Hideki Imai

Applied Algebra, Algebraic Algorithms and Error-Correcting Codes

The well known Plotkin construction is, in the current paper, generalized and used to yield new families of Z2Z4-additive codes, whose length, dimension as well as minimum distance are studied. These new constructions enable us to obtain families of Z2Z4-additive codes such that, under the Gray map, the corresponding binary codes have the same parameters and properties as the usual binary linear Reed-Muller codes. Moreover, the first family is the usual binary linear Reed-Muller family.The most successful method to obtain lower bounds for the minimum distance of an algebraic geometric code is the order bound, which generalizes the Feng-Rao bound. We provide a significant extension of the bound that improves the order bounds by Beelen and by Duursma and Park. We include an exhaustive numerical comparison of the different bounds for 10168 two-point codes on the Suzuki curve of genus g=124 over the field of 32 elements. Keywords: algebraic geometric code, order bound, Suzuki curve.Cryptography and the Methodology of Provable Security.- Dynamical Systems Generated by Rational Functions.- Homotopy Methods for Equations over Finite Fields.- Three Constructions of Authentication/Secrecy Codes.- The Jacobi Model of an Elliptic Curve and Side-Channel Analysis.- Fast Point Multiplication on Elliptic Curves through Isogenies.- Interpolation of the Elliptic Curve Diffie-Hellman Mapping.- An Optimized Algebraic Method for Higher Order Differential Attack.- Fighting Two Pirates.- Copyright Control and Separating Systems.- Unconditionally Secure Homomorphic Pre-distributed Commitments.- A Class of Low-Density Parity-Check Codes Constructed Based on Reed-Solomon Codes with Two Information Symbols.- Relative Duality in MacWilliams Identity.- Good Expander Graphs and Expander Codes: Parameters and Decoding.- On the Covering Radius of Certain Cyclic Codes.- Unitary Error Bases: Constructions, Equivalence, and Applications.- Differentially 2-Uniform Cocycles - The Binary Case.- The Second and Third Generalized Hamming Weights of Algebraic Geometry Codes.- Error Correcting Codes over Algebraic Surfaces.- A Geometric View of Decoding AG Codes.- Performance Analysis of M-PSK Signal Constellations in Riemannian Varieties.- Improvements to Evaluation Codes and New Characterizations of Arf Semigroups.- Optimal 2-Dimensional 3-Dispersion Lattices.- On g-th MDS Codes and Matroids.- On the Minimum Distance of Some Families of ?2 k-Linear Codes.- Quasicyclic Codes of Index ? over F q Viewed as F q[x]-Submodules of F q ?[x]/?x m?1?.- Fast Decomposition of Polynomials with Known Galois Group.

Efficient identity-based encryption with tight security reduction

In a famous paper at CRYPTOO1, Boneh and Franklin proposed the first fully functional identity-based encryption scheme (IBE), around fifteen years after the concept was introduced by Shamir. Their scheme achieves chosen-ciphertext security (i.e., secure in the sense of IND-ID-CCA); however, the security reduction is far from being tight. In this paper, we present an efficient variant of the Boneh-Franklin scheme that achieves a tight security reduction. Our scheme is basically an IBE scheme under two keys, one of which is randomly chosen and given to the user. It can be viewed as a continuation of an idea introduced by Katz and Wang; however, unlike the Katz-Wang variant, our scheme is quite efficient, as its ciphertext size is roughly comparable to that of the original full Boneh-Franklin scheme. The security of our scheme can be based on either the gap bilinear Diffie-Hellman (GBDH) or the decisional bilinear Diffie-Hellman (DBDH) assumptions.

Applying fujisaki-okamoto to identity-based encryption

The Fujisaki-Okamoto (FO) conversion is widely known to be able to generically convert a weak public key encryption scheme, say one-way against chosen plaintext attacks (OW-CPA), to a strong one, namely, indistinguishable against adaptive chosen ciphertext attacks (IND-CCA). It is not known that if the same holds for identity-based encryption (IBE) schemes, though many IBE and variant schemes are in fact specifically using the FO conversion. In this paper, we investigate this issue and confirm that the FO conversion is generically effective also in the IBE case. However, straightforward application of the FO conversion only leads to an IBE scheme with a loose (but polynomial) reduction. We then propose a simple modification to the FO conversion, which results in considerably more efficient security reduction.

Forward-Secure and searchable broadcast encryption with short ciphertexts and private keys

We introduce a primitive called Hierarchical Identity- Coupling Broadcast Encryption (HICBE) that can be used for constructing efficient collusion-resistant public-key broadcast encryption schemes with extended properties such as forward-security and keyword- searchability. Our forward-secure broadcast encryption schemes have small ciphertext and private key sizes, in particular, independent of the number of users in the system. One of our best two constructions achieves ciphertexts of constant size and user private keys of size O(log2T), where T is the total number of time periods, while another achieves both ciphertexts and user private keys of size O(logT). These performances are comparable to those of the currently best single-user forward-secure public-key encryption scheme, while our schemes are designed for broadcasting to arbitrary sets of users. As a side result, we also formalize the notion of searchable broadcast encryption, which is a new generalization of public key encryption with keyword search. We then relate it to anonymous HICBE and present a construction with polylogarithmic performance.

Compact and Flexible Resolution of CBT Multicast Key-Distribution

In an open network such as the Internet, multicast security services typically start with group session-key distribution. Considering scalability for group communication among widely-distributed members, we can find a currently-leading approach based on a CBT (Core-Based Tree) routing protocol, where Group Key Distribution Centers (GKDCs) are dynamically constructed during group-member joining process.

Efficient Identity-Based Encryption with Tight Security Reduction

In this paper, we present an efficient variant of the Boneh-Franklin scheme that achieves a tight security reduction. Our scheme is basically an IBE scheme under two keys, one of which is randomly chosen and given to the user. It can be viewed as a continuation of an idea introduced by Katz and Wang; however, unlike the Katz-Wang variant, our scheme is quite efficient, as its ciphertext size is roughly comparable to that of the original full Boneh-Franklin scheme. The security of our scheme can be based on either the gap bilinear Diffie-Hellman (GBDH) or the decisional bilinear Diffie-Hellman (DBDH) assumptions.

Cryptographic module validation program in Japan

The information system consists of networks con- taining many entities. Furthermore, an information system is built into a part of infrastructure, and bears an important role. There- fore, the security countermeasures of the information system have been important subjects. In an information system, an adversary attacks an entity with a low security level. Therefore, the security level of all the entities should be unified into the common level. If it is under common directions of an administrative organization, the security level of each entity can be unified easily. However, in order that separate administrator may administer each entity, it is not easy to unify a security level. For example, in a Japanese E- government system, each ministry agency performs procurement and administration of their system. Therefore, the security level of each E-government system is not always the same. When each system is administered separately and it is more- over hard to commit legal force, in order to unify a security level, you have to recognize a mutual security level. In order to recognize a security level, evaluation and certification of a security system are important. Common Criteria is well known for evaluation and certification of the security level of a system. Common Criteria is the security criteria for evaluating whether from a viewpoint of information security, the product and system relevant to an information technology are designed appropriately and the design is implemented surely. It was recognized as ISO/IEC standards in June, 1999. However, in Common Criteria, the evaluation and certification of Cryptographic Module which are used with an information system have not been applicable. Cryptographic Module is functional block which offers the cryptographic function used with information systems and its security level needs to evaluate. It is necessary to perform evaluation of Cryptographic Module individually with Common Criteria evaluation. Security Requirements for Cryptographic Modules which used in Government agency is already defined as FIPS 140-2 in the U.S. and Canada. And they cooperate with the Validation scheme. The system which the U.S. and Canada are operating is premised on unitary control. However, in many E-government system of Japan, the vendor of Cryptographic Module and the vendor of a system are in same company. When the vendor of Cryptographic Module and a system is in common, the specification of Cryptographic Module is not released in many cases. Therefore, much time is required in order to build a system like the U.S. and Canada. Then, we did the case study about the conditions for building up Cryptographic Module Validation system smoothly under the situation like Japan. In this paper, we report that result.