Hirofumi Muratani

A Collusion-Secure Fingerprinting Code Reduced by Chinese Remaindering and Its Random-Error Resilience

A c-secure code with ?-error is one of the fingerprinting codes robust against a collusion attack. The purpose of this study is to construct a new c-secure code which has a shorter code length for a large-scale collusion than ever proposed. We call this code a c-secure CRT code. Furthermore, we investigate possible approaches to make this code robust against random-error addition. Two approaches to this problem have already been proposed. One is a combination of an error-correcting code and a c-secure code. The other is to make inner codes of the c-secure code resilient against random-error addition. We propose a brand-new approach, called weak ID elimination, which is a modification of its outer code. We also propose a method to estimate whether the size of a coalition exceeds the traceability of this code.

Optimization and evaluation of randomized c-secure CRT code defined on polynomial ring

An improved construction of a binary fingerprinting code is evaluated. The c-secure CRT code, a variant of the c-secure code, has shorter code length than the original construction by Boneh and Shaw. Recently, two improvements to this code have been proposed. We provide conditions determining the code length of the construction combined with these two improvements and provide the optimal setting of parameters. We compare the code length of the improved construction with that of the original construction. For any size of collusion, the code length is improved. In particular, for the collusion size c≥ 32, the code length of the improved code becomes about a tenth of the original c-secure CRT code.

NM-CPA Secure Encryption with Proofs of Plaintext Knowledge

NM-CPA secure asymmetric encryption schemes which prove plaintext knowledge are sufficient for secrecy and verifiability in some domains, for example, ballot secrecy and end-to-end verifiability in electronic voting. In these domains, some applications derive encryption schemes by coupling malleable IND-CPA secure ciphertexts with proofs of plaintext knowledge, without evidence that the sufficient condition is satisfied nor an independent security proof. Consequently, it is unknown whether these applications satisfy the desired secrecy and verifiability properties. In this paper, we propose a generic construction for such a coupling and prove that our construction produces NM-CPA secure encryption schemes which prove plaintext knowledge. Accordingly, we facilitate the development of applications satisfying their secrecy and verifiability objectives and, moreover, we make progress towards security proofs for existing applications.

ANALYZING THE EFFECTIVENESS OF THE QUANTUM REPEATER

The range of quantum key distribution is limited by exponential attenuation of photons in optical fibers. It is believed that a quantum repeater can improve the order of the attenuation and can be useful for extending the communication distance of QKD. It is already shown that quantum repeater is effective when not considering the repeater noise. In this paper, we analyze the effectiveness of the quantum repeater when considering the repeater noise. We point out that there is some threshold of length of EPR pairs, under which quantum repeater protocol is valid and over which quantum repeater is not valid. Besides, this threshold depends on the largeness of the repeater noise. So, it is important to suppress the repeater noise in order that the quantum repeater scheme can really improve the bit rate. We also analyze the effectiveness from the viewpoint of the security and show that QKD is secure even if quantum repeater is used.

Factor-4 and 6 (de)compression for values of pairings using trace maps

The security of pairing-based cryptosystems relies on the hardness of the discrete logarithm problems in elliptic curves and in finite fields related to the curves, namely, their embedding fields. Public keys and ciphertexts in the pairing-based cryptosystems are composed of points on the curves or values of pairings. Although the values of the pairings belong to the embedding fields, the representation of the field is inefficient in size because the size of the embedding fields is usually larger than the size of the elliptic curves. We show factor-4 and 6 compression and decompression for the values of the pairings with the supersingular elliptic curves of embedding degrees 4 and 6, respectively. For compression, we use the fact that the values of the pairings belong to algebraic tori that are multiplicative subgroups of the embedding fields. The algebraic tori can be expressed by the affine representation or the trace representation. Although the affine representation allows decompression maps, decompression maps for the trace representation has not been known. In this paper, we propose a trace representation with decompression maps for the characteristics 2 and 3. We first construct efficient decompression maps for trace maps by adding extra information to the trace representation. Our decompressible trace representation with additional information is as efficient as the affine representation is in terms of the costs of compression, decompression and exponentiation, and the size.

Toward compact public key encryption based on CDH assumption via extended twin DH assumption

IND-CCA secure public key encryption schemes based on the CDH assumption in the standard model use a hardcore function as a key derivation function for a shared key. Therefore, many secret and public key size are necessary for sending a sufficiently long shared key. Yamada et al. [17,16] and Haralambiev et al. [12] proposed efficient public key encryption schemes based on the CDH assumption. Moreover, they proposed a method that drastically reduces the secret and the public key sizes by using a bilinear map, and they also proposed IND-CCA secure public key encryption based on the bilinear DH assumption. Unfortunately, many secret and public key sizes are still necessary in general cyclic groups that lack known efficient bilinear map. In this paper, we propose a compact public key scheme based on the CDH assumption in the standard model. The public and secret key sizes are trivially reduced by sending several block of the ciphertext. By using batch verification, our scheme succeeded in reducing the ciphertext size compared with that in the case of the trivially extended scheme. To prove IND-CCA security of our scheme, we define a new computational assumption, namely, the extended hashed strong twin Diffie-Hellman assumption. Moreover, we construct an extended trapdoor test to simulate a decisional oracle, and prove that if the CDH assumption holds and the hash function is the hardcore function for DH key, then the extended hashed strong twin DH assumption also holds. Our reducing technique is also applicable to other schemes [17,16,15] based on the CDH assumption.

Generating Parameters for Algebraic Torus-Based Cryptosystems

Algebraic torus-based cryptosystems are public key cryptosystems based on the discrete logarithm problem, and have compact expressions compared with those of finite field-based cryptosystems. In this paper, we propose parameter selection criteria for the algebraic torus-based cryptosystems from the viewpoints of security and efficiency. The criteria include the following conditions: consistent resistance to attacks on algebraic tori and their embedding fields, and a large degree of freedom to select parameters suitable for each implementation. An extension degree and a characteristic size of a finite field on which the algebraic tori are defined are adjustable. We also provide examples of parameters satisfying the criteria.