Veidruste Otsing

Monday, May 4, 2015

Kazuo Ohta



Kazuo Ohta

  1. Article

    A quantum algorithm using NMR computers to break secret-key cryptosystems

    In this paper, we discuss quantum algorithms that, for a given plaintextm o and a given ciphertextc o, will find a secret key,k o, satisfyingc o=E(k
  2. Chapter

    Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation

    Coron et al. proposed the ES-based scheme PSS-ES which realizes an encryption scheme and a signature scheme with a unique padding technique and key pair. The security of PSS-ES as an encryption scheme is based...

  1. No Access
    Article

    A new method for enhancing variety and maintaining reliability of PUF responses and its evaluation on ASICs

    Physically unclonable functions (PUFs) are expected to provide a breakthrough in anti-counterfeiting devices for secure ID generation and authentication, etc. Factory-manufactured PUFs are generally more secur...
  2. No Access
    Article

    Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

    Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been pro...
  3. No Access
    Chapter

    Constant Rounds Almost Linear Complexity Multi-party Computation for Prefix Sum

    One of research goals on multi-party computation (MPC) is to achieve both perfectly secure and efficient protocols for basic functions or operations (e.g., equality, comparison, bit decomposition, and modular ...
  4. No Access
    Chapter

    An Automated Evaluation Tool for Improved Rebound Attack: New Distinguishers and Proposals of ShiftBytes Parameters for Grøstl

    In this paper, we study the security of AES-like permutations against the improved rebound attack proposed by Jean et al. at FSE 2012 which covers three full-active rounds in the inbound phase. The attack is v...
  5. No Access
    Chapter

    Yet Another Fault-Based Leakage in Non-uniform Faulty Ciphertexts

    This paper discusses the information leakage that comes from the non-uniform distribution of the faulty calculation results for hardware AES implementations under setup-time violations. For the setup-time viol...
  6. No Access
    Chapter

    Improved Indifferentiable Security Analysis of PHOTON

    In this paper, we study the indifferentiable security of the domain extension algorithm of the PHOTON hash function that was proven to be indifferentiable from a random oracle up to ...
  7. No Access
    Chapter

    Reset Indifferentiability from Weakened Random Oracle Salvages One-Pass Hash Functions

    Ristenpart et al. (EUROCRYPT 2011) showed that the indifferentiability theorem of Maurer et al. (TCC 2004) does not cover all multi-stage security notions; it only covers single-stage security notions. They de...
  8. Open Access
    Article

    Variety enhancement of PUF responses using the locations of random outputting RS latches

    Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, manufactured PUFs are considered to be more secure when the pat...
  9. No Access
    Chapter

    An Extension of Fault Sensitivity Analysis Based on Clockwise Collision

    This paper proposes an extension of fault sensitivity analysis based on clockwise collision. The original FSA attack uses the fault injections to exploit the sensitivity of calculations against the fault injectio...
  10. No Access
    Chapter

    Exploring the Relations between Fault Sensitivity and Power Consumption

    This paper qualitatively explores the relations between two kinds of side-channel leakages, i.e., the fault sensitivity (FS) and the power consumption. The FS is a relatively new active side-channel leakage, w...
  11. No Access
    Chapter

    Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher

    In 2011, Li et al. proposed a series of side-channel attacks that are related to a fundamental side-channel leakage source called clockwise collision. This paper discloses the fact that hardware implementations o...
  12. No Access
    Chapter

    New Truncated Differential Cryptanalysis on 3D Block Cipher

    This paper presents 11- and 13-round key-recovery attacks on block cipher 3D with the truncated differential cryptanalysis, while the previous best key-recovery attack broke only 10 rounds with the impossible ...
  13. No Access
    Chapter

    Fault Injection and Key Retrieval Experiments on an Evaluation Board

    This chapter presents fault injection experiments using a side-channel evaluation board called SASEBO, which was developed to unify testing environments for side-channel analysis. We describe experiments where...
  14. No Access
    Chapter

    Polynomial-Advantage Cryptanalysis of 3D Cipher and 3D-Based Hash Function

    This paper evaluates a block cipher mode, whose round functions of both the key schedule and the encryption process are independent of the round indexes. Previously related-key attack has been applied to such ...
  15. No Access
    Chapter

    Proxiable Designated Verifier Signature

    Designated Verifier Signature (DVS) guarantees that only a verifier designated by a signer can verify the “validity of a signature”. In this paper, we propose a new variant of DVS; Proxiable Designated Verifier S...
  16. No Access
    Chapter

    Boomerang Distinguishers for Full HAS-160 Compression Function

    This paper studies a boomerang-attack-based distinguisher against full steps of the compression function of HAS-160, which is the hash function standard in Korea. The attack produces a second-order collision f...
  17. No Access
    Chapter

    A Study on Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication

    Formal verification of cryptographic protocols has a long history with a great number of successful verification tools created. Recent progress in formal verification theory has brought more powerful tools cap...
  18. No Access
    Chapter

    On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

    We identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, we highlight that even if a scheme provably mee...
  19. No Access
    Chapter

    Three-Subset Meet-in-the-Middle Attack on Reduced XTEA

    This paper presents an improved single-key attack on a block-cipher XTEA by using the three-subset meet-in-the-middle (MitM) attack. Firstly, a technique on a generic block-cipher is discussed. It points out t...
  20. No Access
    Chapter

    (Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach

    This paper uses new types of local collisions named one-message-word local collisions to construct meet-in-the-middle preimage attacks on two double-branch hash functions RIPEMD and RIPEMD-128, and obtains the fo...

  1. No Access
    Chapter

    Combination of SW Countermeasure and CPU Modification on FPGA against Power Analysis

    This paper presents a design flow for secure software (SW) implementations of cryptographic algorithms against Side-Channel Attacks (SCAs) by using a CPU modification. The development of countermeasures to inc...
  2. Chapter

    On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting

    At CHES 2010 two powerful new attacks were presented, namely the Fault Sensitivity Analysis and the Correlation Collision Attack. This paper shows how these ideas can be combined to create even stronger attack...
  3. Chapter

    Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches

    Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, PUFs are considered to be more secure the larger their output e...
  4. No Access
    Chapter

    Rigorous Security Requirements for Designated Verifier Signatures

    In this paper, we point out that previous security models for the Designated Verifier Signature (DVS) are not sufficient because some serious problems may be caused such that the verifier cannot confirm the va...
  5. No Access
    Chapter

    Security of Practical Cryptosystems Using Merkle-Damgård Hash Function in the Ideal Cipher Model

    In this paper, we clarify the security of practical cryptosystems with hash functions based on key derivation functions (KDFs). We use the indifferentiability framework in order to discuss the security because...
  6. No Access
    Chapter

    Ciphertext-Policy Delegatable Hidden Vector Encryption and Its Application to Searchable Encryption in Multi-user Setting

    We propose a new type of hidden vector encryption (HVE) schemes that we call a ciphertext-policy delegatable hidden vector encryption (CP-dHVE) scheme. Several HVE or delegatable HVE schemes have already been pro...
  7. No Access
    Chapter

    Experimental Verification of Super-Sbox Analysis — Confirmation of Detailed Attack Complexity

    This paper implements the super-sbox analysis on 8-round AES proposed by Gilbert and Peyrin in order to verify its correctness and the attack cost. The attack consists of three parts; the first outbound phase,...
  8. Chapter

    Fault Sensitivity Analysis

    This paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values ...
  9. No Access
    Chapter

    A Generic Method for Reducing Ciphertext Length of Reproducible KEMs in the RO Model

    In this paper, a simple generic method is proposed which can make a key encapsulation mechanism (KEM) more efficient. While the original KEM needs to be OW-CCCA secure and to satisfy reproducibility, the transfor...
  10. No Access
    Chapter

    Improving Efficiency of an ‘On the Fly’ Identification Scheme by Perfecting Zero-Knowledgeness

    We present a new methodology for constructing an efficient identification scheme, and based on it, we propose a lightweight identification scheme whose computational and storage costs are sufficiently low even...
  11. Chapter

    Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl

    In this paper, we present non-full-active Super-Sbox analysis which can detect non-ideal properties of a class of AES-based permutations with a low complexity. We apply this framework to SHA-3 round-2 candidates ...
  12. No Access
    Chapter

    Secret Handshake: Strong Anonymity Definition and Construction

    Secret handshake allows two members in the same group to authenticate each other secretly. In previous works of secret handshake schemes, two types of anonymities against the group authority (GA) of a group G are...
  13. No Access
    Chapter

    Sanitizable and Deletable Signature

    Recently, the sanitizable signature attracts much attention since it allows to modify (sanitize) the document for hiding partial information without keeping the integrity of the disclosed subdocuments. Sanitiz...
  14. No Access
    Chapter

    Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition

    Secret Handshake protocol allows members of the same group to authenticate each other secretly, that is, two members who belong to the same group can learn counterpart is in the same group, while non-member of...
  15. No Access
    Chapter

    Fault Analysis Attack against an AES Prototype Chip Using RSL

    This paper reports a successful Fault Analysis (FA) attack against a prototype AES (Advanced Encryption Standard) hardware implementation using a logic-level countermeasure called Random Switching Logic (RSL)....
  16. No Access
    Chapter

    Security Evaluation of a DPA-Resistant S-Box Based on the Fourier Transform

    At CHES 2006, Prouff et al. proposed a novel S-box calculation based on the discrete Fourier transform as a first-order DPA countermeasure. At CHES 2008, Coron et al. showed that the original countermeasure can b...
  17. Chapter

    How to Confirm Cryptosystems Security: The Original Merkle-Damgård Is Still Alive!

    At Crypto 2005, Coron et al. showed that Merkle-Damgård hash function (MDHF) with a fixed input length random oracle is not indifferentiable from a random oracle RO due to the extension attack. Namely MDHF does n...
  18. No Access
    Chapter

    Algorithmic Tamper Proof (ATP) Counter Units for Authentication Devices Using PIN

    Though Gennaro et al. discussed the algorithmic tamper proof (ATP) devices using the personal identification number (PIN) with less tamper-proof devices, and proposed counter units which count the number of wr...
  19. No Access
    Chapter

    Bit-Free Collision: Application to APOP Attack

    This paper proposes a new variant of collisions on hash functions named bit-free collision, which can be applied to reduce the number of chosen challenges in password recovery attacks on hash-based challenge and ...
  20. No Access
    Chapter

    Leaky Random Oracle (Extended Abstract)

    This work focuses on vulnerability of hash functions due to sloppy usage or implementation in the real world. If our cryptographic research community succeeded in development of perfectly secure random functio...
     
  1. Chapter

    Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures

    We propose attribute-based encryption schemes where encryptor-specified access structures (also called ciphertext policies) are hidden. By using our schemes, an encryptor can encrypt data with a hidden access ...
  2. No Access
    Chapter

    Password Recovery on Challenge and Response: Impossible Differential Attack on Hash Function

    We propose practical password recovery attacks against two challenge-response authentication protocols using MD4. When a res- ponse is computed as MD4(Password||Challenge), passwords up to 12 characters are pr...
  3. No Access
    Chapter

    Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack

    In this paper, we propose an extension of the APOP attack that recovers the first 31 characters of APOP password in practical time, and theoretically recovers 61 characters. We have implemented our attack, and...
  4. Chapter

    New Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5

    At Crypto ’07, Fouque, Leurent and Nguyen presented full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5, by extending the partial key-recovery attacks of Contini and Yin from Asiacrypt ’06. Such attacks ar...
  5. No Access
    Chapter

    Secure Cross-Realm Client-to-Client Password-Based Authenticated Key Exchange Against Undetectable On-Line Dictionary Attacks

    The cross-realm client-to-client password-based authenticated key exchange (C2C-PAKE) is protocol which two clients in two different realms with different passwords exchange a session key through their corresp...
  6. No Access
    Chapter

    A New Strategy for Finding a Differential Path of SHA-1

    In this paper, we propose a new construction algorithm for finding differential paths of Round 1 of SHA-1 for use in the collision search attack. Generally, the differential path of Round 1 is very complex, and i...
  7. No Access
    Chapter

    Modeling Agreement Problems in the Universal Composability Framework

    Agreement problems are one of the keys to distributed computing. In this paper, we propose a construction of the ideal-model functionality of one of the most important agreement problems, non-blocking atomic c...
  8. No Access
    Chapter

    A Sanitizable Signature Scheme with Aggregation

    A sanitizable signature scheme is a digital signature scheme in which, after generating a signer’s signature on a document, specific entities (called sanitizers) can modify the document for hiding partial informa...
  9. Chapter

    Multiparty Computation for Interval, Equality, and Comparison Without Bit-Decomposition Protocol

    Damgård et al. [11] showed a novel technique to convert a polynomial sharing of secret a into the sharings of the bits of a in constant rounds, which is called the bit-decomposition protocol. The bit-decompositio...
  10. Chapter

    New Message Difference for MD4

    This paper proposes several approaches to improve the collision attack on MD4 proposed by Wang et al. First, we propose a new local collision that is the best for the MD4 collision attack. Selection of a good ...
  11. No Access
    Chapter

    Factorization of Square-Free Integers with High Bits Known

    In this paper we propose an algorithm of factoring any integer N which has k different prime factors with the same bit-length, when $(...
  12. No Access
    Chapter

    Analysis on the Clockwise Transposition Routing for Dedicated Factoring Devices

    Recently, dedicated factoring devices have attracted much attention since they might be a threat for a current RSA-based cryptosystems. In some devices, the clockwise transposition routing is used as a key tec...
  13. No Access
    Chapter

    Improved Collision Attack on MD4 with Probability Almost 1

    In EUROCRYPT2005, a collision attack on MD4 was proposed by Wang, Lai, Chen, and Yu. They claimed that collision messages were found with probability 2− 6 to 2− 2, and the complexity was less than 28 MD4 hash ope...
  14. No Access
    Chapter

    Provably Secure Electronic Cash Based on Blind Multisignature Schemes

    Though various blind multisignature schemes have been proposed for secure electronic cash, the formal model of security was not discussed. This paper first formalizes the security notions for e-cash schemes ba...
  15. No Access
    Chapter

    Formal Security Model of Multisignatures

    A multisignature scheme enables multiple signers to cooperate to generate one signature for some message. The aim of the multisignatures is to decrease the total length of the signature and/or the signing (ver...
  16. No Access
    Chapter

    Toward the Fair Anonymous Signatures: Deniable Ring Signatures

    Ring signature scheme, proposed by Rivest et al., allows a signer to sign a message anonymously. In the ring signature scheme, the signer who wants to sign a document anonymously first chooses some public keys...
  17. No Access
    Chapter

    How to Construct Sufficient Conditions for Hash Functions

    Wang et al. have proposed collision attacks for various hash functions. Their approach is to first construct a differential path, and then determine the conditions (sufficient conditions) that maintain the dif...
  18. Chapter

    Improved Collision Search for SHA-0

    At CRYPTO2005, Xiaoyun Wang, Hongbo Yu and Yiqun Lisa Yin proposed a collision attack on SHA-0 that could generate a collision with complexity 239 SHA-0 hash operations. Although the method of Wang et al. can fin...
  19. No Access
    Chapter

    On the Security of Probabilistic Multisignature Schemes and Their Optimality

    We first prove that the following three probabilistic multisignature schemes based on a trapdoor permutation have tight security; PFDH (probabilistic full domain hash) based multisignature scheme (PFDH-MSS), P...
  20. No Access
    Chapter

    Taxonomic Consideration to OAEP Variants and Their Security

    In this paper, we first model the variants of OAEP and SAEP, and establish a systematic proof technique, the comprehensive event dividing tree, and apply the technique to prove the security of the (120) variants ...


  1. No Access
    Chapter

    A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis

    In this paper, we study a strategy for constructing fast and practically secure round functions that yield suffciently small values of the maximum differential and linear probabilities p; q. We consider mn-bit ro...
  2. No Access
    Book
    Advances in Cryptology — ASIACRYPT’98

    Advances in Cryptology — ASIACRYPT’98

    International Conference on the Theory and Application of Cryptology and Information Security Beijing, China, October 18–22, 1998 Proceedings
  3. No Access
    Chapter

    Remarks on blind decryption

    This paper describes two attacks against blind decryption (decode) based on the commutative random-self reducibility and RSA systems utilizing the transformability of digital signatures proposed in
  4. Chapter

    On concrete security treatment of signatures derived from identification

    Signature schemes that are derived from three move identification schemes such as the Fiat-Shamir, Schnorr and modified ElGamal schemes are a typical class of the most practical signature schemes. The random o...
  5. Chapter

    Improving the Search Algorithm for the Best Linear Expression

    It is important to find the best linear expression to estimate the vulnerability of crytosystems to Linear Cryptanalysis. This paper presents a method to improve Matsui’s search algorithm which determines the ...
  6. No Access
    Article

    Nationwide randomized comparative study of daunorubicin and aclarubicin in combination with behenoyl cytosine arabinoside, 6-mercaptopurine, and prednisolone for previously untreated acute myeloid leukemia

    Aclarubicin was evaluated in combination chemotherapy for adult acute myeloid leukemia in a randomized trial involving 58 institutions throughout Japan. Behenoyl cytosine arabinoside (BH-AC)•daunorubicin, 6-me...
  7. Chapter

    Linear Cryptanalysis of the Fast Data Encipherment Algorithm

    This paper discusses the security of the Fast Data Encipherment Algorithm (FEAL) against Linear Cryptanalysis. It has been confirmed that the entire subkeys used in FEAL-8 can be derived with 225 pairs of known p...
  8. Chapter

    Differential Attack on Message Authentication Codes

    We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secr...
  9. No Access
    Chapter

    A practical secret voting scheme for large scale elections

    This paper proposes a practical secret voting scheme for large scale elections. The participants of the scheme are voters, an administrator, and a counter. The scheme ensures the privacy of the voters even if ...
  10. No Access
    Chapter

    A digital multisignature scheme based on the Fiat-Shamir scheme

    We show the sequential multisignature scheme based on the Fiat-Shamir scheme which is a slight variant of simultaneous multisignature scheme, and discuss the security of a digital multisignature scheme. The fo...
  11. No Access
    Chapter

    Results of switching-closure-test on FEAL

    The closure tests, CCT and MCT, were introduced to analyze the algebraic properties of cryptosystems by Kaliski et al. [KaRiSh]. If a cryptosystem is closed, the tests give the same results “Fail” and the cryp...
  12. Chapter

    Secure Bit Commitment Function against Divertibility

    Some zero-knowledge interactive proofs (ZKIPs) have divertibility, that is, evidence of proof issued by a genuine prover, A, can be transferred to plural verifiers, B and then C, where the intermediate verifier,
  13. Chapter

    A switching closure test to analyze cryptosystems

    The closure test MCT (meet-in-the-middle closure test) was introduced to analyze the algebraic properties of cryptosystems [KaRiSh]. Since MCT needs a large amount of memory, it is hard to implement with an ordin...
  14. Chapter

    Universal Electronic Cash

    This paper proposes the first ideal untraceable electronic cash system which solves the most crucial problem inherent with real cash and all previous untraceable electronic cash systems. The main advantage of ...
  15. Chapter

    Confirmation that Some Hash Functions Are Not Collision Free

    Hash functions are used to compress messages into digital signatures. A hash function has to be collision free; i.e., it must be computationally infeasible to construct different messages which output the same...
  16. Chapter

    Membership Authentication for Hierarchical Multigroups Using the Extended Fiat-Shamir Scheme

    We propose two membership authentication schemes that allow an authorized user to construct one master secret key for accessing the set of hierarchically ordered groups defined by the user, without releasing a...
  17. Chapter

    Direct Zero Knowledge Proofs of Computational Power in Five Rounds

    Zero-knowledge proofs of computational power have been proposed by Yung and others. In this paper, we propose an efficient (direct) and constant round (five round) construction of zero knowledge proofs of computa...
  18. Chapter

    Interactive Bi-Proof Systems and Undeniable Signature Schemes

    This paper proposes a new construction of the minimum knowledge undeniable signature scheme which solves a problem inherent in Chaum’s scheme. We formulate a new proof system, the minimum knowledge interactive bi...


  1. Chapter

    How to Utilize the Randomness of Zero-Knowledge Proofs

    In zero-knowledge interactive proofs, a lot of randomized information is exchanged between the prover and the verifier, and the randomness of the prover is used in satisfying the zero-knowledge condition. In t...
  2. No Access
    Chapter

    Meet-in-the-middle attack on digital signature schemes

    The meet-in-the-middle attack can be used for forging signatures on mixed-type digital signature schemes, and takes less time than an exhaustive attack. This paper formulates a meet-in-the-middle attack on mix...
  3. Chapter

    A Modification of the Fiat-Shamir Scheme

    Fiat-Shamir’s identification and signature scheme is efficient as well as provably secure, but it has a problem in that the transmitted information size and memory size cannot simultaneously be small. This pap...
  4. Chapter

    Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash

    In this paper, we propose a new type of authentication system, disposable zero-knowledge authentication system. Informally speaking, in this authentication system, double usage of the same authentication is preve...
  5. Chapter

    Divertible Zero Knowledge Interactive Proofs and Commutative Random Self-Reducibility

    In this paper, a new class of zero knowledge interactive proofs, a divertible zero knowledge interactive proof, is presented. Informally speaking, we call (A,B,C), a triplet of Turing machines, a divertible zero ...
  6. Chapter

    Security of Improved Identity-based Conference Key Distribution Systems

    At Crypto-87 conference, we proposed identity-based key distribution systems for generating a common secret conference key for two or more users. Protocols were shown for three configurations: a ring, a comple...
  7. Chapter

    Identity-based conference key distribution systems

    This paper proposes identity-based key distribution systems for generating a common secret conference key for two or more users. Users are connected in a ring, a complete graph, or a star network. Messages amo...
  8. No Access
    Article

    Phase I clinical and pharmacokinetic study ofN 4-behenoyl-1-β-d-arabinofuranosylcytosine

    A phase I study ofN 4-behenoyl-1-β-d-arabinofuranosylcytosine (BHAC) was conducted in 66 patients, 41 with solid tumors and 25 with hematological malignancies. The patients received either a 2-h s...