secure encryptions defined by the variational (statistical) distance. To ensure the perfect secrecy (PS), the mutual information is often used to evaluate the statistical independence between a message and a cryptogram. On the other hand, in order to recognize the information theoretically secure encryptions and computationally secure ones comprehensively, it is necessary to reconsider the notion of PS in terms of the variational distance. However, based on the variational distance, three kinds of definitions for PS are naturally introduced, but their relations are not known. In this paper, we clarify that one of three definitions for PS with the variational distance, which is a straightforward extension of Shannon's perfect secrecy, is stronger than the others, and the weaker two definitions of PS are essentially equivalent to the statistical versions of indistinguishability and semantic security.

  • Visual Secret Sharing Schemes for Multiple Secret Images Including Shifting Operation of Shares
    著者
    A. Espejel-Trujillo, M. Nakano-Miyatake, and M. Iwamoto
    会議名
    CCE 2009
    ページ
    433–438
    発行年
    2009
    発表日
    Nov. 2009
    Abstract

    Visual Cryptography, proposed by Naor-Shamir in 1994, is also called a Visual Secret Sharing (VSS) scheme since it can be regarded as one realization of secret sharing scheme. In VSS schemes, an image is encrypted into a set of images called shares, which look like random noise. In decryption, the secret image is perceived from stacked shares by human visual system, and hence no extra computations and prior knowledge are required. The VSS scheme proposed by Naor-Shamir is a (k,n) or less threshold VSS scheme for binary image, where a secret image is decrypted by stacking arbitrary k out of n shares, but any (k−1) or less shares must not leak out any information of the secret image. In this paper a variant of the VSS Scheme is proposed, where three binary secret images are encrypted into two shares, at the same time these shares looks like innocent image. Furthermore The first secret image is decrypted by a typical stacking process, while the other two secret images are decrypted using the shifting, that is moving one of the shares respect to the other share in a appropriate position.

  • Coding Theorems for a (2, 2)–Threshold Scheme Secure against Impersonation by an Opponent
    著者
    H. Koga, M. Iwamoto, and H. Yamamoto
    会議名
    IEEE ITW 2009
    ページ
    188–192
    出版社
    IEEE
    発行年
    2009
    発表日
    Oct. 11–16, 2009
    Abstract

    In this paper, we focus on a (2,2)-threshold scheme in the presence of an opponent who impersonates one of the two participants. We consider an asymptotic setting where two shares are generated by an encoder blockwisely from an n-tuple of secrets generated from a stationary memoryless source and a uniform random number available only to the encoder. We introduce a notion of correlation level of the two shares and give coding theorems on the rates of the shares and the uniform random number. It is shown that, for any (2,2)-threshold scheme with correlation level r, none of the rates can be less than H(S) + r, where H(S) denotes the entropy of the source. We also show that the impersonation by the opponent is successful with probability at least 2-nr+o(n). In addition, we prove the existence of an encoder and a decoder of the (2, 2)-threshold scheme that asymptotically achieve all the bounds on the rates and the success probability of the impersonation.

  • A Coding Theorem for Cheating-Detectable (2, 2)-Threshold Blockwise Secret Sharing Schemes
    著者
    M. Iwamoto, H. Yamamoto, and H. Koga
    会議名
    IEEE ISIT 2009
    ページ
    1308–1312
    出版社
    IEEE
    発行年
    2009
    発表日
    Jun. 28–Jul. 3, 2009
    Abstract

    It is known that a secret sharing scheme (SSS) with perfect cheating detection cannot be realized because such a SSS requires infinite share rates. However, this impossibility comes from the fact that block coding is not used and any decoding error is not allowed in the SSS. Hence, in this paper, we consider a SSS constructed by block coding with an arbitrarily small decoding error probability. It is shown that the perfect cheating detection with finite rates is possible for the 2-out-of-2 SSS in a certain asymptotic sense. Furthermore, the supremum of the achievable exponent in the maximum success probability of impersonation attack turns out to be the mutual information between the two shares.

  • Weakly Secure Visual Secret Sharing Schemes
    著者
    M. Iwamoto
    会議名
    ISITA 2008
    ページ
    42–47
    発行年
    2008
    発表日
    Dec. 7–10, 2008
    Abstract

    We introduce a visual secret sharing (VSS) scheme with a new security condition, called a weakly secure VSS scheme, which is not unconditionally secure in general, but is designed to be secure for human eyesight. It is shown in this paper that the weakly secure VSS scheme is equivalent to the unconditional one for black-white binary secret images although they are different for color secret images. This fact implies that, at the sacrifice of security, the clearer color images can be reproduced by the weakly secure VSS schemes compared with the unconditional ones. Furthermore, some constructions of weakly secure VSS schemes are presented.

  • A Remark on Visual Secret Sharing Schemes Allowing the Rotation of Shares
    著者
    M. Iwamoto, L. Wang, K. Yoneyama, N. Kunihiro, and K. Ohta
    会議名
    AEW 5
    ページ
    37–42
    発行年
    2006
    発表日
    Oct., 2006
    Non-peer-reviewed paper.
    Abstract

    Recently, a visual secret sharing scheme for q multiple secret images allowing the rotation of shares, a VSS-q-MI-R schemes for short, is proposed by Iwamoto et al. In this paper, another definition of VSS-q-MI-R schemes is given, which is simpler than that by Iwamoto et al.

  • Quantum Secret Sharing Schemes and Reversibility of Quantum Operations
    著者
    T. Ogawa, A. Sasaki, M. Iwamoto, and H. Yamamoto
    会議名
    ISITA 2004
    ページ
    1440–1445
    発行年
    2004
    発表日
    Oct., 2004
    Abstract

    Quantum secret sharing schemes encrypting a quantum state into a multipartite entangled state are treated. The lower bound on the dimension of each share given by Gottesman [Phys. Rev. A 61, 042311 (2000)] is revisited based on a relation between the reversibility of quantum operations and the Holevo information. We also propose a threshold ramp quantum secret sharing scheme and evaluate its coding efficiency.

  • Strongly Secure Ramp Secret Sharing Schemes
    著者
    M. Iwamoto and H. Yamamoto
    会議名
    IEEE ISIT 2005
    ページ
    1221–1225
    出版社
    IEEE
    発行年
    2005
    発表日
    Sep. 4–9, 2005
    Abstract

    Ramp secret sharing (SS) schemes can be classified into strong ramp SS schemes and weak ramp SS schemes. The strong ramp SS schemes do not leak out any part of a secret explicitly even in the case where some information about the secret leaks from a non-qualified set of shares, and hence, they are more desirable than weak ramp SS schemes. However, it is not known how to construct the strong ramp SS schemes in the case of general access structures. In this paper, it is shown that a strong ramp SS scheme can always be constructed from a SS scheme with plural secrets for any feasible general access structure. As a byproduct, it is pointed out that threshold ramp SS schemes based on Shamir's polynomial interpolation method are not always strong.

  • Optimal Multiple Assignments Based on Integer Programming in Secret Sharing Schemes
    著者
    M. Iwamoto, H. Yamamoto, and H. Ogawa
    会議名
    IEEE ISIT 2004
    ページ
    16
    出版社
    IEEE
    発行年
    2004
    発表日
    Jun.–Jul., 2004
    Abstractt

    This paper shows the derivation procedure of optimal secret sharing scheme (SSS) for a given access structure in the multiple assignment schemes based on integer programming.

  • Visual Secret Sharing Schemes for Plural Secret Images
    著者
    M. Iwamoto and H. Yamamoto
    会議名
    IEEE ISIT 2003
    ページ
    283
    出版社
    IEEE
    発行年
    2003
    発表日
    Jun.–Jul., 2003
    Abstract

    Visual secret sharing schemes with q plural images, for short VSS-q-PI schemes, are studied for general access structures and gray-scale and/or color secret images.

  • Cache Line Impact on 3D PDE Solvers
    著者
    M. Kondo, M. Iwamoto, and H. Nakamura
    会議名
    ISHPC 2002
    LNCS 2327
    ページ
    301–309
    出版社
    Springer
    発行年
    2002
    発表日
    Oct., 2002
    Abstract

    Because performance disparity between processor and main memory is serious, it is necessary to reduce off-chip memory accesses by exploiting temporal locality. Loop tiling is a well-known optimization which enhances data locality. In this paper, we show a new cost model to select the best tile size in 3D partial differential equations. Our cost model carefully takes account of the effect of cache line. We present performance evaluation of our cost models. The evaluation results reveal the superiority of our cost model to other cost models proposed so far.

国内会議

  • 委託型匿名認証技術の効率的な構成
    著者
    初貝 恭祐, 淺野 京一, 澤井 祐樹, 渡邉 洋平, 岩本 貢
    会議名
    CSS2024
    ページ
    327–334
    発行年
    2024
    発表日
    2024/10/22
  • TFHEを用いた高速な否認可能完全準同型暗号
    著者
    豊岡 叶望, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2024
    ページ
    1942–1949
    発行年
    2024
    発表日
    2024/10/25
  • 逆像オラクル付きランダム関数を用いた一方向性関数の構成条件の拡張
    著者
    儀保 駿, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2024
    ページ
    1433–1440
    発行年
    2024
    発表日
    2024/10/24
  • 耐量子性を備える効率的な範囲証明
    著者
    澤井 佑樹, 淺野 京一, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2024
    ページ
    875–882
    発行年
    2024
    発表日
    2024/10/23
  • 検索可能暗号に対するより効果的なクエリ復元攻撃
    著者
    並木 拓海, 岩本 貢, 渡邉 洋平
    会議名
    CSS 2024
    ページ
    359–366
    発行年
    2024
    発表日
    2024/10/22
  • A Generic Construction of Deletable Registered Attribute-Based Encryption from Slotted Registered Attribute-Based Encryption
    著者
    K. Asano, K. Hara, K. Hashimoto, N. Attrapadung, and Y. Watanabe
    会議名
    CSS 2024
    ページ
    311–318
    発行年
    2024
    発表日
    2024/10/22
  • グループ共有鍵システムにおける軽量部分鍵更新のためのマルチモーダル物理攻撃センサ
    著者
    池本 龍生, 藤井 聡一朗, 成瀬 厚太郎 , 塩見 準, 御堂 義博, 山下 憂記, 田口 美里, 三木 拓司, 永田 真, 駒野 雄一, 岩本 貢, 﨑山 一男, 三浦 典之
    会議名
    ハードウェアセキュリティ研究会
    学会名
    電子情報通信学会
    発行年
    2024
    発表日
    2024/11/1
  • Single-Shuffle Physical Zero-Knowledge Proof for Sudoku using Interactive Inputs
    著者
    T. Ono, S. Ruangwises, Y. Abe, K. Hatsugai, and M. Iwamoto
    会議名
    ISEC研究会
    ページ
    13–19
    学会名
    電子情報通信学会
    発行年
    2024
    発表日
    2024/5/15
  • 検索可能暗号に対する漏洩悪用攻撃の正確な性能評価に向けて
    著者
    甘田 拓海, 並木 拓海, 岩本 貢, 渡邉 洋平
    会議名
    SCIS 2024
    ページ
    2D4-3
    発行年
    2024
    発表日
    2024/1/24
  • 任意の勝者数に対する保証金が一定なビットコインベース宝くじプロトコル
    著者
    内薗 駿, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2024
    ページ
    2B2-2
    発行年
    2024
    発表日
    2024/1/24
  • 前処理型多者間秘匿積集合計算プロトコル
    著者
    奥山 亮太郎, 杉本 航太, 廣政 良, 岩本 貢, 渡邉 洋平
    会議名
    SCIS 2024
    ページ
    4D2-5
    発行年
    2024
    発表日
    2024/1/26
  • カードベースガーブルド回路における入力ゲートに用いるカード枚数の削減
    著者
    小野 知樹, 品川 和雅, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2024
    ページ
    3D1-4
    発行年
    2024
    発表日
    2024/1/25
  • 前処理型範囲証明
    著者
    澤井 佑樹, 淺野 京一, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2024
    ページ
    2B3-2
    発行年
    2024
    発表日
    2024/1/24
  • 制御システムの攻撃検知における尤度比検定を用いた誤検知・検知漏れの一評価
    著者
    西内 達哉, 安部 芳紀, 渡邉 洋平, 岩本 貢, 澤田 賢治, 新 誠一
    会議名
    SCIS 2024
    ページ
    3E4-2
    発行年
    2024
    発表日
    2024/1/25
  • 桁上がりモジュールを用いた物理的ゼロ知識証明
    著者
    初貝 恭祐, 安部 芳紀, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2024
    ページ
    3D5-1
    発行年
    2024
    発表日
    2024/1/25
  • Card-Based Zero-Knowledge Proofs for Decomposition Puzzles
    著者
    S. Ruangwises and M. Iwamoto
    会議名
    SCIS 2024
    ページ
    3D4-3
    発行年
    2024
    発表日
    2024/1/25
  • 格子ベース多人数相手認証方式
    著者
    渡邉 洋平, 冨田 斗威, 四方 順司
    会議名
    CSS 2023
    ページ
    1076–1083
    発行年
    2023
    発表日
    2023/11/1
  • 制御システムにおける攻撃検知手法の理論的かつ網羅的評価の一検討
    著者
    杉本 航太, 安部 芳紀, 西内 達哉, 渡邉 洋平, 澤田 賢治, 岩本 貢
    会議名
    CSS 2023
    ページ
    407–414
    発行年
    2023
    発表日
    2023/10/31
  • モジュラーデザインによる物理的ゼロ知識証明
    著者
    初貝 恭祐, 安部 芳紀, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2023
    ページ
    216–223
    発行年
    2023
    発表日
    2023/10/30
  • モビリティ環境向け委託型匿名認証技術
    著者
    淺野 京一, 初貝 恭祐, 澤井 佑樹, 渡邉 洋平, 愛知 功, 岩本 貢
    会議名
    CSS 2023
    ページ
    547–554
    発行年
    2023
    発表日
    2023/10/31
  • 制御システムのサイバー攻撃における尤度比検定からの一評価
    著者
    西内 達哉, 安部 芳紀, 渡邉 洋平, 岩本 貢, 澤田 賢治
    会議名
    第66回 自動制御連合講演会
    ページ
    1255–1260
    発行年
    2023
    発表日
    2023/10/8
  • 情報理論を用いたModbus TCP通信のパケット解析と攻撃検知に関する検討
    著者
    西内 達哉, 藤田 真太郎, 渡邉 洋平, 岩本 貢, 澤田 賢治
    会議名
    第67回システム制御情報学会研究発表講演会
    ページ
    253–258
    発行年
    2023
    発表日
    2023/5/17
  • ChatGPT生成パズルに対する物理的ゼロ知識証明
    著者
    初貝 恭祐, 淺野 京一, 安部 芳紀
    会議名
    ISEC研究会
    ページ
    43–48
    発行年
    2023
    発表日
    2023/5/17
  • CCA安全な鍵更新可能公開鍵暗号の安全性解析と効率的な一般的構成法
    著者
    淺野 京一, 渡邉 洋平
    会議名
    SCIS 2023
    ページ
    3A1-5
    発行年
    2023
    発表日
    2023/1/26
  • m値n入力関数を計算するprivate PEZプロトコルの初期文字列長の漸近評価
    著者
    安部 芳紀, 岩本 貢, 太田 和夫
    会議名
    SCIS 2023
    ページ
    3D4-1
    発行年
    2023
    発表日
    2023/1/26
  • 効率的かつ安全な更新処理を備えた結果秘匿可能な検索可能暗号
    著者
    甘田 拓海, 岩本 貢, 渡邉 洋平
    会議名
    SCIS 2023
    ページ
    3A3-5
    発行年
    2023
    発表日
    2023/1/26
  • 秘匿置換を用いた効率的なトランプベース秘密計算プロトコル
    著者
    岩成 慶太, 小野 知樹, 安倍 芳紀, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    SCIS2023
    ページ
    3D2-1
    発行年
    2023
    発表日
    2023/1/26
  • 保証金が一定なビットコインベース宝くじプロトコルの拡張
    著者
    内薗 駿, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2023
    ページ
    1C2-5
    発行年
    2023
    発表日
    2023/1/24
  • 任意の論理回路に対する1ゲートあたり6枚のカードベースプロトコル
    著者
    小野 知樹, 品川 和雅, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2023
    ページ
    3D2-2
    発行年
    2023
    発表日
    2023/1/26
  • 鍵更新機能付き検索可能暗号の安全性証明
    著者
    坂上 司龍, 甘田 拓海, 岩本 貢, 渡邉 洋平
    会議名
    SCIS 2023
    ページ
    3A3-3
    発行年
    2023
    発表日
    2023/1/26
  • Two Sheriffs Problemの一般化と鍵共有プロトコルへの応用
    著者
    杉本 航太, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2023
    ページ
    1C3-3
    発行年
    2023
    発表日
    2023/1/24
  • 認証信号付きカルマンフィルタに対するレギュレーション性能と攻撃検知率の実験的評価
    著者
    関根 悠司, 安部 芳紀, 藤田 真太郎, 渡邉 洋平, 澤田 賢治, 岩本 貢
    会議名
    SCIS 2023
    ページ
    2D3-1
    発行年
    2023
    発表日
    2023/1/25
  • Modbus TCP通信のパケット解析と相対エントロピーによる攻撃検知に関する検討
    著者
    西内 達哉, 藤田 真太郎, 渡邉 洋平, 岩本 貢, 澤田 賢治
    会議名
    SCIS 2023
    ページ
    2D3-2
    発行年
    2023
    発表日
    2023/1/25
  • 天体ショーに対する物理的ゼロ知識証明
    著者
    初貝 恭祐, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2023
    ページ
    3D2-5
    発行年
    2023
    発表日
    2023/1/26
  • マルチユーザ検索可能暗号の安全性と効率性の向上
    著者
    平野 貴人, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2023
    ページ
    3A3-4
    発行年
    2023
    発表日
    2023/1/26
  • 安全な更新処理を備えた検索可能暗号におけるデータベースサイズの効率化
    著者
    劉 業軒, 渡邉 洋平, 四方 順司
    会議名
    SCIS 2023
    ページ
    3A3-2
    発行年
    2023
    発表日
    2023/1/26
  • カードを用いた秘匿和集合プロトコル
    著者
    土井 アナスタシヤ, 小野 知樹, 安部 芳紀, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2022
    ページ
    65–71
    発行年
    2022
    発表日
    2022/10/24
  • 任意のブール回路に対する秘匿操作を用いたカードベースプロトコル
    著者
    小野 知樹, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2022
    ページ
    72–77
    発行年
    2022
    発表日
    2022/10/24
  • 効率的かつ検索結果秘匿可能な動的検索可能暗号
    著者
    甘田 拓海, 岩本 貢, 渡邉 洋平
    会議名
    CSS 2022
    ページ
    1127–1134
    発行年
    2022
    発表日
    2022/10/26
  • CCA安全な平文一致確認可能属性ベース暗号の一般的構成
    著者
    淺野 京一, 江村 恵太, 高安 敦, 渡邉 洋平
    会議名
    CSS 2022
    ページ
    1135–1142
    発行年
    2022
    発表日
    2022/10/26
  • 攻撃成功確率からみた Two Sheriffs Problem
    著者
    杉本 航太, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2022
    ページ
    1254–1261
    発行年
    2022
    発表日
    2022/10/27
  • LWE仮定に基づく適応的CCA安全な平文一致確認可能IDベース暗号の効率的な構成
    著者
    淺野 京一, 江村 恵太, 高安 敦
    会議名
    ISEC/SITE/BioX/HWS/ICSS/EMM/CSEC/SPT合同研究会
    発行年
    2022
    発表日
    2022/7/20
  • IoT機器のための遠隔安全制御システム
    著者
    竹内 健, 渡邉 洋平, 矢内 直人, 竹久 達也, 四方 順司, 中尾 康二
    会議名
    ICSS研究会
    ページ
    1–6
    発行年
    2022
  • 金銭的ペナルティに基づく公平な秘密計算におけるラウンド数の改善
    著者
    中井 雄士, 品川 和雅
    会議名
    SCIS 2022
    ページ
    1E3-2
    発行年
    2022
    発表日
    2022/1/18
  • 匿名放送型暗号及び認証における非漸近的タイトな下界と最適構成法について
    著者
    小林 大航, 渡邉 洋平, 峯松 一彦, 四方 順司
    会議名
    SCIS 2022
    ページ
    1A4-3
    発行年
    2022
    発表日
    2022/1/18
  • 鍵失効可能な検索可能暗号
    著者
    平野 貴人, 川合 豊, 小関 義博, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2022
    ページ
    1E2-5
    発行年
    2022
    発表日
    2022/1/18
  • IoTネットワークにおける検証者指定署名方式
    著者
    渡邉 洋平, 矢内 直人, 四方 順司
    会議名
    SCIS 2022
    ページ
    1E2-1
    発行年
    2022
    発表日
    2022/1/18
  • 一様で閉じたシャッフルの効率的な実装
    著者
    岩成 慶太, 中井 雄士, 渡邉 洋平, 栃窪 孝也, 岩本 貢
    会議名
    SCIS 2022
    ページ
    2F4-3
    発行年
    2022
    発表日
    2022/1/19
  • 効率的な漏洩耐性鍵隔離暗号
    著者
    淺野 京一, 岩本 貢, 渡邉 洋平
    会議名
    SCIS 2022
    ページ
    1A4-2
    発行年
    2022
    発表日
    2022/1/18
  • 出力埋め込み可能な紛失擬似ランダム関数に基づく多者間秘匿積集合プロトコルの効率化
    著者
    清水 聖也, 中井 雄士, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2022
    ページ
    3E3-6
    発行年
    2022
    発表日
    2022/1/20
  • 秘匿置換を用いた効率的なn入力多数決カードプロトコル
    著者
    安部 芳紀, 中井 雄士, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2022
    ページ
    1F4-2
    発行年
    2022
    発表日
    2022/1/18
  • プロービング攻撃による漏洩情報を用いたAES鍵復元アルゴリズムの改良
    著者
    植村 友紀, 渡邉 洋平, 李 陽, 三浦 典之, 岩本 貢, 崎山 一男, 太田 和夫
    会議名
    SCIS 2022
    ページ
    1F2-2
    発行年
    2022
    発表日
    2022/1/18
  • カードを用いた秘匿共通集合プロトコル
    著者
    土井 アナスタシヤ, 中井 雄士, 品川 和雅, 渡邉 洋平, 岩本 貢
    会議名
    CSS 2021
    ページ
    343–348
    発行年
    2021
    発表日
    2021/10/26
  • 秘密鍵の漏洩耐性を有する鍵隔離暗号
    著者
    淺野 京一, 岩本 貢, 渡邉 洋平
    会議名
    CSS 2021
    ページ
    997–1004
    発行年
    2021
    発表日
    2021/10/28
  • 匿名放送型暗号における下界再考と匿名放送型認証への応用
    著者
    小林 大航, 渡邉 洋平, 四方 順司
    会議名
    CSS 2021
    ページ
    989–996
    発行年
    2021
    発表日
    2021/10/28
  • 検索可能暗号を用いた暗号化ストレージ・チャットシステムの実装評価
    著者
    江村 恵太, 金森 祥子, 野島 良, 渡邉 洋平
    会議名
    ISEC研究会
    ページ
    19–24
    発行年
    2021
    発表日
    2021/5/19
  • 匿名放送型認証における安全性概念の関係性と認証子サイズの下界について
    著者
    小林 大航, 渡邉 洋平, 四方 順司
    会議名
    ISEC研究会
    ページ
    187–194
    発行年
    2021
    発表日
    2021/3/05
  • 視覚復号型秘密分散法における任意の改ざんを検知する手法
    著者
    根岸 奎人, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2021
    ページ
    2F1-1
    発行年
    2021
    発表日
    2021/1/20
  • 紛失通信ベース三者間秘匿積集合プロトコルにおけるラウンド数の削減
    著者
    清水 聖也, 安部 芳紀, 中井 雄士, 品川 和雅, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2021
    ページ
    4B1-4
    発行年
    2021
    発表日
    2021/1/22
  • 時間ドロボー問題に対する健全性誤りのない物理的ゼロ知識証明
    著者
    初貝 恭祐, 安部 芳紀, 中井 雄士, 品川 和雅, 渡邉 洋平, 岩本 貢
    会議名
    SCIS 2021
    ページ
    2F1-2
    発行年
    2021
    発表日
    2021/01/20
  • 秘匿置換を用いたカードベースしきい値関数プロトコル
    著者
    中井 雄士, 徳重 佑樹, 岩本 貢, 太田 和夫
    会議名
    SCIS 2021
    ページ
    2F1-3
    発行年
    2021
    発表日
    2021/01/20
  • AES鍵スケジュールからの固定ビット数漏洩を用いた鍵復元アルゴリズムの性能評価
    著者
    植村 友紀, 渡邉 洋平, 李 陽, 三浦 典之, 岩本 貢, 崎山 一男, 太田 和夫
    会議名
    SCIS 2021
    ページ
    2B3-2
    発行年
    2021
    発表日
    2021/1/20
  • カードベースソートプロトコル
    著者
    篠田 悠斗, 宮原 大輝, 品川 和雅, 水木 敬明, 曽根 秀昭
    会議名
    SCIS 2021
    ページ
    2F2-3
    発行年
    2021
    発表日
    2020/01/20
  • 検索可能暗号の鍵更新について
    著者
    平野 貴人, 川合 豊, 小関 義博, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2021
    ページ
    3B2-1
    発行年
    2021
    発表日
    2021/01/21
  • 検証機能権限の制御が可能な放送型認証の構成
    著者
    穗鷹 珠里, 渡邉 洋平, 清藤 武暢, 四方 順司
    会議名
    SCIS 2021
    ページ
    3B3-5
    発行年
    2021
    発表日
    2021/01/21
  • IoTネットワークにおける匿名放送型認証技術
    著者
    渡邉 洋平, 矢内 直人, 四方 順司
    会議名
    SCIS 2021
    ページ
    3B3-4
    発行年
    2021
    発表日
    2021/01/21
  • より少ない漏洩の下で安全な動的検索可能暗号への変換手法
    著者
    渡邉 洋平, 大原 一真, 岩本 貢, 太田 和夫
    会議名
    CSS 2020
    ページ
    297–304
    発行年
    2020
  • フォワード安全かつ検索時通信量が最適な動的検索可能暗号
    著者
    渡邉 洋平
    会議名
    SCIS 2020
    ページ
    3B3-2
    発行年
    2020
    発表日
    2020/1/30
  • 鍵のランダムな漏洩に対するAES鍵スケジュール復元アルゴリズム
    著者
    植村 友紀, 李 陽, 三浦 典之, 岩本 貢, 崎山 一男, 太田 和夫
    会議名
    SCIS 2020
    ページ
    2B1-1
    発行年
    2020
    発表日
    2020/1/29
  • 気泡検出器を用いたゼロ知識非破壊検査
    著者
    品川 和雅, 三浦 典之, 岩本 貢, 崎山 一男, 太田 和夫
    会議名
    SCIS 2020
    ページ
    2E2-3
    発行年
    2020
    発表日
    2020/1/29
  • 任意の始集合を持つ関数を計算するprivate PEZプロトコル
    著者
    安部 芳紀, 岩本 貢, 太田 和夫
    会議名
    SCIS 2020
    ページ
    3C1-5
    発行年
    2020
    発表日
    2020/1/30
  • 任意の関数を計算するprivate PEZプロトコルの改善
    著者
    安部 芳紀, 岩本 貢, 太田 和夫
    会議名
    CSS 2019
    ページ
    894–901
    発行年
    2019
    発表日
    2019/10/22
  • (強)フォワード安全な動的検索可能暗号の効率的な構成
    著者
    渡邉 洋平, 大原 一真, 岩本 貢, 太田 和夫
    会議名
    CSS 2019
    ページ
    1203–1210
    発行年
    2019
  • 初期文字列が 29 文字の 4 入力多数決 Private PEZプロトコル
    著者
    安部 芳紀, 山本 翔太, 岩本 貢, 太田 和夫
    会議名
    電子情報通信学会IT/ISEC/WBS合同研究会
    ページ
    223–228
    発行年
    2019
    発表日
    2019/3/8
  • 不正検知可能な3入力多数決カードプロトコル
    著者
    安部 芳紀, 山本 翔太, 岩本 貢, 太田 和夫
    会議名
    SCIS 2019
    ページ
    3C3-2
    発行年
    2019
    発表日
    2019/1/24
  • 4 入力多数決を計算する効率的な Private PEZプロトコル
    著者
    山本 翔太, 安部 芳紀, 岩本 貢, 太田 和夫
    会議名
    SCIS 2019
    ページ
    3A4-3
    発行年
    2019
    発表日
    2019/1/24
  • 共通鍵型マルチユーザ検索可能暗号の検索機能拡張
    著者
    平野 貴人, 川合 豊, 小関 義博, 岩本 貢, 太田 和夫
    会議名
    SCIS 2019
    ページ
    3C4-3
    発行年
    2019
    発表日
    2019/1/24
  • 効率的でフォワード安全な動的検索可能暗号
    著者
    渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2019
    ページ
    3C1-3
    発行年
    2019
    発表日
    2019/01/24
  • より効率的で適応的に安全な鍵失効機能付きIDベース暗号の構成
    著者
    高安 敦, 渡邉 洋平, 江村 恵太
    会議名
    SCIS 2019
    ページ
    2A3-2
    発行年
    2019
    発表日
    2019/1/23
  • 探索問題の困難性に基づく効率的なしきい値公開鍵暗号の構成
    著者
    海老名 将宏, 渡邉 洋平, 四方 順司
    会議名
    SCIS 2019
    ページ
    2A4-4
    発行年
    2019
    発表日
    2019/1/23
  • 鍵生成センタに対して安全なIDベース暗号
    著者
    江村 恵太, 勝又 秀一, 渡邉 洋平
    会議名
    SCIS 2019
    ページ
    2A3-1
    発行年
    2019
    発表日
    2019/1/23
  • Three-Party Private Set Operation Protocols Using Polynomials and OPPRF
    著者
    W. Wang, Y. Abe, M. Iwamoto, and K. Ohta
    会議名
    SCIS 2019
    ページ
    2A1-4
    発行年
    2019
    発表日
    2019/1/23
  • いくつかの理想的な秘密分散法を用いた最適な複数割り当て法
    著者
    江利口 礼央, 國廣 昇, 岩本 貢
    会議名
    2A1-4
    ページ
    401–406
    学会名
    SITA 2018
    発行年
    2018
    発表日
    2018/12
  • CBDH仮定に基づく効率的な閾値公開鍵暗号
    著者
    海老名 将宏, 渡邉 洋平, 四方 順司
    会議名
    CSS 2018
    ページ
    746–753
    発行年
    2018
  • 鍵更新機能付き検索可能暗号:効率化に向けた一工夫
    著者
    松崎 なつめ, 穴田 啓晃, 金岡 晃, 渡邉 洋平
    会議名
    CSS 2018
    ページ
    814–821
    発行年
    2018
  • 現実的な結託者のもとで最もシェア長の短いロバスト秘密分散法
    著者
    渡邉 洋平, 大原 一真, 岩本 貢, 太田 和夫
    会議名
    ISEC研究会
    発行年
    2018
    発表日
    2018/7/25
  • PUF応用に向けた新たな物理仮定と端末認証方式への応用
    著者
    駒野 雄一, 岩本 貢, 太田 和夫, 崎山 一男
    会議名
    SCIS 2018
    ページ
    2D1-1
    発行年
    2018
    発表日
    2018/1/24
  • ロバスト秘密分散法CFOR方式における精密な安全性解析
    著者
    鈴木 慎之介, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2018
    ページ
    2A3-3
    発行年
    2018
    発表日
    2018/1/24
  • 3枚のカードで実現可能な3入力多数決プロトコル
    著者
    黒木 慶久, 古賀 優太, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2018
    ページ
    3B1-4
    発行年
    2018
    発表日
    2018/1/24
  • カードを用いた複数人でのマッチングプロトコル
    著者
    古賀優太, 鈴木 慎之介, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2018
    ページ
    3B1-5
    発行年
    2018
    発表日
    2018/1/24
  • マルチユーザで利用可能な共通鍵型秘匿検索に向けて
    著者
    早坂 健一郎, 川合 豊, 小関 義博, 平野 貴人, 岩本 貢, 太田 和夫
    会議名
    SCIS 2018
    ページ
    3C2-1
    発行年
    2018
    発表日
    2018/1/25
  • ダミーエントリの作成方法に着目した共通鍵検索可能暗号CGKO方式の改良
    著者
    野島 拓也, 渡邉 洋平, 岩本 貢, 太田 和夫
    会議名
    SCIS 2018
    ページ
    3C2-2
    発行年
    2018
    発表日
    2018/1/25
  • ブロック暗号へのプロービング攻撃における鍵復元効率の正確な評価モデル
    著者
    庄司 奈津, 菅原 健, 岩本 貢, 崎山 一男
    会議名
    SCIS 2018
    ページ
    3D3-5
    発行年
    2018
    発表日
    2018/1/25
  • SXDH仮定に基づく短いパラメータ長を達成する放送型暗号
    著者
    渡邉 洋平
    会議名
    SCIS 2018
    ページ
    3A3-3
    発行年
    2018
    発表日
    2018/1/25
  • 鍵更新機能付き検索可能暗号の一般的構成
    著者
    松崎 なつめ, 穴田 啓晃,金岡 晃,渡邉 洋平
    会議名
    SCIS 2018
    ページ
    4A2-6
    発行年
    2018
    発表日
    2018/1/26
  • 鍵更新機能付き検索可能暗号:公開鍵更新モデルによる実現
    著者
    松崎 なつめ, 穴田 啓晃, 渡邉 洋平
    会議名
    CSS 2017
    ページ
    734–740
    発行年
    2017
    発表日
    2017
  • 鍵更新機能付き検索可能暗号:鍵隔離モデルによる実現
    著者
    渡邉 洋平, 穴田 啓晃, 松崎 なつめ
    会議名
    CSS 2017
    ページ
    741–748
    発行年
    2017
    発表日
    2017
  • 誤り補正を不要とするPUFベース端末認証方式
    著者
    駒野 雄一, 岩本 貢, 太田 和夫
    会議名
    ISEC/SITE/ICSS/EMM合同研究会
    ページ
    123–130
    発行年
    2017
    発表日
    2017/7
  • 鍵更新可能な検索可能暗号の一提案 ~検索可能代理人再暗号化の適用について~
    著者
    松崎 なつめ, 穴田 啓晃, 渡邉 洋平
    会議名
    ISEC研究会
    ページ
    1–6
    発行年
    2017
    発表日
    2017/5
  • 検索可能暗号における最小漏洩情報に関する考察
    著者
    中井 雄士, 野島 拓也, 岩本 貢, 太田 和夫
    会議名
    IT・/SEC/WBS合同研究会
    ページ
    187–192
    発行年
    2017
    発表日
    2017/3/10
  • 検索クエリからの漏洩情報を削減した効率的な共通鍵型検索可能暗号
    著者
    早坂健一郎, 川合 豊, 小関 義博, 平野 貴人, 岩本 貢, 太田 和夫
    会議名
    SCIS 2017
    ページ
    1D1-1
    発行年
    2017
    発表日
    2017/1/24
  • 最悪推測秘匿性を満たす秘密分散法に関する基本的性質
    著者
    岩本 貢, 四方 順司
    会議名
    SCIS 2017
    ページ
    1A1-4
    発行年
    2017
    発表日
    2017/1/24
  • Steganalysis of Bit Replacement Steganography for a Proactive Secret Image Sharing
    著者
    A. Espejel-Trujillo, M. Iwamoto
    会議名
    SCIS 2017
    ページ
    1A1-6
    発行年
    2017
    発表日
    2017/1/24
  • カードを用いた複数人での金持ち比べプロトコル
    著者
    徳重 佑樹, 中井 雄士, 岩本 貢, 太田 和夫
    会議名
    SCIS 2017
    ページ
    1A2-1
    発行年
    2017
    発表日
    2017/1/24
  • 秘匿操作を用いた効率的なカードベース論理演算プロトコル
    著者
    城内 聡志, 中井 雄士, 岩本 貢, 太田 和夫
    会議名
    SCIS 2017
    ページ
    1A2-2
    発行年
    2017
    発表日
    2017/1/24
  • 電子決済方式MicroMintの潜在的な偽造脅威に対する安全性評価
    著者
    鴨志田 優一, 岩本 貢, 太田 和夫
    会議名
    SCIS 2017
    ページ
    1F2-6
    発行年
    2017
    発表日
    2017/1/24
  • リクエストベース比較可能暗号におけるシミュレーションベースの安全性
    著者
    平野 貴人, 小関 義博, 川合 豊, 岩本 貢, 太田 和夫
    会議名
    SCIS 2017
    ページ
    1D2-5
    発行年
    2017
    発表日
    2017/1/24
  • マルチパーティ計算に関する安全性概念の定式化について
    著者
    岩本貢
    会議名
    SCIS 2017
    ページ
    2D4-3
    発行年
    2017
    発表日
    2017/1/25
  • 秘密分散型放送暗号
    著者
    岩本 貢, 渡邉 洋平
    会議名
    SCIS 2017
    ページ
    4F2-2
    発行年
    2017
    発表日
    2017/1/27
  • 放送型暗号における動的かつ効率的な復号権限変更
    著者
    渡邉 洋平
    会議名
    SCIS 2017
    ページ
    4F2-1
    発行年
    2017
    発表日
    2017/1/27
  • 3ラウンド対話型Signcryptionの効率的な構成法
    著者
    井田 潤一, 渡邉 洋平, 四方 順司
    会議名
    SCIS 2017
    ページ
    3F3-3
    発行年
    2017
    発表日
    2017/1/26
  • 推測秘匿性に基づく情報理論的に安全な検索可能暗号
    著者
    吉澤 貴博, 渡邉 洋平, 四方 順司
    会議名
    SCIS 2017
    ページ
    1D1-4
    発行年
    2017
    発表日
    2017/1/24
  • 長期間にわたって安全な地域医療連携システムの構築を目指して
    著者
    小美濃 つかさ, 駒野 雄一, 岩本 貢, 太田 和夫
    会議名
    第36回医療情報学連合大会
    ページ
    996–999
    発行年
    2016
    発表日
    2016/11
  • 複数の暗号化索引を持つ共通鍵ベース秘匿検索の効率的なトラップドア生成
    著者
    平野 貴人, 岩本 貢, 太田 和夫
    会議名
    CSS 2016
    ページ
    572–577
    発行年
    2016
    発表日
    2016/10/12
  • 素数位数群における効率的な鍵失効機能付きIDベース暗号の構成法
    著者
    渡邉 洋平, 江村 恵太
    会議名
    CSS 2016
    ページ
    324–331
    発行年
    2016
  • 情報理論的に安全な検索可能暗号の構成法について
    著者
    吉澤 貴博, 渡邉 洋平, 四方 順司
    会議名
    CSS 2016
    ページ
    556–563
    発行年
    2016
    発表日
    2016
  • Deep Learningを用いたRSAに対する単純電磁波解析
    著者
    八代 理紗, 藤井 達哉, 岩本 貢, 崎山 一男
    会議名
    2016年電子情報通信学会ソサイエティ大会
    ページ
    90
    発行年
    2016
    発表日
    2016/9/21
  • Deep Learningを用いたDouble Arbiter PUFの 安全性評価
    著者
    八代 理紗, 町田 卓謙, 岩本 貢, 崎山 一男
    会議名
    2016年電子情報通信学会総合大会
    発行年
    2016
    発表日
    2016/3/16
  • グループ認証付鍵交換プロトコルのweak-SK-secure性の形式検証
    著者
    徳重 佑樹, 花谷 嘉一, 岩本 貢, 太田 和夫
    会議名
    SCIS 2016
    ページ
    1A1–2
    発行年
    2016
    発表日
    2016/1/19
  • スタンダードモデルにおけるIDベース階層型鍵隔離暗号の構成法
    著者
    渡邉 洋平, 四方 順司
    会議名
    SCIS 2016
    ページ
    2E3-2
    発行年
    2016
  • 共通鍵暗号型の秘匿部分一致検索(その1)
    著者
    平野 貴人, 川合 豊, 太田 和夫, 岩本 貢
    会議名
    SCIS 2016
    ページ
    2A1–4
    発行年
    2016
    発表日
    2016/1/20
  • 共通鍵暗号型の秘匿部分一致検索(その2)
    著者
    早坂 健一郎, 川合 豊, 平野 貴人, 太田 和夫, 岩本 貢
    会議名
    SCIS 2016
    ページ
    2A1–5
    発行年
    2016
    発表日
    2016/1/20
  • Proactive Secret Image Sharing with Quality and Payload Trade-off in Stego-images
    著者
    A. Espejel-Trujillo and M. Iwamoto
    会議名
    SCIS 2016
    ページ
    3A1–2
    発行年
    2016
    発表日
    2016/1/21
  • Joux–Lucksのマルチコリジョン探索アルゴリズムのMicroMintへの応用
    著者
    鴨志田 優一, 岩本 貢, 太田 和夫
    会議名
    SCIS 2016
    ページ
    3D1–3
    発行年
    2016
    発表日
    2016/1/21
  • 人間向け暗号/認証プロトコルの統一的安全性評価
    著者
    三澤 裕人, 徳重 佑樹, 岩本 貢, 太田 和夫
    会議名
    SCIS 2016
    ページ
    3E3–5
    発行年
    2016
    発表日
    2016/1/21
  • カード操作の分類とカードベース暗号プロトコル
    著者
    中井 雄士, 三澤 裕人, 徳重 佑樹, 岩本 貢, 太田 和夫
    会議名
    SCIS 2016
    ページ
    4A2–2
    発行年
    2016
    発表日
    2016/1/22
  • 多人数モデルにおける対話型Signcryptionの安全性概念と構成法
    著者
    井田 潤一, 渡邉 洋平, 四方 順司
    会議名
    SCIS 2016
    ページ
    2C3-3
    発行年
    2016
  • 情報理論的安全性を持つ検索可能暗号の一般的モデルとその構成法
    著者
    吉澤 貴博, 渡邉 洋平, 四方 順司
    会議名
    SCIS 2016
    ページ
    2C2-1
    発行年
    2016
  • 暗号文長と秘密鍵長間のトレードオフをもつ情報理論的に安全な放送型暗号の構成法
    著者
    渡邉 洋平, 四方 順司
    会議名
    CSS 2015
    ページ
    395–402
    発行年
    2015
  • ブロックサインの安全性に対するコードブックの影響
    著者
    三澤 裕人, 徳重 佑樹, 岩本 貢, 太田 和夫
    会議名
    CSS 2015
    ページ
    1011–1018
    発行年
    2015
    発表日
    2015/10/23
  • 対話型署名機能付き暗号化方式
    著者
    井田 潤一, 渡邉 洋平, 四方 順司
    会議名
    CSS 2015
    ページ
    600–607
    発行年
    2015
  • 情報理論的に安全な検索可能暗号
    著者
    吉澤 貴博, 渡邉 洋平, 四方 順司
    会議名
    CSS 2015
    ページ
    1321–1326
    発行年
    2015
  • 正規言語を用いた鍵更新可能暗号の安全性解析
    著者
    大宮 翔児, 徳重 佑樹, 岩本 貢, 太田 和夫
    会議名
    SCIS 2015
    ページ
    1D1–4
    発行年
    2015
    発表日
    2015/1/20
  • 推測成功確率に基づいた安全性基準をみたす秘密分散法
    著者
    岩本 貢, 四方 順司
    会議名
    SCIS 2015
    ページ
    2D1–4
    発行年
    2015
    発表日
    2015/1/21