Yuji Watanabe

Reducing the round complexity of a sealed-bid auction protocol with an off-line TTP

We present a new sealed-bid auction protocol that allows an auctioneer to determine the winning bid in a universally veri able way and simultaneously prevents not only bidders but also an auctioneer from getting any useful information of bids of losers. We make use of a trusted third party(TTP) but in an optimistic sense[1][2], i.e., the TTP takes part in the protocol only if one bidder cheats or simply crashes. Previous schemes[3][4] require the bidders help during opening procedures. On the other hand, our protocol is quite eÆcient since a bidder takes part only at the beginning. More importantly, our scheme is robust against cheating bidders; i.e. any deviation of bidders cannot prevent the auctioneer from determining the auction. A strati ed distributed encryption-key chaining mechanism and a veri able encryption protocol are employed as building blocks. To the best of our knowledge, this work is the rst construction of a universally veri able bid-privacy preserving sealed-bid auction protocol with an o -line TTP.

Efficient Asymmetric Public-Key Traitor Tracing without Trusted Agents

A new scheme of asymmetric public-key traitor tracing without involvement of trusted third parties will be discussed in our dissertation. Previously, an efficient construction of asymmetric public-key tracing scheme was also presented by Kurosawa and Desmedt, however, their scheme required the involvement of the third trusted party(s) known as agent(s). As far as we know, our scheme is the first concrete construction of a practical asymmetric public-key traitor tracing that does not rely on trusted agents. Moreover, our protocol contains other desirable features: (direct non-repudiation, full frameproof, and black-box traceability for asymmetric scheme) that the previous public-key traitor tracing schemes did not offer. In order to eliminate the dependencies of the trusted agents, we use a novel primitive, recently invented by Naor and Pinkas called, oblivious polynomial evaluation.

Efficient Asymmetric Self-Enforcement Scheme with Public Traceability

Traitor tracing schemes deter traitors from giving away their keys to decrypt the contents by enabling the data supplier to identify the source of a redistributed copy. In asymmetric schemes, the supplier can also convince an arbiter of this fact. n nAnother approach to the same goal was suggested by Dwork, Lotspiech and Naor, so called self-enforcement schemes. In these schemes, traitors have to either divulge their private sensitive information or distribute fairly large amount of data. However, the same private information must be revealed to the data supplier, which invokes the necessity of more discussion about the model underlying this scheme. n nIn this paper, we present an efficient asymmetric self-enforcement scheme, which also supports the asymmetric traceability without any trusted third parties, assuming the situation where the authenticity of the exponent of each subscribers sensitive information bound to the subject entity is publicly certified, such as PKI derived from discrete logarithm based cryptosystems. In our scheme, the sensitive information needs not to be revealed to any entities. As far as we know, there has never been any proposal of asymmetric self-enforcement schemes. Furthermore, our scheme is as efficient as the previous most efficient symmetric or asymmetric traitor tracing schemes proposed so far.

Structure of a dominant-negative helix-loop-helix transcriptional regulator suggests mechanisms of autoinhibition.

Helix‐loop‐helix (HLH) family transcription factors regulate numerous developmental and homeostatic processes. Dominant‐negative HLH (dnHLH) proteins lack DNA‐binding ability and capture basic HLH (bHLH) transcription factors to inhibit cellular differentiation and enhance cell proliferation and motility, thus participating in patho‐physiological processes. We report the first structure of a free‐standing human dnHLH protein, HHM (Human homologue of murine maternal Id‐like molecule). HHM adopts a V‐shaped conformation, with N‐terminal and C‐terminal five‐helix bundles connected by the HLH region. In striking contrast to the common HLH, the HLH region in HHM is extended, with its hydrophobic dimerization interfaces embedded in the N‐ and C‐terminal helix bundles. Biochemical and physicochemical analyses revealed that HHM exists in slow equilibrium between this V‐shaped form and the partially unfolded, relaxed form. The latter form is readily available for interactions with its target bHLH transcription factors. Mutations disrupting the interactions in the V‐shaped form compromised the target transcription factor specificity and accelerated myogenic cell differentiation. Therefore, the V‐shaped form of HHM may represent an autoinhibited state, and the dynamic conformational equilibrium may control the target specificity.

Traitor traceable signature scheme

A new signature scheme, traitor traceable signature scheme is presented, which allows the signer to convince any arbiter of the recipients infringement, if the recipient distributes illegally the signature which he got. We use the techniques of a proof of knowledge of discrete logarithm, identification of double spender in an off-line electronic cash, and a signcryption scheme. Our scheme consists of a 3-move and it is more compact and efficient compared with the previous scheme, due to the elimination of the cumbersome cut-and-choose like techniques. Moreover, our accusation protocol does not require the private-key of the recipient of the signature, i.e., the signer can convince any arbiter of the recipients infringement without the help of the original recipient.

Unsteady Behavior of a Rising Bubble in Contaminated Water

In the present study, we investigate the effect of contaminant to the motion of a rising bubble. As is well-known, a bubble in contaminated water rises much slower than that in pure water and the rising velocity in contaminated system can be less than a half of that in pure system. Further, Zhang & Finch [1] recently reported very interesting phenomenon through experiment. They reported that transient distance to reach steady terminal velocity also strongly depends on the surfactant concentration in bulk liquid. Here, we conducted numerical simulations of rising bubble related to this phenomenon, taking “Marangoni effect” into account. We also conducted the experiment related to this phenomenon, using super-purified water with the addition of various amount of three kinds of surfactants (1-pentanol, 3-pentanol and Triton X-100). It is shown that the present numerical results represent the experimental results well and that the transient phenomenon largely depends on the surfactant characteristics.Copyright

Shared Generation of Random Number with Timestamp: How to Cope with the Leakage of the CA's Secret

Public-key certificates play an important role in a public-key cryptosystem. In a public-key infrastructure, it is a presupposition that only the issuer of a signature knows the signing key. Since the security of all clients of the CA depends on the secrecy of the CAs signing-key, CAs will pose an attractive target for break-ins[1][2]. n nOnce there is a leakage of information on the signing key, the whole system has to be reconstructed as quickly as possible in order to prevent the spread of damage. However, it requires a long time to reconstruct all certificates, because it involves large computation and communication. In this paper, we present a practical solution to cope with the leakage of the CAs signing-key. In our protocol, two random number generators (RNG) generate distinct random numbers, and combine them to a random number utilized in the signature algorithm and the timestamp which cannot be forged without revealing the secret of both RNG. A verifier can check the timestamp and verify validity and time when the random number has been generated. That is, it is impossible for adversaries to forge arbitrary certificates without revealing the secret of both RNGs. n nWe show a concrete protocol suitable for a digital signature scheme based on the discrete logarithm.

Active Rebooting Method for Proactivized System: How to Enhance the Security against Latent Virus Attacks

The notion of proactive security of basic primitives and cryptosystems was introduced in order to tolerate a very strong mobile adversary[1][2][3][4]. However, even though proactive maintenance is employed, it is a hard problem to detect the viruses which are skillfully developed and latent in the memory of servers. n nWe introduce a new type of virus attacks, called latent virus attack, in which viruses reside in the intruded server and wait for the chance for viruses colluding with each other to intrude more than the threshold of servers. n nThe main subject of this paper is to analyze the resilience of proactive system against latent virus attacks and present how to enhance the security against such virus attacks. n nAt first, we estimate the robustness of proactivized systems against this attack by probabilistic analysis. As a result, we show that if the virus detection rate is higher than a certain threshold, it is possible for proactive maintenance to make the system robust, while, if less than the threshold, the failure probability of the system is dependent only on the virus infection rate. n nIn order to enhance the resilience against such virus attacks, we propose the notion of active rebooting, in which the system performs the reboot procedure on a predetermined number of servers in the total independence of servers being infected or not. We estimate the security of proactive maintenance with active rebooting by extending the probabilistic model of proactive maintenance. As a result, we show that active rebooting enables us not only to enhance the security against the viruses with higher infection rate, but also to make the system robust even in the case of a low detection rate. Moreover, we show that it is effective even in the case the number of servers which are forced to carry out the reboot operation every update phase is comparatively small.