Jun Anzai

A Quick Group Key Distribution Scheme with Entity Revocation

This paper proposes a group key distribution scheme with an “entity revocation”, which renews a group key of all the entities except one (or more) specific entity (ies). In broadcast systems such as Pay-TV, Internet multicast and mobile telecommunication for a group, a manager should revoke a dishonest entity or an unauthorized terminal as soon as possible to protect the secrecy of the group communication. However, it takes a long time for the “entity revocation” on a large group, if the manager distributes a group key to each entity except the revoked one. A recently published paper proposed a group key distribution scheme in which the amount of transmission and the delay do not rely on the number of entities of the group, using a type of secret sharing technique. This paper devises a novel key distribution scheme with “entity revocation” that makes frequent key distribution a practical reality. This scheme uses a technique similar to “threshold cryptosystems” and the one-pass Diffie-Hellman key exchange scheme.

A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals

Following requirements are necessary when implementing public key cryptography in a mobile telecommunication terminal. (1) simultaneous highspeed double modular exponentiation calculation, (2) small size and low power consumption, (3) resistance to side channel attacks. We have developed a coprocessor that provides these requirements. In this coprocessor, right-to-left binary exponentiation algorithm was extended for double modular exponentiations by designing new circuit configuration and new schedule control methods. We specified the desired power consumption of the circuit at the initial design stage. Our proposed method resists side channel attacks that extract secret exponent by analyzing the targets power consumption and calculation time.

Light Weight Broadcast Exclusion Using Secret Sharing

In this paper, we examine a broadcast exclusion problem, i.e., how to distribute an encryption key over a channel shared by n entities so that all but k excluded entities can get the key. Recently, J. Anzai, N. Matsuzaki and T. Matsumoto proposed a scheme that provides a solution to the broadcast exclusion problem. Their solution is to apply (k + 1, n + k) threshold cryptosystems. In this scheme, the transmission overhead is O (k) and each entity holds a fixed amount of secret key. However, each entity must compute the encryption key with k + 1 modular exponentiations. Therefore, a device with low computing power (e.g., a mobile terminal or a smart card) cannot calculate the broadcast key within a reasonable time. In this paper, we propose a new scheme in which each entity computes the key with only two modular exponentiations, regardless of n and k. We accomplish this by assuming a trusted key distributor, while retaining the advantages of Anzai-Matsuzaki-Matsumoto scheme, i.e., the transmission overhead is O (k), and each entity holds a fixed amount of secret key regardless of n and k.

A Distributed User Revocation Scheme for Ad-Hoc Networks

This paper proposes a user revocation scheme for decentralized networks. User revocation is a method to distribute a group decryption key that is shared by n users in a group so that all but d revoked users can obtain the key. In decentralized networks such as ad-hoc networks, mesh networks, and Peer to Peer (P2P) networks, a sender should revoke the access of a dishonest user or an unauthorized user as soon as possible to protect the security of group communication. However, if the sender distributes the group key to all users aside from the revoked user, it would take a long time to revoke a user in a large group. In addition, users must set shared group keys for each user without a privileged center. We propose a scheme in which the amount of transmission and the key storage of each user are small.

How to construct secure cryptographic location-based services

Recently, ubiquitous computing / networks have been studied actively. These networks provide services depending on real environments of mobile nodes. Especially, we expect location-based services (LBSs), which rely on location of mobile nodes, are anticipated to come into wide use in the future. High-value LBSs require cryptography to ensure security. Here, cryptographic LBSs comprise a key management function (e.g. key sharing with nodes) and a location management function (e.g. location verification of nodes). Cooperation between key and location management functions realizes cryptographic LBSs. However, these functions have mostly been studied individually. This study indicates that cryptographic LBSs are insecure if the cooperation is incomplete, and proposes a method of constructing secure cryptographic LBSs.