Junji Shikata

Unconditionally Secure Digital Signature Schemes Admitting Transferability

A potentially serious problem with current digital signature schemes is that their underlying hard problems from number theory may be solved by an innovative technique or a new generation of computing devices such as quantum computers. Therefore while these signature schemes represent an efficient solution to the short term integrity (unforgeability and non-repudiation) of digital data, they provide no confidence on the long term (say of 20 years) integrity of data signed by these schemes. In this work, we focus on signature schemes whose security does not rely on any unproven assumption. More specifically, we establish a model for unconditionally secure digital signatures in a group, and demonstrate practical schemes in that model. An added advantage of the schemes is that they allow unlimited transfer of signatures without compromising the security of the schemes. Our scheme represents the first unconditionally secure signature that admits provably secure transfer of signatures.

Identity-Based hierarchical strongly key-insulated encryption and its application

In this paper, we discuss non-interactive updating of decryption keys in identity-based encryption (IBE). In practice, key revocation is a necessary and inevitable process and IBE is no exception when it comes to having to manage revocation of decryption keys without losing its merits in efficiency. Our main contribution of this paper is to propose novel constructions of IBE where a decryption key can be renewed without having to make changes to its public key, i.e. user’s identity. We achieve this by extending the hierarchical IBE (HIBE). Regarding security, we address semantic security against adaptive chosen ciphertext attacks for a very strong attack environment that models all possible types of key exposures in the random oracle model. In addition to this, we show method of constructing a partially collusion resistant HIBE from arbitrary IBE in the random oracle model. By combining both results, we can construct an IBE with non-interactive key update from only an arbitrary IBE.

Information Theoretic Security for Encryption Based on Conditional Renyi Entropies

In this paper, information theoretic cryptography is discussed based on conditional Renyi entropies. Our discussion focuses not only on cryptography but also on the definitions of conditional Renyi entropies and the related information theoretic inequalities. First, we revisit conditional Renyi entropies, and clarify what kind of properties are required and actually satisfied. Then, we propose security criteria based on Renyi entropies, which suggests us deep relations between (conditional) Renyi entropies and error probabilities by using several guessing strategies. Based on these results, unified proof of impossibility, namely, the lower bounds on key sizes are derived based on conditional Renyi entropies. Our model and lower bounds include the Shannon’s perfect secrecy, and the min-entropy based encryption presented by Dodis, and Alimomeni and Safavi-Naini at ICITS2012. Finally, a new optimal symmetric key encryption protocol achieving the lower bounds is proposed.

Security Notions for Unconditionally Secure Signature Schemes

This paper focuses on notions for the security of digital signature schemes whose resistance against forgery is not dependent on unproven computational assumptions. We establish successfully a sound and strong notion for such signature schemes. We arrive at the sound notion by examining carefully the more established security notions for digital signatures based on public-key cryptography, and taking into account desirable requirements of signature schemes in the unconditional security setting. We also reveal an interesting relation among relevant security notions which have appeared in the unconditionally setting, and significantly, prove that our new security notion is the strongest among all those for unconditionally secure authentication and signature schemes known to date. Furthermore, we show that our security notion encompasses that for public-key signature schemes, namely, existential unforgeability under adaptive chosen-message attack. Finally we propose a construction method for signature schemes that are provably secure in our strong security notion.

On the security of multiple encryption or CCA-security+CCA-security=CCA-security?

In a practical system, a message is often encrypted more than once by different encryptions, here called multiple encryption, to enhance its security. Additionally, new features may be achieved by multiple encrypting a message, such as the key-insulated cryptosystems and anonymous channels. Intuitively, a multiple encryption should remain “secure”, whenever there is one component cipher unbreakable in it. In NESSIE’s latest Portfolio of recommended cryptographic primitives (Feb. 2003), it is suggested to use multiple encryption with component ciphers based on different assumptions to acquire long term security. However, in this paper we show this needs careful discussion, especially, this may not be true according to adaptive chosen ciphertext attack (CCA), even with all component ciphers CCA-secure. We define an extended model of (standard) CCA called chosen ciphertext attack for multiple encryption (ME-CCA) emulating partial breaking of assumptions, and give constructions of multiple encryption satisfying ME-CCA-security. We further relax CCA by introducing weak ME-CCA (ME-wCCA) and study the relations among these definitions, proving ME-wCCA-security can be acquired by combining IND-CCA-secure component ciphers together. We then apply these results to key-insulated cryptosystem.

Unconditionally Secure Anonymous Encryption and Group Authentication

Anonymous channels or similar techniques that can achieve senders anonymity play important roles in many applications. However, they will be meaningless if cryptographic primitives containing his identity is carelessly used during the transmission.The main contribution of this paper is to study the security primitives for the above problem. In this paper, we first define unconditionally secure asymmetric encryption scheme (USAE), which is an encryption scheme with unconditional security and is impossible for a receiver to deduce the identity of a sender from the encrypted message. We also investigate tight lower bounds on required memory sizes from an information theoretic viewpoint and show an optimal construction based on polynomials. We also show a construction based on combinatorial theory, a non-malleable scheme and a multi-receiver scheme. Then, we define and formalize group authentication code (GA-code), which is an unconditionally secure authentication code with anonymity like group signatures. In this scheme, any authenticated user will be able to generate and send an authenticated message while the receiver can verify the legitimacy of the message that it has been sent from a legitimate user but at the same time retains his anonymity. For GA-code, we show two concrete constructions.

Equivalence between Semantic Security and Indistinguishability against Chosen Ciphertext Attacks

The aim of this work is to examine the relation between the notions of semantic security and indistinguishability against chosen ciphertext attacks. For this purpose, a new security notion called nondividability is introduced independent of attack models, and is shown to be equivalent to each of the previous two notions. This implies the equivalence between semantic security and indistinguishability under any form of attack.

Comparing the MOV and FR reductions in elliptic curve cryptography

This paper addresses the discrete logarithm problem in elliptic curve cryptography. In particular, we generalize the Menezes, Okamoto, and Vanstone (MOV) reduction so that it can be applied to some non-supersingular elliptic curves (ECs); decrypt Frey and Ruck (FR)s idea to describe the detail of the FR reduction and to implement it for actual elliptic curves with finite fields on a practical scale; and based on them compare the (extended) MOV and FR reductions from an algorithmic point of view. (This paper has primarily an expository role.)

Cryptography with information theoretic security

Summary form only given. We discuss information-theoretic methods to prove the security of cryptosystems. We study what is called, unconditionally secure (or information-theoretically secure) cryptographic schemes in search for a system that can provide long-term security and that does not impose limits on the adversarys computational power.

Unconditionally Secure Key Insulated Cryptosystems: Models, Bounds and Constructions

Computer systems are constantly under attack and illegal access is a constant threat which makes security even more critical. A system can be broken into and secret information, e.g. decryption key, may be exposed. Very recently, a new framework for the protection against such key exposure problem was suggested and was called, key-insulated encryption (KIE). In this paper, we study key insulated cryptosystems without computational assumptions. First, we define the model of KIE in unconditional setting and show lower bounds on required memory sizes. Our bounds are all tight since our concrete construction of KIE achieves the bounds. In other words, this construction is optimal in terms of memory sizes of a user, a trusted device and a sender. We then, extend the concept of it further, and add an extra property so that any pair of users in the system can communicate with each other. We called the version with this added extension, dynamic and mutual key insulated encryption (DMKIE), and concrete implementations of DMKIE are also shown. Finally, we discuss the relationship among KIE, key predistribution schemes (KPS) and broadcast encryption schemes (BES), specifically, showing that DMKIE can be constructed from KPS or BES.