Kazuto Ogawa

On the Theoretical Gap between Group Signatures with and without Unlinkability

We investigate a theoretical gap between unlinkability of group signature schemes and their other requirements, and show that this gap is significantly large. Specifically, we clarify that if unlinkability is achieved from any other property of group signature schemes, then it becomes possible to construct a chosen-ciphertext secure cryptosystem from any one-way function . This result implies that it would be possible to drastically improve efficiency of group signature schemes if unlinkability is not taken into account. We also demonstrate to construct a significantly more efficient scheme (without unlinkability) than the best known full-fledged scheme.

An Efficient Strong Key-Insulated Signature Scheme and Its Application

The security of a system is often compromised by exposure of secret keys even if its underlying cryptographic tools are perfectly secure, assuming that their secret keys will be never exposed to adversaries. A key-insulated signature scheme is a useful cryptographic primitive for reducing the damage caused by such leakage. In this paper, we propose an efficientstrong key-insulated signature (KIS) scheme and prove its security. This scheme is significantly more efficient than conventional strong KIS schemes especially in terms of signature size, and it is provably secure under the discrete logarithm (DL) assumption in the random oracle model. It is constructed by extending the Abe-Okamoto signature scheme [1]; we give a formal proof of adaptive key-exposure security as it is not addressed in [1]. A typical application of our scheme is to an authentication system in which one (or a small number of) sender communicates with many receivers since multiple copies of the senders signature are transmitted to individual receivers in such a system. We discuss a bidirectional broadcasting service as an example.

Anonymous authentication scheme for subscription services

In bidirectional broadcasting services via networks, all user operations and actions are controlled with the user ID and are recorded by the service providers. This means the users personal information such as his/her payment method and preferences is disclosed to the providers possibly against the users will. Hence, to preserve privacy, an anonymous authentication scheme for subscription services would seem to be in order. In this paper, we introduce a subscription service model and its system requirements for preserving privacy. Moreover, we propose an efficient group signature scheme having a property of linkability, which is useful for anonymous authentication and a preference subscription service. We show that our authentication scheme is efficient in terms of signature size and that it is suited to subscription services having many members.

Privacy preserving system for integrated broadcast-broadband services using attribute-based encryption

A number of integrated broadcast-broadband services have recently been launched which allow the viewers to receive the content via the airwaves together with additional information about the content via the Internet. By providing personal preferences viewers can expect more attractive and personalized services. Viewers would be only willing to share their information with providers that they trust. On the other hand, the viewers would like to distribute their preferences as wide as possible so that they can enjoy more interesting and diverse services. In this paper, a privacy preserving system for integrated broadcast-broadband service is proposed. The system allows viewers to share their personal information with service providers that satisfy certain criteria (possess certain attributes). An implementation of the system using a previously proposed attribute-based encryption scheme is given and the computation cost of the system is examined in practice. Using the system, a viewer can safely receive personalized services from a large number of service providers.

Trade-off traitor tracing

There has been a wide ranging discussion on the contents copyright protection in digital contents distribution systems. Fiat and Tassa proposed the framework of dynamic traitor tracing. Their framework requires dynamic computation transactions according to the realtime responses of the pirate, and it presumes real-time observation of contents redistribution and therefore cannot be simply utilized in an application where such an assumption is not valid. In this paper, we propose a new scheme that not only provides the advantages of dynamic traitor tracing schemes but also overcomes their problems.

Watermarking for HEVC/H.265 stream

Some video watermarking methods have been proposed that embed information into compressed video streams. When the compression scheme is an MPEG2-Video, its codes are almost pre-defined by using the coding tables, and therefore, information embedding in the compressed stream is possible by substituting some of the codes. On the other hand, HEVC/H.265 uses a kind of arithmetic coding (CABAC [5]) and it is not easy to substitute a code with another one in a stream. We thus propose a watermarking method for HEVC/H.265 video streams that embeds information while encoding the video.

Chosen Ciphertext Secure Public Key Encryption with a Simple Structure

In this paper, we present a new public key encryption schemewith an easy-to-understand structure. More specifically, in theproposed scheme, for fixed group elements g 1 ,...,g 𝓁 in the public keya sender computes only

Traitor Tracing Scheme Secure against Adaptive Key Exposure and its Application to Anywhere TV Service

g_1^r,\ldots,g_\ell^r

A secure traitor tracing scheme against key exposure

for encryption wherer is a single random number. Due to this simple structure,its security proof becomes very short (and one would easilyunderstand the simulators behavior for simultaneously dealing withembedding a hard problem and simulating a decryption oracle). Ourproposed scheme is provably chosen-ciphertext secure under the gapDiffie-Hellman assumption (without random oracles). A drawback ofour scheme is that its ciphertext is much longer than knownpractical schemes. We also propose a modification of our schemewith improved efficiency.

Application authentication for hybrid services of broadcasting and communications networks

Copyright protection is a major issue in distributing content on Internet or broadcasting service. One well-known method of protecting copyright is a traitor tracing scheme. With this scheme, if a pirate decoder is made, the content provider can check the secret key contained in it and trace the authorized user/subscriber (traitor). Furthermore, users require that they could obtain services anywhere they want (Anywhere TV). For this purpose, they would need to take along their secret keys and therefore key exposure has to be kept in mind. As one of countermeasures against key exposure, a forward secure public key cryptosystem has been developed. In this system, the user secret key remains valid for a limited period of time. It means that even if it is exposed, the user would be affected only for the limited time period. In this paper, we propose a traitor tracing scheme secure against adaptive key exposure (TTaKE) which contains the properties of both a traitor tracing scheme and a forward secure public key cryptosystem. It is constructed by using two polynomials with two variables to generate user secret keys. Its security proof is constructed from scratch. Moreover we confirmed its efficiency through comparisons. Finally, we show the way how its building blocks can be applied to anywhere TV service. Its structure fits current broadcasting systems.