Masayuki Yoshino

Symmetric Searchable Encryption for Database Applications

This paper proposes an efficient symmetric searchable encryption to achieve indistinguishability of indexes and trapdoors. Previous symmetric searchable encryptions are either insecure because their trapdoor generation algorithms are not probabilistic or inefficient because of the heavy cost due to pairing-based computation. Our searchable encryption is the first that satisfies both requirements of efficiency and indistinguishablity (security). Furthermore, we introduce a limitation of the latest definition of indistinguishability for searchable encryption when each cell in the database is encrypted. We hereby define a new game for database usage and show that our scheme is provably secure in this new game.

Unbridle the bit-length of a crypto-coprocessor with montgomery multiplication

We present a novel approach for computing 2n-bit Montgomery multiplications with n-bit hardware Montgomery multipliers. Smartcards are usually equipped with such hardware Montgomery multipliers; however, due to progresses in factoring algorithms, the recommended bit length of public-key schemes such as RSA is steadily increasing, making the hardware quickly obsolete. Thanks to our doublesize technique, one can re-use the existing hardware while keeping pace with the latest security requirements. Unlike the other double-size techniques which rely on classical n-bit modular multipliers, our idea is tailored to take advantage of n-bit Montgomery multipliers. Thus, our technique increases the perenniality of existing products without compromises in terms of security.

Key Update Mechanism for Network Storage of Encrypted Data

Cryptography is now popularized and is widely used anywhere for many aims such as data confidentiality and integrity. The key of cryptography has a lifetime, thus a key update issue is well-known to be one of hard problems in practice. According to the National Institute of Standards and Technology SP 800-57, the lifetime of the cryptographic key and the lifetime of encrypted data are strictly limited. In other words, the encrypted data is required to be periodically re-encrypted. In this paper, we point out that this key update issue is now crucial in network storage and propose a key update mechanism efficiently reducing the communication and computation cost of re-encryption.

Double-size bipartite modular multiplication

This paper proposes new techniques of double-size bipartite multiplications with single-size bipartite modular multiplication units. Smartcards are usually equipped with crypto-coprocessors for accelerating the computation of modular multiplications, however, their operand size is limited. Security institutes such as NIST and standards such as EMV have recommended or forced to increase the bit-length of RSA cryptography over years. Therefore, techniques to compute double-size modular multiplications with single-size modular multiplication units has been studied this decade to extend the life expectancy of the low-end devices. We propose new double-size techniques based on multipliers implementing either classical or Montgomery modular multiplications, or even both simultaneously (bipartite modular multiplication), in which case one can potentially compute modular multiplications twice faster.

Bipartite modular multiplication with twice the bit-length of multipliers

This paper presents a new technique to compute 2ℓ-bit bipartite multiplications with ℓ-bit bipartite multiplication units. Low-end devices such as smartcards are usually equipped with crypto-coprocessors for accelerating the heavy computation of modular multiplications; however, security standards such as NIST and EMV have declared extending the bit length of RSA cryptosystem to resist mathematical attacks, making the multiplier quickly outdated. Therefore, the double-size techniques have been studied this decade to extend the life expectancy of such multipliers. This paper proposes new double-size techniques based on the multipliers implementing either classical or Montgomery modular multiplications, or even both simultaneously (bipartite modular multiplication), in which case one can potentially compute modular multiplications twice faster. Furthermore, in order to get a more realistic estimation than the other works, this paper considers not only the cost of the multiplication, but also the cost of the other arithmetic instructions. In our estimation, the proposal provides comparable results for classical multiplier and Montgomery multiplier, and is the only available method for the bipartite multiplier.

A Black Hen Lays White Eggs

This paper proposes novel algorithms for computing double-size modular multiplications with few modulus-dependent precomputations. Low-end devices such as smartcards are usually equipped with hardware Montgomery multipliers. However, due to progresses of mathematical attacks, security institutions such as NIST have steadily demanded longer bit-lengths for public-key cryptography, making the multipliers quickly obsolete. In an attempt to extend the lifespan of such multipliers, double-size techniques compute modular multiplications with twice the bit-length of the multipliers. Techniques are known for extending the bit-length of classical Euclidean multipliers, of Montgomery multipliers and the combination thereof, namely bipartite multipliers. However, unlike classical and bipartite multiplications, Montgomery multiplications involve modulus-dependent precomputations, which amount to a large part of an RSA encryption or signature verification. The proposed double-size technique simulates double-size multiplications based on single-size Montgomery multipliers, and yet precomputations are essentially free: in an 2048-bit RSA encryption or signature verification with public exponent e= 216+ 1, the proposal with a 1024-bit Montgomery multiplier is 1.4 times faster than the best previous technique.

Inference Attacks on Encrypted Databases Based on Order Preserving Assignment Problem

In ACM CCS 2015, Naveed et al. proposed attacks using plaintext auxiliary data for databases encrypted by ordered preserving encryption or more general property preserving encryptions. Their attacks are based on the Hungarian algorithm for solving the linear sum assignment problem (LSAP). In this work, we define a new assignment optimization problem with an additional condition of order structure and propose a search algorithm for finding its exact solution. We apply the new algorithm to attack an encrypted database in the same situation as Naveed et al. and found that our proposed method improves the success probability of the attacks compared with the attacks of Naveed et al.

Cloud Security and Privacy Metamodel - Metamodel for Security and Privacy Knowledge in Cloud Services.

Security and privacy are important in cloud services. Numerous security and privacy patterns as well as nonpattern-based knowledge such as practices and principles exist in cloud services. Selecting and combining the appropriate knowledge is difficult due to numerous options and the nature of the layered cloud stack. Herein we propose a metamodel called the Cloud Security and Privacy Metamodel (CSPM) to handle security and privacy in cloud service development and operations. CSPM can classify and support existing cloud security and privacy patterns and practices in a consistent and uniform manner. Moreover, we propose a security and privacy aware process to develop cloud system utilizing CSPM. Several case studies verify the effectiveness and usability of our approach. As a result, we confirmed effectiveness and usability of CSPM, as well as some possible future work.

How to Evaluate Contents Popularity over Oblivious Transfer

We consider the question of how to evaluate popularity of digital contents or goods over a distribution service using Oblivious Transfer (OT) protocol. The popularity of served content is the most important marketing data for data mining and analysis, but the idea of oblivious transfer is too privacy-protecting because the service provider cannot obtain any information about a users queries. In this paper, our goal is to construct an OT protocol that 1) allows a user to purchase digital content from the service provider without the provider finding out what content the user is buying, 2) prevents the user find out about any information of other contents that s/he does not ask about, and 3) enables the provider to evaluate the popularity of each piece of content. In this paper, the popularity of each piece of content is defined as the number of users who retrieve it.

Recursive Double-Size Modular Multiplications without Extra Cost for Their Quotients

A technique for computing the quotient (