研究成果

書籍

  • Proceedings of the 5th ACM Asia Public-Key Cryptography Workshop (APKC 2018)
    著者
    K. Emura, J.H. Seo, and Y. Watanabe
    出版社
    ACM
    発行年
    2018
    Abstract

    It is our great pleasure to welcome you to The 5th ACM Asia Public-Key Cryptography Workshop - APKC'18, held on June 4, 2018, in conjunction with The 13th ACM Asia Conference on Computer and Communications Security (AsiaCCS'18). Public-key cryptography plays an essential role in ensuring many security properties required in data processing of various kinds. The theme of this workshop is novel public-key cryptosystems for solving a wide range of reallife application problems. This workshop solicits original contributions on both applied and theoretical aspects of public-key cryptography. We also solicit systematization of knowledge (SoK) papers, which should aim to evaluate, systematize, and contextualize existing knowledge. The call for papers attracted 20 submissions from Asia, America, and Europe. The program committee accepted 7 papers based on their overall quality and novelty (acceptance ratio: 35%). We hope these proceedings will serve as a valuable reference for researchers and practitioners in the field of public-key cryptography and its applications.

学術論文誌

  • Revocable Identity-based Encryption with Bounded Decryption Key Exposure Resistance: Lattice-based Construction and More
    著者
    A. Takayasu and Y. Watanabe
    雑誌名
    Theoretical Computer Science
    849
    ページ
    64–98
    出版社
    Elsevier
    発行年
    2021
    Abstract

    In general, identity-based encryption (IBE) does not support an efficient revocation procedure. In ACM CCS’08, Boldyreva et al. proposed revocable identity-based encryption (RIBE), which enables us to efficiently revoke (malicious) users in IBE. In PKC 2013, Seo and Emura introduced an additional security notion for RIBE, called decryption key exposure resistance (DKER). Roughly speaking, RIBE with DKER guarantees that the security is not compromised even if an adversary gets (a number of) short-term decryption keys. Therefore, DKER captures realistic scenarios and is an important notion. In this paper, we introduce bounded decryption key exposure resistance (B-DKER), where an adversary is allowed to get a-priori bounded number of short-term decryption keys in the security game. B-DKER is a weak version of DKER, but it seems to be sufficient for practical use. We obtain the following results:
    - We propose a lattice-based (anonymous) RIBE scheme with B-DKER, which is the first lattice-based construction resilient to decryption key exposure. Our lattice-based construction is secure under the learning with errors assumption. A previous lattice-based construction satisfies anonymity but is vulnerable even with a single decryption key exposure.
    - We propose the first pairing-based RIBE scheme that simultaneously realizes anonymity and B-DKER. Our pairing-based construction is adaptively secure under the symmetric external Diffie-Hellman assumption.
    Our two constructions rely on cover free families to satisfy B-DKER, whereas all the existing works rely on the key re-randomization property to achieve DKER.

  • Key-Updatable Public-Key Encryption with Keyword Search (Or: How to Realize PEKS with Efficient Key Updates for IoT Environments)
    著者
    H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe
    雑誌名
    International Journal of Information Security
    19
    ページ
    15–38
    出版社
    Springer
    発行年
    2020
    Abstract

    Security and privacy are the key issues for the Internet of Things (IoT) systems. Especially, secure search is an important functionality for cooperation among users’ devices and non-trusted servers. Public-key encryption with keyword search (PEKS) enables us to search encrypted data and is expected to be used between a cloud server and users’ mobile devices or IoT devices. However, those mobile devices might be lost or stolen. For IoT devices, it might be difficult to store keys in a tamper-proof manner due to prohibitive costs. In this paper, we deal with such a key-exposure problem on PEKS and introduce the concept of PEKS with key-updating functionality, which we call key-updatable PEKS (KU-PEKS). Specifically, we propose two models of KU-PEKS: the key-evolution model and the key-insulation model. In the key-evolution model, a pair of public and secret keys can be updated if needed (e.g., the secret key is exposed). In the key-insulation model, the public key remains fixed while the secret key can be updated if needed. The former model makes a construction simple and more efficient than the latter. On the other hand, the latter model is preferable for practical use since a user never updates their public key. We show constructions in each model in a black-box manner. We also give implementation results on Raspberry Pi 3, which can be regarded as a reasonable platform of IoT devices.

  • Multi-Party Computation for Modular Exponentiation Based on Replicated Secret Sharing
    著者
    K. Ohara, Y. Watanabe, M. Iwamoto, and K. Ohta
    雑誌名
    IEICE Transactions on Fundamentals
    102-A
    9
    ページ
    1079–1090
    出版社
    IEICE
    発行年
    2019
    Abstract

    In recent years, multi-party computation (MPC) frameworks based on replicated secret sharing schemes (RSSS) have attracted the attention as a method to achieve high efficiency among known MPCs. However, the RSSS-based MPCs are still inefficient for several heavy computations like algebraic operations, as they require a large amount and number of communication proportional to the number of multiplications in the operations (which is not the case with other secret sharing-based MPCs). In this paper, we propose RSSS-based three-party computation protocols for modular exponentiation, which is one of the most popular algebraic operations, on the case where the base is public and the exponent is private. Our proposed schemes are simple and efficient in both of the asymptotic and practical sense. On the asymptotic efficiency, the proposed schemes require O(n)-bit communication and O(1) rounds,where n is the secret-value size, in the best setting, whereas the previous scheme requires O(n2)-bit communication and O(n) rounds. On the practical efficiency, we show the performance of our protocol by experiments on the scenario for distributed signatures, which is useful for secure key management on the distributed environment (e.g., distributed ledgers). As one of the cases, our implementation performs a modular exponentiation on a 3,072-bit discrete-log group and 256-bit exponent with roughly 300ms, which is an acceptable parameter for 128-bit security, even in the WAN setting.

  • Identity-based Encryption with Hierarchical Key-Insulation in the Standard Model
    著者
    J. Shikata and Y. Watanabe
    雑誌名
    Designs, Codes and Cryptography
    87
    5
    ページ
    1005–1033
    出版社
    Springer
    発行年
    2019
    Abstract

    A key exposure problem is unavoidable since it seems human error can never be eliminated completely, and key-insulated encryption is one of the cryptographic solutions to the problem. At Asiacrypt’05, Hanaoka et al. introduced hierarchical key-insulation functionality, which is attractive functionality that enhances key exposure resistance, and proposed an identity-based hierarchical key-insulated encryption (hierarchical IKE) scheme in the random oracle model. In this paper, we first propose the hierarchical IKE scheme in the standard model (i.e., without random oracles). Our hierarchical IKE scheme is secure under the symmetric external Diffie–Hellman (SXDH) assumption, which is a static assumption. Particularly, in the non-hierarchical case, our construction is the first IKE scheme that achieves constant-size parameters including public parameters, secret keys, and ciphertexts. Furthermore, we also propose the first public-key-based key-insulated encryption (PK-KIE) in the hierarchical setting by using our technique.

  • Implementation and Analysis of Fully Homomorphic Encryption in Resource-Constrained Devices
    著者
    A. Prasitsupparote, Y. Watanabe, J. Sakamoto, J. Shikata, and T. Matsumoto
    雑誌名
    International Journal of Digital Information and Wireless Communications (IJDIWC)
    8
    4
    ページ
    288–303
    出版社
    SDIWC Library
    発行年
    2018
    Abstract

    Currently, resource-constrained devices, which are known as one of the Internet of things (IoT) devices, have been widely used for healthcare systems. Most healthcare systems store users’ health data, which is encrypted by ordinary symmetric-key encryption and/or public-key encryption schemes, in a (cloud) server. However, the encrypted data needs to be decrypted for data analysis, and it means that sensitive information would be leaked to the server. One promising solution is to use fully homomorphic encryption (FHE), which enables ones to perform any computation among encrypted data while keeping it encrypted, though FHE generally requires high computational and communication costs in the theoretical sense.
    In this paper, we investigate practical feasibility of FHE in resource-constrained devices for healthcare systems. First, we define a privacy-preserving protocol for healthcare systems, and implement it on PC and Raspberry Pi by using a network simulator to measure its communication overhead, computational cost, and energy consumption over wireless body area network (WBAN). For this implementation, we suppose PC and Raspberry Pi as a cloud server and a resource-constrained device such as a smartphone or a wearable device, respectively. We use two FHE libraries, HElib and SEAL, for the implementation. Our result shows that the protocol with SEAL is better than that with HElib in terms of the communication overhead and energy consumption in transmission. On the other hand, HElib is better than SEAL regarding the running time, while SEAL can perform more homomorphic operations than HElib for the almost same plaintext size. Furthermore, the energy to execute each algorithm in the libraries is very small compared to the energy required in transmission. SEAL produces smaller sizes of ciphertexts than HElib, and therefore consumes few energy consumptions. As a result, we observe that both HElib and SEAL would be used on restricted resource devices, and in particular, SEAL would be more suitable for practical use in resource-constrained devices from our analysis.

  • Timed-Release Computational Secret Sharing and Threshold Encryption
    著者
    Y. Watanabe and J. Shikata
    雑誌名
    Designs, Codes and Cryptography
    86
    1
    ページ
    17–54
    出版社
    Springer
    発行年
    2018
    Abstract

    In modern cryptography, a secret sharing scheme is an important cryptographic primitive. In particular, Krawczyk proposed a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme. In this paper, we focus on a CSS scheme with timed-release functionality, which we call a timed-release computational secret sharing (TR-CSS) scheme. In TR-CSS, participants more than or equal to a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Our main purpose is to realize a TR-CSS scheme in a generic and efficient way in terms of the share size. Specifically, we first introduce a model and formalization of security of TR-CSS. In addition, we propose two kinds of constructions of TR-CSS: the first one is a simple and generic construction starting from an identity-based key encapsulation mechanism (IB-KEM); the second one, which is a more efficient construction than the first one, is built using a specific IB-KEM as the underlying IB-KEM. As a result, we can regard TR-CSS as a natural extension of Krawczyk’s CSS in terms of both a model and constructions, and we finally succeed to add timed-release functionality to Krawczyk’s CSS with small overhead, which is almost optimal. Moreover, our proposal of TR-CSS is important for constructing threshold encryption and multiple encryption with timed-release functionality in a generic and efficient way. Dodis and Katz showed (i) a simple and generic construction of threshold encryption from multiple encryption; and (ii) a simple, elegant and generic construction of multiple encryption. By using TR-CSS, we can effectively apply the Dodis–Katz paradigm even in the context of timed-release security.

  • CCA-secure Revocable Identity-Based Encryption Schemes with Decryption Key Exposure Resistance
    著者
    Y. Ishida, J. Shikata, and Y. Watanabe
    雑誌名
    International Journal of Applied Cryptography (IJACT)
    3
    3
    ページ
    288–311
    出版社
    Inderscience Publishers
    発行年
    2017
    Abstract

    Key revocation functionality is important for identity-based encryption (IBE) to manage users dynamically. Revocable IBE (RIBE) realises such revocation functionality with scalability. In PKC 2013, Seo and Emura first considered decryption key exposure resistance (DKER) as a new realistic threat, and proposed the first RIBE scheme with DKER. Their RIBE scheme is adaptively secure against chosen plaintext attacks (CPA), and there is no concrete RIBE scheme adaptively secure against chosen ciphertext attacks (CCA) even without DKER so far. In this paper, we first propose three constructions of adaptively CCA-secure RIBE schemes with DKER. The first and second schemes are based on an existing transformation, which is called a BCHK transformation, that a CPA-secure hierarchical IBE scheme can be transformed into a CCA-secure scheme. The third scheme is constructed via the KEM/DEM framework. Specifically, we newly propose a revocable identity-based key encapsulation mechanism (RIB-KEM), and we show a generic construction of a CCA-secure RIBE scheme from the RIB-KEM and a data encapsulation mechanism (DEM). The third scheme is more efficient than the first and second ones in terms of the ciphertext size.

  • Unconditionally Secure Broadcast Encryption Schemes with Tradeoffs between Communication and Storage
    著者
    Y. Watanabe and J. Shikata
    雑誌名
    IEICE Transactions on Fundamentals
    99-A
    6
    ページ
    1097–1106
    発行年
    2016
    Abstract

    An (≤n,≤ω)-one-time secure broadcast encryption scheme (BES) allows a sender to choose any subset of receivers so that only the designated users can decrypt a ciphertext. In this paper, we first show an efficient construction of an (≤n,≤ω)-one-time secure BES with general ciphertext sizes. Specifically, we propose a generic construction of an (≤n,≤ω)-one-time secure BES from key predistribution systems (KPSs) when its ciphertext size is equal to integer multiple of the plaintext size, and our construction includes all known constructions. However, there are many possible combinations of the KPSs to realize the BES in our construction methodology, and therefore, we show that which combination is the best one in the sense that secret-key size can be minimized. Our (optimized) construction provides a flexible parameter setup (i.e. we can adjust the secret-key sizes) by setting arbitrary ciphertext sizes based on restrictions on channels such as channel capacity and channel bandwidth.

  • Information-Theoretically Secure Timed-Release Secret Sharing Schemes
    著者
    Y. Watanabe and J. Shikata
    雑誌名
    Journal of Information Processing
    24
    4
    ページ
    680–689
    出版社
    IPSJ
    発行年
    2016
    Abstract

    In modern cryptography, the secret sharing scheme is an important cryptographic primitive, and it is used in various situations. In this paper, timed-release secret sharing (TR-SS) schemes with information-theoretic security is first studied. TR-SS is a secret sharing scheme with the property that more than a threshold number of participants can reconstruct a secret by using their shares only when the time specified by a dealer has come. Specifically, in this paper we first introduce models and formalization of security for two kinds of TR-SS based on the traditional secret sharing scheme and information-theoretic timed-release security. We also derive tight lower bounds on the sizes of shares, time-signals, and entities' secret-keys required for each TR-SS scheme. In addition, we propose direct constructions for the TR-SS schemes. Each direct construction is optimal in the sense that the construction meets equality in each of our bounds, respectively. As a result, it is shown that timed-release security can be realized without any additional redundancy on the share size.

  • Information-Theoretically Secure Blind Authentication Codes without Verifier’s Secret Keys
    著者
    N. Takei, Y. Watanabe, and J. Shikata
    雑誌名
    Josai Mathematical Monograph
    8
    ページ
    115–133
    出版社
    Graduate School of Sciences, Josai University
    発行年
    2015
    Abstract

    In modern cryptography, information-theoretic security is formalized by means of some probability (e.g., success probability of adversary’s guessing) or some information-theoretic measure (e.g., Shannon entropy), and the study on cryptographic protocols with information-theoretic security is one of effective applications of the probability theory, statistics, and information theory. In this paper, we study the blind authentication code (BA-code), a kind of information-theoretically secure authentication protocols, in which verifier’s secret keys are not required. For realizing it, we utilize a unidirectional low-bandwidth auxiliary channel which is called a manual channel. Specifically, in this paper we propose a model, a security definition, and a construction of BA-codes in the manual channel model. Furthermore, we consider BA-codes in other models, i.e., the noisy channel model and the bounded storage model, in which no verifier's secret key is required.

  • Information-Theoretically Secure Anonymous Group Authentication with Arbitration: Formal Definition and Construction
    著者
    T. Seito, Y. Watanabe, K. Kinose, and J. Shikata
    雑誌名
    Josai Mathematical Monograph
    雑誌/会議名
    Josai Mathematical Monograph
    7
    ページ
    85–110
    出版社
    Graduate School of Sciences, Josai University
    発行年
    2014
    Abstract

    In cryptographic applications, there is often a need for protecting privacy of users besides integrity of message transmitted in a public channel. In information-theoretic (or unconditional) security setting, a model of GA-codes (Group Authentication codes) which can ensure both the integrity of the message and the anonymity for senders was proposed. In this model, there are multiple senders and a single receiver. And, one of the senders can generate an authenticated message anonymously. That is, the receiver can verify the validity of the authenticated message, but he cannot specify the sender of it. In GA-codes, it is assumed that both the sender and receiver are honest. However, it may be unnatural and an ideal assumption in several situations. In this paper, we remove the assumption and newly propose a formal definition (i.e., the model and security definitions) of GA2-codes (Group Authentication codes with Arbitration). In GA2-codes, it is assumed that the sender or the receiver can be dishonest and thus a dispute between them may occur. To resolve such a dispute, we introduce an honest arbiter in GA2-codes. This model can be considered as natural extension of that of both the GAcodes and the traditional A2-codes (Authentication codes with Arbitration). In addition, we propose a construction which meets our security definition of GA2-codes by using polynomials over finite fields. We also consider the case that the arbiter is not always honest and call this model GA3-codes (GA2-codes with protection against arbiter’s attack), which is further extension of GA2-codes and be naturally considered from a similar setting of the traditional A3-codes (A2-code with protection against arbiter’s attack).

国際会議

  • A Key Recovery Algorithm Using Random Key Leakage from AES Key Schedule
    著者
    T. Uemura, Y. Watanabe, Y. Li, N. Miura, M. Iwamoto, K. Sakiyama, and K. Ohta
    会議名
    ISITA 2020
    出版社
    IEEE
    発行年
    2020
    To appear.
    Abstract

    A key recovery algorithm using parts of the key schedules is proposed for evaluating the threat of probing attack. Suppose that we have an information leakage sensor, and we can detect a leak (attacked) point where an attacker makes electrical/physical contact with a laser, a probe, etc. We assume that the attacked bits (leaked bits) are completely known to the attacker, whereas the other non-attacked bits are not leaked at all. We also assume that each bit leaks with a constant probability. Our key recovery algorithm is constructed by modifying the pruning phase that for cold boot attacks proposed by Tsow. Experimental result shows that, using our algorithm, more than 15% leakage recovers the key with almost probability 1, whereas less than 10% is recovered with small probability close to 0.

  • On the Power of Interaction in Signcryption
    著者
    J. Ida, J. Shikata, and Y. Watanabe
    会議名
    ISITA 2020
    出版社
    IEEE
    発行年
    2020
    To appear.
    Abstract

    Signcryption (SC) achieves the goal with lower computational costs than simply combining public-key encryption (PKE) and digital signatures (DS). Meanwhile, at SCN 2014, Dodis and Fiore formalized interactive PKE and DS. In particular, in the interactive setting, they showed a CCA-secure PKE scheme can be constructed assuming only CPA-secure PKE schemes in a black-box manner. In this paper, we focus on SC schemes in the interactive setting (ISC for short). Specifically, we newly define a model and security notions for ISC schemes. We then propose generic constructions of ISC schemes by using CPA-secure PKE schemes rather than CCA-secure ones, whereas such a realization is unknown in the context of non-interactive SC schemes. We show that two rounds are sufficient to construct an ISC scheme from only CPA-secure PKE schemes. Furthermore, we also show the first SC scheme that can be efficiently instantiated from simple assumptions in the standard model without pairings or lattices by allowing interaction.

  • Identity-Based Encryption with Security against the KGC: A Formal Model and Its Instantiation from Lattices
    著者
    K. Emura, S. Katsumata, and Y. Watanabe
    会議名
    ESORICS 2019
    LNCS 11736
    ページ
    113–133
    出版社
    Springer
    発行年
    2019
    発表日
    Sep. 25, 2019
    Abstract

    The key escrow problem is one of the main barriers to the widespread real-world use of identity-based encryption (IBE). Specifically, a key generation center (KGC), which generates secret keys for a given identity, has the power to decrypt all ciphertexts. At PKC 2009, Chow defined a notion of security against the KGC, that relies on assuming that it cannot discover the underlying identities behind ciphertexts. However, this is not a realistic assumption since, in practice, the KGC manages an identity list and hence it can easily guess the identities corresponding to given ciphertexts. Chow later closed the gap between theory and practice by introducing a new entity called an identity-certifying authority (ICA) and proposed an anonymous key-issuing protocol. Essentially, this allows the users, KGC, and ICA to interactively generate secret keys without users ever having to reveal their identities to the KGC. Unfortunately, the proposed protocol did not include a concrete security definition, meaning that all of the subsequent works following Chow lack the formal proofs needed to determine whether or not it delivers a secure solution to the key escrow problem.
    In this paper, based on Chow’s work, we formally define an IBE scheme that resolves the key escrow problem and provide formal definitions of security against corrupted users, KGC, and ICA. Along the way, we observe that if we are allowed to assume a fully trusted ICA, as in Chow’s work, then we can construct a trivial (and meaningless) IBE scheme that is secure against the KGC. Finally, we present a lattice-based construction in our new security model based on the Gentry–Peikert–Vaikuntanathan (GPV) IBE scheme (STOC 2008) and Rückert’s lattice-based blind signature scheme (ASIACRYPT 2010).

  • Implementation and Analysis of Fully Homomorphic Encryption in Wearable Devices
    著者
    A. Prasitsupparote, Y. Watanabe, and J. Shikata
    会議名
    ISDF 2018
    ページ
    1–14
    出版社
    SDIWC Library
    発行年
    2018
    発表日
    2018
    Abstract

    Currently, wearable devices, which are known as one of the Internet of things (IoT) devices, have been widely used for healthcare systems. Most of the healthcare systems store users’ healthcare data, which is encrypted by ordinary symmetric-key en- cryption and/or public-key encryption schemes, in a (cloud) server. However, the encrypted data needs to be decrypted for data analysis, and it means that sensitive information is leaked to the server. One promising solution is to use fully homomorphic encryption (FHE), which enables ones to perform any computation among encrypted data while keep- ing it encrypted. Although FHE generally requires high computational and communication costs in the theoretical sense, several researchers have imple- mented FHE schemes to measure their practical efficiency. In this paper, we consider a privacy- preserving protocol for healthcare systems employ- ing wearable devices, and implement this proto- col over Raspberry Pi, which is a popular single- board computer, to measure the actual efficiency of FHE over wearable devices. Specifically, we implemented the protocol by using two FHE li- braries, HElib and SEAL, on Raspberry Pi and net- work simulator to measure both computational and communication costs in wireless body area network (WBAN). In terms of the communication overhead, our result shows that the protocol with SEAL is bet- ter than that with HElib. In particular, the proto- col with SEAL has almost the same communication costs as the trivial protocol, which is the same pro- tocol without encryption. On the other hand, HE- lib is better than SEAL regarding the running time, while SEAL can perform more homomorphic op- erations than HElib for the almost same plaintext- size. Therefore, HElib is suitable for applications which require small time complexity, and SEAL is suitable for applications which require many homo- morphic operations.

  • Card-Based Majority Voting Protocols with Three Inputs Using Three Cards
    著者
    Y. Watanabe, Y. Kuroki, S. Suzuki, Y. Koga, M. Iwamoto, and K. Ohta
    会議名
    ISITA 2018
    ページ
    218–222
    出版社
    IEEE
    発行年
    2018
    Abstract

    Private operations (private permutations) were independently introduced by Nakai et al. and Marcedone et al. for implementing card-based cryptographic protocols efficiently. Recently, Nakai et al. showed that, if the private operations are available, secure computations of AND and OR operations for two inputs can be realized simultaneously by using four cards, and the protocol is applied to four-card majority voting protocol with three inputs. In this paper, it is shown that only three cards are sufficient to construct the majority voting protocol with three inputs. Specifically, we propose two constructions of three-input majority voting protocols. First, assuming that players are allowed to announce their outputs, we show that one card can be reduced from Nakai et al.'s protocol without any additional private operations and communications. Our second construction requires two more private operations and communications, whereas it removes the assumption on announcement from the first construction.

  • Key-Updatable Public-Key Encryption with Keyword Search: Models and Generic Constructions
    著者
    H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe
    会議名
    ACISP 2018
    LNCS 10946
    ページ
    341–359
    出版社
    Springer
    発行年
    2018
    Abstract

    Public-key encryption with keyword search (PEKS) enables us to search over encrypted data, and is expected to be used between a cloud server and users’ devices such as laptops or smartphones. However, those devices might be lost accidentally or be stolen. In this paper, we deal with such a key-exposure problem on PEKS, and introduce a concept of PEKS with key-updating functionality, which we call key-updatable PEKS (KU-PEKS). Specifically, we propose two models of KU-PEKS: The key-evolution model and the key-insulation model. In the key-evolution model, a pair of public and secret keys can be updated if needed (e.g., the secret key is exposed). In the key-insulation model, a public key remains fixed while a secret key can be updated if needed. The former model makes a construction simple and more efficient than the latter model. On the other hand, the latter model is preferable for practical use since a user never updates his/her public key. We show constructions of a KU-PEKS scheme in each model in a black-box manner. We also give an experimental result for the most efficient instantiation, and show our proposal is practical.

  • Broadcast Encryption with Guessing Secrecy
    著者
    Y. Watanabe
    会議名
    ICITS 2017
    LNCS 10681
    ページ
    39–57
    出版社
    Springer
    発行年
    2017
    Abstract

    Perfect secrecy, which is a fundamental security notion introduced by Shannon, guarantees that no information on plaintexts is leaked from corresponding ciphertexts in the information-theoretic sense. Although it captures the strongest security, it is well-known that the secret-key size must be equal or larger than the plaintext-size to achieve perfect secrecy. Furthermore, probability distribution on secret keys must be uniform. Alimomeni and Safavi-Naini (ICITS 2012) proposed a new security notion, called guessing secrecy, to relax the above two restrictions, and showed that unlike perfect secrecy, even non-uniform keys can be used for providing guessing secrecy. Iwamoto and Shikata (ISIT 2015) showed secure concrete constructions of a symmetric-key encryption scheme with non-uniform keys in the guessing secrecy framework. In this work, we extend their results to the broadcast encryption setting. We first define guessing secrecy of broadcast encryption, and show relationships among several guessing-secrecy notions and perfect secrecy. We derive lower bounds on secret keys, and show the Fiat-Naor one-bit construction with non-uniform keys is also secure in the sense of guessing secrecy.

  • Lattice-Based Revocable Identity-Based Encryption with Bounded Decryption Key Exposure Resistance
    著者
    A. Takayasu and Y. Watanabe
    会議名
    ACISP 2017
    LNCS 10342
    ページ
    184–204
    出版社
    Springer
    発行年
    2017
    Abstract

    A revocable identity-based encryption (RIBE) scheme, proposed by Boldyreva et al., provides a revocation functionality for managing a number of users dynamically and efficiently. To capture a realistic scenario, Seo and Emura introduced an additional important security notion, called decryption key exposure resistance (DKER), where an adversary is allowed to query short-term decryption keys. Although several RIBE schemes that satisfy DKER have been proposed, all the lattice-based RIBE schemes, e.g., Chen et al.’s scheme, do not achieve DKER, since they basically do not have the key re-randomization property, which is considered to be an essential requirement for achieving DKER. In particular, in every existing lattice-based RIBE scheme, an adversary can easily recover plaintexts if the adversary is allowed to issue even a single short-term decryption key query. In this paper, we propose a new lattice-based RIBE scheme secure against exposure of a-priori bounded number of decryption keys (for every identity). We believe that this bounded notion is still meaningful and useful from a practical perspective. Technically, to achieve the bounded security without the key re-randomization property, key updates in our scheme are short vectors whose corresponding syndrome vector changes in each time period. For this approach to work correctly and for the scheme to be secure, cover free families play a crucial role in our construction.

  • Unconditionally Secure Searchable Encryption
    著者
    T. Yoshizawa, Y. Watanabe, and J. Shikata
    会議名
    CISS 2017
    ページ
    1–6
    出版社
    IEEE
    発行年
    2017
    Abstract

    Searchable symmetric encryption (SSE) enables us to search encrypted data with an arbitrarily chosen keyword without leaking information on the data and keyword. SSE is expected to be used in, for example, cloud computing and genome analyses. In particular, privacy of genome data must be guaranteed for long periods, and therefore unconditionally secure cryptographic protocols, rather than computationally secure ones, should be used for protecting genome data. For this reason, we propose new constructions of unconditionally secure SSE schemes in this paper. Specifically, we define a model and security of unconditionally secure SSE, and we show a lower bound on secret-key sizes. We propose two kinds of constructions of unconditionally secure SSE schemes: One is asymptotically optimal in the sense of the secret-key size with some restriction on the security definition; and the other achieves full security at the sacrifice of the secret-key size.

  • New Revocable IBE in Prime-Order Groups: Adaptively Secure, Decryption Key Exposure Resistant, and with Short Public Parameters
    著者
    Y. Watanabe, K. Emura, and J.H. Seo
    会議名
    CT-RSA 2017
    LNCS 10159
    ページ
    432–449
    出版社
    Springer
    発行年
    2017
    Abstract

    Revoking corrupted users is a desirable functionality for cryptosystems. Since Boldyreva, Goyal, and Kumar (ACM CCS 2008) proposed a notable result for scalable revocation method in identity-based encryption (IBE), several works have improved either the security or the efficiency of revocable IBE (RIBE). Currently, all existing scalable RIBE schemes that achieve adaptively security against decryption key exposure resistance (DKER) can be categorized into two groups; either with long public parameters or over composite-order bilinear groups. From both practical and theoretical points of views, it would be interesting to construct adaptively secure RIBE scheme with DKER and short public parameters in prime-order bilinear groups.
    In this paper, we address this goal by using Seo and Emura’s technique (PKC 2013), which transforms the Waters IBE to the corresponding RIBE. First, we identify necessary requirements for the input IBE of their transforming technique. Next, we propose a new IBE scheme having several desirable properties; satisfying all the requirements for the Seo-Emura technique, constant-size public parameters, and using prime-order bilinear groups. Finally, by applying the Seo-Emura technique, we obtain the first adaptively secure RIBE scheme with DKER and constant-size public parameters in prime-order bilinear groups.

  • Unconditionally Secure Revocable Storage: Tight Bounds, Optimal Construction, and Robustness
    著者
    Y. Watanabe, G. Hanaoka, and J. Shikata
    会議名
    ICITS 2016
    LNCS 10015
    ページ
    213–237
    出版社
    Springer
    発行年
    2016
    Abstract

    Data stored in cloud storage sometimes requires long-term security due to its sensitivity (e.g., genome data), and therefore, it also requires flexible access control for handling entities who can use the data. Broadcast encryption can partially provide such flexibility by specifying privileged receivers so that only they can decrypt a ciphertext. However, once privileged receivers are specified, they can be no longer dynamically added and/or removed. In this paper, we propose a new type of broadcast encryption which provides long-term security and appropriate access control, which we call unconditionally secure revocable-storage broadcast encryption (RS-BE). In RS-BE, privileged receivers of a ciphertext can be dynamically updated without revealing any information on the underlying plaintext. Specifically, we define a model and security of RS-BE, and derive tight lower bounds on sizes of secret keys required for a one-time secure RS-BE scheme when the ciphertext size is equal to the plaintext size. Our lower bounds can be applied to traditional broadcast encryption. We then construct a one-time secure RS-BE scheme with a trade-off between sizes of ciphertexts and secret keys, and our construction for the smallest ciphertext size meets all bounds with equalities. Furthermore, to detect an improper update, we consider security against modification attacks to a ciphertext, and present a concrete construction secure against this type of attacks.

  • Sequential Aggregate Authentication Codes with Information Theoretic Security
    著者
    S. Tomita, Y. Watanabe, and J. Shikata
    会議名
    CISS 2016
    ページ
    192–197
    出版社
    IEEE
    発行年
    2016
    Abstract

    Sequential aggregate signature (SAS) schemes provide a single, compact signature, which is generated from a number of signatures, that simultaneously ensures that each signature is legally generated from the corresponding message with a defined order. Although SAS schemes have various applications such as a secure border gateway protocol, all existing schemes are computationally secure (i.e., assuming computationally bounded adversaries). In this paper, we first propose sequential aggregate authentication codes (SAA-codes), which has similar functionality of SAS in the information theoretic security setting. Specifically, we give a model and security formalization of SAA-codes, derive lower bounds on sizes of secret keys and authenticators required in secure SAA-codes, and present two kinds of optimal constructions in the sense that each construction meets the lower bounds with equalities.

  • Identity-Based Hierarchical Key-Insulated Encryption without Random Oracles
    著者
    Y. Watanabe and J. Shikata
    会議名
    PKC 2016
    LNCS 9614
    ページ
    255–279
    出版社
    Springer
    発行年
    2016
    Abstract

    Key-insulated encryption is one of the effective solutions to a key exposure problem. Recently, identity-based encryption (IBE) has been used as one of fundamental cryptographic primitives in a wide range of various applications, and it is considered that the identity-based key-insulated security has a huge influence on the resulting applications. At Asiacrypt’05, Hanaoka et al. proposed an identity-based hierarchical key-insulated encryption (hierarchical IKE) scheme. Although their scheme is secure in the random oracle model, it has a “hierarchical key-updating structure,” which is attractive functionality that enhances key exposure resistance.

  • Constructions of Unconditionally Secure Broadcast Encryption from Key Predistribution Systems with Trade-offs between Communication and Storage
    著者
    Y. Watanabe and J. Shikata
    会議名
    ProvSec 2015
    LNCS 9451
    ページ
    489–502
    出版社
    Springer
    発行年
    2015
    Abstract

    An (≤n,≤ω)-one-time secure broadcast encryption schemes (BESs) allows a sender to specify any subset of receivers so that only the specified recievers can decrypt a ciphertext. In this paper, we first show an efficient construction of a BES with general ciphertext sizes. Specifically, we propose a generic construction of a BES from key predistribution systems (KPSs) when its ciphertext size is equal to integer multiple of the plaintext size, and our construction includes all known constructions. However, there are many possible combinations of the KPSs to realize the BES in our construction methodology, and therefore, we show that which combination is the best one in the sense that secret-key size can be minimized. Deriving a tight bound on the secret-key size required for (≤n,≤ω)-one-time secure BES with any ciphertext size still remains an open problem.Our result also means that we first show an upper bound on the size of secret keys for general ciphertext sizes.

  • Keyword Revocable Searchable Encryption with Trapdoor Exposure Resistance and Re-Generateability
    著者
    K. Emura, L. T. Phong, and Y. Watanabe
    会議名
    IEEE TrustCom 2015
    ページ
    167–174
    出版社
    IEEE
    発行年
    2015
    Abstract

    In searchable encryption in the public key setting, a trapdoor is uploaded to a server, and the server runs the test algorithm by using the trapdoor. However, if trapdoors stored in the server will be exposed due to unexpected situations, then anyone can run the test algorithm. Therefore, the trapdoor revocation functionality is desirable in practice. Moreover, even certain keyword revocation functionality is supported, the impact of trapdoor exposure should be minimized. In addition to this, it seems difficult to assume that revoked keywords will never be used. Therefore, we need to consider the case where a new trapdoor can be generated even a trapdoor has been revoked before. In this paper, we give a formal definition of keyword revocable public key encryption with keyword search (KR-PEKS), and propose a generic construction of KR-PEKS from revocable identity-based encryption with a certain anonymity. Our construction is not only a generalization of revocable keyword search proposed by with Yu, Ni, Yang, Mu, and Susilo (Security and Communication Networks 2014), but also supports trapdoor exposure resistance which guarantees that an exposure of a trapdoor does not infect of other trapdoors, and trapdoor re-generateability which guarantee that a new trapdoor can be generated even a keyword has been revoked before.

  • Constructions of CCA-Secure Revocable Identity-Based Encryption
    著者
    Y. Ishida, Y. Watanabe, and J. Shikata
    会議名
    ACISP 2015
    LNCS 9144
    ページ
    174–191
    出版社
    Springer
    発行年
    2015
    Abstract

    Key revocation functionality is important for identity-based encryption (IBE) to manage users dynamically. Revocable IBE (RIBE) realizes such revocation functionality with scalability. In PKC 2013, Seo and Emura first considered decryption key exposure resistance (DKER) as a new realistic threat, and proposed the first RIBE scheme with DKER. Their RIBE scheme is adaptively secure against chosen plaintext attacks (CPA), and there is no concrete RIBE scheme adaptively secure against chosen ciphertext attacks (CCA) even without DKER so far. In this paper, we first propose two constructions of adaptively CCA-secure RIBE schemes with DKER. The first scheme is based on an existing transformation, which is called a BCHK transformation, that a CPA-secure hierarchical IBE scheme can be transformed into a CCA-secure scheme. The second scheme is constructed via the KEM/DEM framework. Specifically, we newly propose a revocable identity-based key encapsulation mechanism (RIB-KEM), and we show a generic construction of a CCA-secure RIBE scheme from the RIB-KEM and a data encapsulation mechanism (DEM). The second scheme is more efficient than the first one in terms of the ciphertext size.

  • Timed-Release Computational Secret Sharing Scheme and Its Applications
    著者
    Y. Watanabe and J. Shikata
    会議名
    ProvSec 2014
    LNCS 8782
    ページ
    326–333
    出版社
    Springer
    発行年
    2014
    Abstract

    A secret sharing scheme is an important cryptographic primitive. In this paper, we focus on a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme, with timed-release functionality, which we call a timed-release computational secret sharing (TR-CSS) scheme. In TR-CSS, participants more than or equal to a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Our TR-CSS can be regarded as a natural extension of Krawczyk’s CSS, and we finally succeed to add timed-release functionality to Krawczyk’s CSS with small overhead, which seems to be almost optimal. Moreover, we show our proposal of TR-CSS is important for constructing threshold encryption and multiple encryption with timed-release functionality in a generic and efficient way.

  • Timed-Release Secret Sharing Schemes with Information Theoretic Security
    著者
    Y. Watanabe and J. Shikata
    会議名
    BalkanCryptSec 2014
    LNCS 9024
    ページ
    219–236
    出版社
    Springer
    発行年
    2014
    Abstract

    In modern cryptography, the secret sharing scheme is an important cryptographic primitive and it is used in various situations. In this paper, timed-release secret sharing (TR-SS) schemes with information-theoretic security is first studied. TR-SS is a secret sharing scheme with the property that participants more than a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Specifically, in this paper we first introduce models and formalization of security for two kinds of TR-SS based on the traditional secret sharing scheme and information-theoretic timed-release security. We also derive tight lower bounds on the sizes of shares, time-signals, and entities’ secret-keys required for each TR-SS scheme. In addition, we propose direct constructions for the TR-SS schemes. Each direct construction is optimal in the sense that the construction meets equality in each of our bounds, respectively. As a result, it is shown that the timed-release security can be realized without any additional redundancy on the share size.

  • Information-Theoretically Secure Entity Authentication in the Multi-User Setting
    著者
    S. Hajime, Y. Watanabe, and J. Shikata
    会議名
    ICISC 2013
    LNCS 8565
    ページ
    400–417
    出版社
    Springer
    発行年
    2013
    Abstract

    In this paper, we study unilateral entity authentication protocols and mutual entity authentication protocols with information-theoretic security in the multi-user setting. To the best of our knowledge, only one paper by Kurosawa studied an entity authentication protocol with information-theoretic security, and an unilateral entity authentication protocol in the two-user setting was considered in his paper. In this paper, we extend the two-user unilateral entity authentication protocol to the multi-user one. In addition, we formally study an information-theoretically secure mutual entity authentication protocol in the multi-user setting for the first time. Specifically, we formalize a model and security definition, and derive tight lower bounds on size of users’ secret-keys, and we show an optimal direct construction.

  • Unconditionally Secure Blind Authentication Codes in the Manual Channel Model
    著者
    N. Takei, Y. Watanabe, and J. Shikata
    会議名
    3rd ISEEE
    ページ
    297–302
    発行年
    2013
    発表日
    2013
    Abstract

    In this paper, as a fundamental cryptographic protocol with information-theoretic security, we propose unconditionally secure blind authentication codes in the manual channel model. The blind authentication code is a protocol in which a user can obtain a signer's authenticator of a message with anonymity of a message and a verifier can verify the validity of it. To realize such a mechanism, it is known that each entity of the system, a user, a signer, and a verifier needs to have secret information. In our model of blind authentication codes in the manual channel model, a verifier can verify the validity of an authenticated message without any secret key. In this paper we propose a formal model and security formalization of blind authentication codes in the manual channel model. In addition, we present a construction of unconditionally secure blind authentication codes in the manual channel model.

  • Unconditionally Secure Anonymous Group Authentication with an Arbiter
    著者
    T. Seito, Y. Watanabe, K. Kinose, and J. Shikata
    会議名
    3rd ISEEE
    ページ
    291–296
    発行年
    2013
    Abstract

    In cryptographic application, there is need for protecting privacy of users besides integrity of data transmitted in a public channel. In unconditional (or information-theoretic) security setting, a model of GA-codes (Group Authentication codes) which ensures the anonymity for senders like the computationally secure group signature was proposed. In this model, it is assumed that both the sender and the receiver are mutually trusted. In this paper, we remove the assumption and newly propose a model and security definition of the GA2-code (Group Authentication codes with an Arbiter) in which a trusted arbiter is provided so that the arbiter can resolve a dispute between the sender and the receiver. This model can be considered as extension of both the GA-codes and the traditional A2-codes (Authentication codes with an Arbiter). In addition, we propose a construction which meets our security definition of GA2-codes by using polynomials over finite fields. We also consider the case that the arbiter is not always honest and call this model GA3-codes (GA-codes with protecting against arbiter's attack), which is similar to the setting of the traditional A3-codes.

  • Information-Theoretically Secure Aggregate Authentication Code: Model, Bounds, and Constructions
    著者
    A. Kubai, J. Shikata, and Y. Watanabe
    会議名
    CD-ARES Workshop, MoCrySEn 2013
    LNCS 8128
    ページ
    16–28
    出版社
    Springer
    発行年
    2013
    発表日
    Sep. 2–6, 2013
    Abstract

    In authentication schemes where many users send authenticated messages to a receiver, it is desirable to aggregate them into a single short authenticated message in order to reduce communication complexity. In this paper, in order to realize such a mechanism in information-theoretic security setting, we first propose aggregate authentication codes. Specifically, we newly propose a model and a security definition for aggregate authentication codes. We also show tight lower bounds on sizes of entities’ secret-keys and (aggregated) tags. Furthermore, we present optimal (i.e., most efficient) constructions for aggregate authentication codes.

  • Information-Theoretic Timed-Release Security: Key-Agreement, Encryption and Authentication Codes
    著者
    Y. Watanabe, T. Seito, and J. Shikata
    会議名
    ICITS 2012
    LNCS 7412
    ページ
    167–186
    出版社
    Springer
    発行年
    2012
    Abstract

    In this paper, we study timed-release cryptography with information-theoretic security. As fundamental cryptographic primitives with information-theoretic security, we can consider key-agreement, encryption, and authentication codes. Therefore, in this paper, we deal with information-theoretic timed-release security for all those primitives. Specifically, we propose models and formalizations of security for information-theoretic timed-release key-agreement, encryption, and authentication codes, and we present constructions of those ones. In particular, information-theoretic timed-release encryption and authentication codes can be constructed from information-theoretic timed-release key-agreement in a generic and simple way. Also, we derive tight lower bounds of sizes of secret-keys and show an optimal construction for information-theoretic timed-release key-agreement. Furthermore, we investigate a relationship of mechanisms between information-theoretic timed-release key-agreement and information-theoretic key-insulated key-agreement. It turns out that there exists a simple algorithm which converts the former into the latter, and vice versa. In the sense, we conclude that these two mechanisms are essentially close.

国内会議

  • より少ない漏洩の下で安全な動的検索可能暗号への変換手法
    著者
    渡邉 洋平, 大原 一真, 岩本 貢, 太田 和夫
    会議名
    CSS 2020
    ページ
    297–304
    学会名
    コンピューターセキュリティシンポジウム 2020 (CSS 2020) 予稿集
    発行年
    2020
  • フォワード安全かつ検索時通信量が最適な動的検索可能暗号
    著者
    渡邉 洋平
    会議名
    SCIS 2020
    ページ
    3B3-2
    発行年
    2020
    発表日
    2020/1/30
  • (強)フォワード安全な動的検索可能暗号の効率的な構成
    著者
    渡邉 洋平, 大原 一真, 岩本 貢, 太田 和夫
    会議名
    CSS 2019
    ページ
    1203–1210
    学会名
    コンピューターセキュリティシンポジウム 2019 (CSS 2019) 予稿集
    発行年
    2019

口頭発表

  • ファイルの安全な追加・削除・検索が可能な暗号システム
    発表者
    渡邉 洋平
    会議名
    JST新技術説明会
    開催地
    日本
    種別
    口頭発表
    発表日
    2019/7/18
  • Key-Updatable Public-Key Encryption with Keyword Search: An Efficient Construction
    著者
    H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe
    発表者
    N. Matsuzaki
    会議名
    IWSEC 2018
    開催地
    Sendai, Japan
    種別
    Poster
    発表日
    Aug., 2018
  • 復号権限無効化機能つき放送型暗号
    著者
    渡邉 洋平
    発表者
    渡邉 洋平
    会議名
    SITA 2016
    開催地
    岐阜県高山市
    種別
    ポスター
    発表日
    2016
  • How to Provide Long-Term Security and Required Functionality for Cloud Storage
    著者
    Y. Watanabe, G. Hanaoka, and J. Shikata
    発表者
    Y. Watanabe
    会議名
    PRIVAGEN 2015
    開催地
    Tokyo, Japan
    種別
    Poster
    発表日
    2015
  • Constructions of Strongly Secure Revocable Identity-Based Encryption
    著者
    Y. Ishida, Y. Watanabe, and J. Shikata
    発表者
    Y. Ishida
    会議名
    Yokohama Environment and Information Sciences (YEIS) International Forum
    開催地
    Yokohama, Japan
    種別
    Poster
    発表日
    2015
  • How to Provide Long-Term Security and Required Functionality for Cloud Storage
    著者
    Y. Watanabe, G. Hanaoka, and J. Shikata
    発表者
    Y. Watanabe
    会議名
    Yokohama Environment and Information Sciences (YEIS) International Forum
    開催地
    Yokohama, Japan
    種別
    Poster
    発表日
    2015
  • Information-Theoretically Secure Revocable-Storage Broadcast Encryption
    著者
    Y. Watanabe and J. Shikata
    発表者
    Y. Watanabe
    会議名
    IWSEC 2014
    開催地
    Hirosaki, Japan
    種別
    Poster
    発表日
    2014

招待講演

  • 情報理論的安全性に基づく放送型暗号 ~古典的結果と最近の進展~
    発表者
    渡邉 洋平
    会議名
    電子情報通信学会 情報理論研究会, IT2017-9
    開催地
    山口県湯田温泉
    発表日
    2017/9/8
  • Unconditionally Secure Revocable Storage
    発表者
    Y. Watanabe
    会議名
    IWSEC 2015
    開催地
    Nara, Japan
    発表日
    2015
  • Timed-Release Cryptography –Two Theoretical Approaches to Achieve Security
    発表者
    Y. Watanabe
    会議名
    JSPS-DST Asian Academic Seminar 2013 (AAS 2013)
    開催地
    Tokyo, Japan
    発表日
    2013

招待論文・解説記事

  • 検索可能暗号:データベースシステムの安全な運用に向けて
    著者
    渡邉 洋平
    雑誌/会議名
    ケミカルエンジニヤリング
    65
    9
    ページ
    552–560
    出版社
    化学工業社
    発行年
    2020

受賞等

プレプリント等

  • Efficient Identity-Based Encryption with Hierarchical Key-Insulation from HIBE
    著者   K. Emura, A. Takayasu, and Y. Watanabe
    Abstract

    Hierarchical key-insulated identity-based encryption (HKIBE) is identity-based encryption (IBE) that allows users to update their secret keys to achieve (hierarchical) key-exposure resilience, which is an important notion in practice. However, existing HKIBE constructions have limitations in efficiency: sizes of ciphertexts and secret keys depend on the hierarchical depth. In this paper, we first triumph over the barrier by proposing simple but effective design methodologies to construct efficient HKIBE schemes. First, we show a generic construction from any hierarchical IBE (HIBE) scheme that satisfies a special requirement, called MSK evaluatability introduced by Emura et al. (ePrint, 2020). It provides several new and efficient instantiations since most pairing-based HIBE schemes satisfy the requirement. It is worth noting that it preserves all parameters' sizes of the underlying HIBE scheme, and hence we obtain several efficient HKIBE schemes under the k-linear assumption in the standard model. Since MSK evaluatability is dedicated to pairing-based HIBE schemes, the first construction restricts pairing-based instantiations. To realize efficient instantiation from various assumptions, we next propose a generic construction of an HKIBE scheme from any plain HIBE scheme. It is based on Hanaoka et al.'s HKIBE scheme (Asiacrypt 2005), and does not need any special properties. Therefore, we obtain new efficient instantiations from various assumptions other than pairing-oriented ones. Though the sizes of secret keys and ciphertexts are larger than those of the first construction, it is more efficient than Hanaoka et al.'s scheme in the sense of the sizes of master public/secret keys.

  • Adaptively Secure Revocable Hierarchical IBE from k-linear Assumption
    著者   K. Emura, A. Takayasu, and Y. Watanabe
    Abstract

    Revocable identity-based encryption (RIBE) is an extension of IBE with an efficient key revocation mechanism. Revocable hierarchical IBE (RHIBE) is its further extension with key delegation functionality. Although there are various adaptively secure pairing-based RIBE schemes, all known hierarchical analogs only satisfy selective security. In addition, the currently known most efficient adaptively secure RIBE and selectively secure RHIBE schemes rely on non-standard assumptions, which are referred to as the augmented DDH assumption and q-type assumptions, respectively. In this paper, we propose a simple but effective design methodology for RHIBE schemes. We provide a generic design framework for RHIBE based on an HIBE scheme with a few properties. Fortunately, several state-of-the-art pairing-based HIBE schemes have the properties. In addition, our construction preserves the sizes of master public keys, ciphertexts, and decryption keys, as well as the complexity assumptions of the underlying HIBE scheme. Thus, we obtain the first RHIBE schemes with adaptive security under the standard k-linear assumption. We prove adaptive security by developing a new proof technique for RHIBE. Due to the compactness-preserving construction, the proposed R(H)IBE schemes have similar efficiencies to the most efficient existing schemes.