Seongan Lim

Alterations in white matter microstructures and cognitive dysfunctions in benign childhood epilepsy with centrotemporal spikes

Although benign childhood epilepsy with centrotemporal spikes (BECTS) is known to have good prognosis, patients often manifest neuropsychological impairments. This study aimed to investigate cognitive dysfunctions and their relationship with white matter microstructural changes in BECTS patients.

A short redactable signature scheme using pairing

Redactable signature schemes permit deletion of arbitrary substrings of a signed document while preserving the authenticity of the remaining document. Most of known redactable signatures based on pairing have large-sized signatures and the sizes depend on the product of security parameter and the number of blocks of the redacted document. In this paper, we present a short redactable signature scheme based on pairing. We modify Waters signature scheme to obtain an underlying standard signature defined on composite-order bilinear group. The modified scheme satisfies the unforgeability under the known message attack based on the Computational Diffie–Hellman assumption. Based on the modified Waters signature, we propose a short redactable signature that is existentially unforgeable under random message attack and weakly private. The size of the proposed scheme is 20% of known redactable signatures using aggregated pairing-based signatures when half of the message blocks are deleted. Copyright

Equivalent public keys and a key substitution attack on the schemes from vector decomposition

The vector decomposition problem has been considered as a hard problem, which is applicable to cryptography. Okamoto and Takashima proposed various types of public key cryptographic schemes based on the VDP. In this paper, we study the cryptographic implications of Okamoto-Takashima schemes with respect to the properties of public keys. In the public key cryptography, one public key is associated to a unique private key, and an action using the public key implicitly assumes that the corresponding private action can be done only with the corresponding private key. We formalize this security issue by introducing the notion of equivalent public keys. We show that equivalent public keys exist in the Okamoto-Takashima basic signature scheme and the homomorphic encryption scheme. We present a strong key substitution attack to their basic signature. We suggest how to prevent equivalent public keys and strong key substitution attack in their signature scheme. We point out that there are cases with no efficient methods to prevent equivalent public keys in their encryption scheme. Copyright

An efficient incomparable public key encryption scheme

Public keys are closely related to the identity of recipients in public key encryption setting. In privacy-sensitive applications of public key encryption, it is desirable to hide the relation between the public key and the identity of the recipient. The main functional approach in the privacy enhanced public key encryption scheme is to give anonymity of the public keys of recipients. In this case, all the users in the system are potential recipients of every ciphertext. Waters, Felten, and Sahai proposed an incomparable public key encryption scheme which guarantees the anonymity of recipients against both eavesdroppers and senders. In their scheme, all the recipients must complete the same amount of computations to identify the ciphertexts which direct to them. In this paper, we focus on reducing the number of computations for the recipients while preserving the security level of Waters et al.s scheme. Our method is to separate the decryption process into two steps, first the recipient determines whether a ciphertext is directed to him or her, and only if the direction is correct, the recipient recovers the corresponding plaintext. This improves the efficiency of the system.

An Efficient Decoding of Goppa Codes for the McEliece Cryptosystem

The McEliece cryptosystem is defined using a Goppa code, and decoding the Goppa code is a crucial step of its decryption. Pattersons decoding algorithm is the best known algorithm for decoding Goppa codes. Currently, the most efficient implementation of Pattersons algorithm uses a precomputation. In this paper, we modify Pattersons decoding algorithm so that one can remove the precomputation part while sustaining the best efficiency. Precomputations yield additional storage requirement to store the precomputed value which increases as the security level increases in McEliece cryptosystem. In the original decoding algorithm of Patterson, computing square root in a quotient field of polynomial ring over a finite field is necessary. In our modification, the computations are involved only in the arithmetics of polynomial ring over a finite field, not in the quotient field. This achieves better efficiency because one can remove polynomial reductions in the computations of quotient field.

Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky’s signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.

A Lattice Attack on Homomorphic NTRU with Non-invertible Public Keys

In 2011, Stehle and Steinfeld modified the original NTRU to get a provably IND-CPA secure NTRU under the hardness assumption of standard worst-case problems over ideal lattices. In 2012, Lopez-Alt et al. proposed the first multikey fully homomorphic encryption scheme based on the IND-CPA secure NTRU. Interestingly, this homomorphic NTRU and subsequent homomorphic variants of NTRU removed the condition ‘invertible public key’ of the underlying IND-CPA secure NTRU. In this paper, we investigate the security influence of using non-invertible public key in the homomorphic NTRU. As a result, we present how to mount a lattice attack to message recovery for the homomorphic NTRU when the public key is non-invertible. Our result suggests that using invertible public keys in the homomorphic NTRU is necessary for its security.

Security Analysis of a Certificateless Signature from Lattices

Tian and Huang proposed a lattice-based CLS scheme based on the hardness of the SIS problem and proved, in the random oracle model, that the scheme is existentially unforgeable against strong adversaries. Their security proof uses the general forking lemma under the assumption that the underlying hash function is a random oracle. We show that the hash function in the scheme is neither one-way nor collision-resistant in the view of a strong Type 1 adversary. We point out flaws in the security arguments and present attack algorithms that are successful in the strong Type 1 adversarial model using the weak properties of the hash function.

On Pairing Inversion of the Self-bilinear Map on Unknown Order Groups

A secure self-bilinear map is attractive since it can be naturally extended to a secure multi-linear map which has versatile applications in cryptography. However, it was known that a self-bilinear map on a cyclic group of a known order cannot be cryptographically secure. In 2014, Yamakawa et al. presented a self-bilinear map, the YYHK pairing, on unknown order groups by using an indistinguishability obfuscator as a building block. In this paper, we prove that the Pairing Inversion (PI) of the YYHK pairing is equivalently hard to the factorization of RSA modulus N as long as iO in the scheme is an indistinguishability obfuscator. First, we prove that the General Pairing Inversion (GPI) of the YYHK pairing \(e:G\times G\rightarrow G\) is always solvable. By using the solvability of GPI, we prove that PI and BDHP for the YYHK-pairing e are equivalently hard to CDHP in the cyclic group G. This equivalence concludes that PI for the YYHK-pairing is equivalently hard to the factorization of N.

Duplication free public keys based on SIS-type problems

Abstract In the public key cryptography, we say that two public keys are duplicated if they share a private key in common. We point out that no duplicate public keys exist in the RSA public key scheme since there is a one-to-one correspondence between the set of problems and the set of solutions for integer factorization problem. Contrary to the integer factorization problem, there is no such one-to-one correspondence with Short Integer Solution (SIS)-type problems and this necessitates to study its effect on duplicate public keys of the schemes based on SIS. In this paper, we analyze the existence of duplicate public keys with four types of SIS problem: SIS, SIS with full rank solution set, basic Inhomogeneous SIS (ISIS), ISIS with the defining matrix A as a public parameter. As a result, we show that there is no provable way to exclude duplicate public keys of the schemes based on the basic SIS, basic ISIS, and SIS with a full rank solution set. However, we show that if A is given in the systematic form and the given set of solutions forms a matrix of rank ( m − n ) over Z q , then it guarantees duplication free public keys. We also prove that the schemes based on ISIS with the matrix A as a public parameter always guarantee duplication free public keys.