Shingo Hasegawa

On the pseudo-freeness and the CDH assumption

The notion of pseudo-free group was first introduced by Hohenberger (Master’s thesis, EECS Dept., MIT, 2003). Rivest (TCC 2004. LNCS 2951, 505–521, 2004) formalized it and showed that several standard cryptographic assumptions hold on pseudo-free groups, such as the RSA assumption, the strong RSA assumption and the discrete logarithm assumption. Rivest (TCC 2004. LNCS 2951, 505–521, 2004) also proposed some variations of pseudo-free group, and those were formalized by Hirano and Tanaka (Research Reports, Series C: Computer Science, C-239, Tokyo Institute of Technology, 2007). In this paper, we study the relationships among such variations of pseudo-free group. We show that the pseudo-freeness implies the weak pseudo-freeness, and that the pseudo-freeness is equivalent to the pseudo-freeness with generalized exponential expressions. We also show that the computational Diffie-Hellman assumption holds on pseudo-free groups in a slightly varied form.

A Proposal of a Secure P2P-Type Storage Scheme by Using the Secret Sharing and the Blockchain

We propose a new secure online storage scheme based on an open P2P network without a central server. In the proposed scheme, attackers cannot detect target user data in the online storage because the user data is divided into some parts by the secret sharing, and they are distributed to P2P nodes via the anonymous communication. The proposed scheme can prevent the direct attack on the target user node because metadata for the reconstruction also hidden in the online storage, hence nothing remains in the user node. Even if the state of the P2P network varies over time between the storing and restoring operation, the proposed scheme ensures that the user can identify the target nodes which stored his metadata by utilizing the Blockchain technology with only memorable secure information for user authentication. Furthermore, a malicious node to attack on others can be detected and ruled out by the mutual monitoring among the nodes and the majority decision rule.

Impossibility on the Provable Security of the Fiat-Shamir-Type Signatures in the Non-programmable Random Oracle Model

On the security of Fiat-Shamir (FS) type signatures, some negative circumstantial evidences were given in the non-programmable random oracle model (NPROM). Fischlin and Fleischhacker first showed an impossibility for specific FS-type signatures via a single-instance reduction. In ISC 2015, Fukumitsu and Hasegawa found another conditions to prove such an impossibility, however their result requires a strong condition on a reduction, i.e. a key-preserving reduction. In this paper, we focus on a non-key-preserving reduction, and then we show that an FS-type signature cannot be proven to be secure in the NPROM via a sequentially multi-instance reduction from the security of the underlying ID scheme. Our result can be interpreted as a generalization of the two impossibility results introduced above.

On the Impossibility of Proving Security of Strong-RSA Signatures via the RSA Assumption

We pose a question whether or not the standard RSA assumption is sufficient to prove the security of the strong RSA-based (SRSA-based, for short) signatures. In this paper, we show a negative circumstantial evidence for the question. Namely, several SRSA-based signatures cannot be proven to be sEUF-CMA, or even EUF-KOA, under the RSA assumption as far as a modulus-preserving algebraic reduction is concerned. Our result is obtained as an important application of the adaptive pseudo-free group introduced by Catalano, Fiore and Warinschi that can be regarded as an abstract framework of signatures. We in fact show that the adaptive pseudo-freeness of the RSA group (mathbb{Z}_N^times) cannot be proven from the RSA assumption via such reductions.

Toward Separating the Strong Adaptive Pseudo-freeness from the Strong RSA Assumption

The notion of pseudo-freeness of a group was introduced by Hohenberger, and formalized by Rivest in order to unify cryptographic assumptions. Catalano, Fiore and Warinschi proposed the adaptive pseudo-free group as a generalization of pseudo-free group. They showed that the RSA group (mathbb{Z}_N^times) is pseudo-free even if the adversary against pseudo-freeness is allowed to operate adaptively, provided that the adaptive behavior of the adversary is restricted by some specific parametric distribution. They also proposed the notion of strong adaptive pseudo-freeness in which the adaptive behavior of the adversary is not restricted. However, it remains open whether (mathbb{Z}_N^times) is also strongly-adaptive pseudo-free under the strong RSA (SRSA) assumption.

A Proposal of a Password Manager Satisfying Security and Usability by Using the Secret Sharing and a Personal Server

Password managers protect users passwords by using a master password or a security token. The security of them using the master password is weakened if users use weak master passwords. The usability of them using the security token is low since users always need the token to log in. In this paper, we propose a new framework of password managers which has a high security and a high usability by employing the secret sharing and a personal servers for a user.

NPMV-Complete Functions That Compute Discrete Logarithms and Integer Factorization

We define two functions fDL and fIF in NPMV, the class of all partial, multivalued functions computed nondeterministically in polynomial time. We prove that they are complete for NPMV, and show that (a) computing discrete logarithms modulo a prime reduces to fDL, and (b) computing integer factorization reduces to fIF. These are the first complete functions that have explicit reductions from significant cryptographic primitives.

Impossibility of the Provable Security of the Schnorr Signature from the One-More DL Assumption in the Non-programmable Random Oracle Model

The security of the Schnorr signature was widely discussed. In the random oracle model (ROM), it is provable from the DL assumption, whereas there is a negative circumstantial evidence in the standard model. Fleischhacker, Jager and Schroder showed that the tight security of the Schnorr signature is unprovable from a strong cryptographic assumption, such as the One-more DL (OM-DL) assumption and the computational and decisional Diffie-Hellman assumption, in the ROM via a generic reduction as long as the underlying cryptographic assumption holds. However, it remains open whether or not the impossibility of the provable security of the Schnorr signature from a strong assumption via a non-tight and reasonable reduction. In this paper, we show that the security of the Schnorr signature is unprovable from the OM-DL assumption in the non-programmable ROM as long as the OM-DL assumption holds. Our impossibility result is proven via a non-tight and non-restricted Turing reduction.

Making Cryptographic Primitives Harder

This paper studies a method for transforming ordinary cryptographic primitives to new harder primitives. Such a method is expected to lead to general schemes that make present cryptosystems secure against the attack of quantum computers. We propose a general technique to construct a new function from an ordinary primitive function f with a help of another hard function g so that the resulting function is to be new hard primitives. We call this technique a lifting of f by g. We show that the lifted function is harder than original functions under some simple conditions.