Mitsugu Iwamoto

Information Theoretic Security for Encryption Based on Conditional Renyi Entropies

In this paper, information theoretic cryptography is discussed based on conditional Renyi entropies. Our discussion focuses not only on cryptography but also on the definitions of conditional Renyi entropies and the related information theoretic inequalities. First, we revisit conditional Renyi entropies, and clarify what kind of properties are required and actually satisfied. Then, we propose security criteria based on Renyi entropies, which suggests us deep relations between (conditional) Renyi entropies and error probabilities by using several guessing strategies. Based on these results, unified proof of impossibility, namely, the lower bounds on key sizes are derived based on conditional Renyi entropies. Our model and lower bounds include the Shannon’s perfect secrecy, and the min-entropy based encryption presented by Dodis, and Alimomeni and Safavi-Naini at ICITS2012. Finally, a new optimal symmetric key encryption protocol achieving the lower bounds is proposed.

Quantum secret sharing schemes and reversibility of quantum operations

Quantum secret sharing schemes encrypting a quantum state into a multipartite entangled state are treated. The lower bound on the dimension of each share given by Gottesman [Phys. Rev. A 61, 042311 (2000)] is revisited based on a relation between the reversibility of quantum operations and the Holevo information. We also propose a threshold ramp quantum secret sharing scheme and evaluate its coding efficiency.

Information-Theoretic Approach to Optimal Differential Fault Analysis

This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retrieve the secret internal information, e.g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA at tacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.

Strongly secure ramp secret sharing schemes for general access structures

Ramp secret sharing (SS) schemes can be classified into strong ramp SS schemes and weak ramp SS schemes. The strong ramp SS schemes do not leak out any part of a secret explicitly even in the case that some information about the secret leaks out from some set of shares, and hence, they are more desirable than the weak ramp SS schemes. In this paper, it is shown that for any feasible general access structure, a strong ramp SS scheme can be constructed from a partially decryptable ramp SS scheme, which can be considered as a kind of SS scheme with plural secrets. As a byproduct, it is pointed out that threshold ramp SS schemes based on Shamirs polynomial interpolation method are not always strong.

Uniqueness enhancement of PUF responses based on the locations of random outputting RS latches

Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, PUFs are considered to be more secure the larger their output entropy. However, the entropy of conventional PUFs is lower than the output bit length, because some output bits are random numbers, which are regarded as unnecessary for ID generation and discarded. We propose a novel PUF structure based on a Butterfly PUF with multiple RS latches, which generates larger entropy by utilizing location information of the RS latches generating random numbers. More specifically, while conventional PUFs generate binary values (0/1), the proposed PUF generates ternary values (0/1/random) in order to increase entropy. We estimate the entropy of the proposed PUF. According to our experiment with 40 FPGAs, a Butterfly PUF with 128 RS latches can improve entropy from 116 bits to 192.7 bits, this being maximized when the frequency of each ternary value is equal. We also show the appropriate RS latch structure for satisfying this condition, and validate it through an FPGA experiment.

Optimal Multiple Assignments Based on Integer Programming in Secret Sharing Schemes with General Access Structures*This paper was presented at the technical meeting on ISEC of IEICE, 2003, and the IEEE International Symposium on Information Theory, 2004.

This paper shows the derivation procedure of optimal secret sharing scheme (SSS) for a given access structure in the multiple assignment schemes based on integer programming.

Security notions for information theoretically secure encryptions

This paper is concerned with several security notions for information theoretically secure encryptions defined by the variational (statistical) distance. To ensure the perfect secrecy (PS), the mutual information is often used to evaluate the statistical independence between a message and a cryptogram. On the other hand, in order to recognize the information theoretically secure encryptions and computationally secure ones comprehensively, it is necessary to reconsider the notion of PS in terms of the variational distance. However, based on the variational distance, three kinds of definitions for PS are naturally introduced, but their relations are not known. In this paper, we clarify that one of three definitions for PS with the variational distance, which is a straightforward extension of Shannons perfect secrecy, is stronger than the others, and the weaker two definitions of PS are essentially equivalent to the statistical versions of indistinguishability and semantic security.

Limited-Birthday Distinguishers for Hash Functions

In this article, we investigate the use of limited-birthday distinguishers to the context of hash functions. We first provide a proper understanding of the limited-birthday problem and demonstrate its soundness by using a new security notion Differential Target Collision Resistance (dTCR) that is related to the classical Target Collision Resistance (TCR) notion. We then solve an open problem and close the existing security gap by proving that the best known generic attack proposed at FSE 2010 for the limited-birthday problem is indeed the best possible method.

Privacy-preserving smart metering with verifiability for both billing and energy management

In smart grid systems, security and privacy prevention is great concerns. The suppliers of the power in smart grid systems demand to know the consumption of each customer for correctly calculating billing price and the total amount of consumption in a certain region for managing energy supply adopted real-time needs. On the other hand, the customer of the power desires to hide his/her own consumption profile, since it contains privacy information of the customer. However, hiding the consumption allows customers to reduce billing price. Previous privacy-preserving smart metering schemes provide only one of billing or energy management functionality, or even if both of them are achieved, these schemes cannot verify the integrity of the consumption issued by the smart meter. We propose a novel smart metering scheme that provides both of billing and energy management functionality, as well as verifiability of the integrity of total amount of the consumption or billing price.

A new mode of operation for arbiter PUF to improve uniqueness on FPGA

Arbiter-based Physically Unclonable Function (PUF) is one kind of the delay-based PUFs that use the time difference of two delay-line signals. One of the previous work suggests that Arbiter PUFs implemented on Xilinx Virtex-5 FPGAs generate responses with almost no difference, i.e. with low uniqueness. In order to overcome this problem, Double Arbiter PUF was proposed, which is based on a novel technique for generating responses with high uniqueness from duplicated Arbiter PUFs on FPGAs. It needs the same costs as 2-XOR Arbiter PUF that XORs outputs of two Arbiter PUFs. Double Arbiter PUF is different from 2-XOR Arbiter PUF in terms of mode of operation for Arbiter PUF: the wire assignment between an arbiter and output signals from the final selectors located just before the arbiter. In this paper, we evaluate these PUFs as for uniqueness, randomness, and steadiness. We consider finding a new mode of operation for Arbiter PUF that can be realized on FPGA. In order to improve the uniqueness of responses, we propose 3-1 Double Arbiter PUF that has another duplicated Arbiter PUF, i.e. having 3 Arbiter PUFs and output 1-bit response. We compare 3-1 Double Arbiter PUF to 3-XOR Arbiter PUF according to the uniqueness, randomness, and steadiness, and show the difference between these PUFs by considering the mode of operation for Arbiter PUF. From our experimental results, the uniqueness of responses from 3-1 Double Arbiter PUF is approximately 50%, which is better than that from 3-XOR Arbiter PUF. We show that we can improve the uniqueness by using a new mode of operation for Arbiter PUF.