Title: An introduction to Cryptographical Research at the Tokyo Institute of Technology

Speakers:

(I) Professor Keisuke Tanaka, Tokyo Institute of Technology
(II) Ai Ishida, Tokyo Institute of Technology
(III) Fuyuki Kitagawa, Tokyo Institute of Technology

Time/Date: Tuesday March 15, 2-3 PM

Location: Room 1504

Abstract:

Part I: Short introduction to the cryptographical research in the
Tanaka lab at the Tokyo Institute of Technology.

Part II: Group signatures, which is one of digital signatures have
been an active research topic in cryptography. Group signatures allow
members of a group to anonymously sign messages on behalf of the
group. In order to prevent abuses, a group manager (called opener) is
able to identify the signer of a signature.  Full anonymity is a form
of anonymity which is a security requirement of group
signatures. Intuitively, full anonymity requires that any adversary
except for the opener cannot extract the signer's information from a
signature. A full anonymous group signature scheme can be constructed
from a public-key encryption scheme, a signature scheme, and an
non-interactive zero-knowledge proof system.  Full anonymity is the
most popular anonymity notion of group signatures. However it is
slightly too strong since full anonymity requires that for a
signature, even the signer of that signature is not able to know
whether the signature is produced by him/her or not.  In this work, we
construct a group signature scheme from weaker primitives than those
used in the construction of a full anonymous group signature scheme by
requiring selfless anonymity instead of full anonymity of group
signatures. Selfless anonymity requires that any adversary except for
the opener and the signer cannot extract the signer's information from
a signature.

Part III: In PKC 1999, Fujisaki and Okamoto showed how to convert any
public key encryption (PKE) scheme secure against chosen plaintext
attacks (CPA) to a PKE scheme which is secure against chosen
ciphertext attacks (CCA) in the random oracle model. Surprisingly, the
resulting CCA secure scheme has almost the same efficiency as the
underlying CPA secure scheme. Moreover, in J. Cryptology 2013, they
proposed the more efficient conversion by using the hybrid encryption
framework.  In this work, we clarify whether these two constructions
are also secure in the sense of key dependent message security against
chosen ciphertext attacks (KDM-CCA security), under exactly the same
assumptions on the building blocks as those used by Fujisaki and
Okamoto. Specifically, we show two results: Firstly, we show that the
construction proposed in PKC 1999 does not satisfy KDM-CCA security
generally. Secondly, on the other hand, we show that the construction
proposed in J. Cryptology 2013 satisfies KDM-CCA security.

Biography

I: Keisuke Tanaka is currently a professor at the Tokyo Institute of Technology

II: Ai Ishida received her B.S. and M.S. degrees from the Tokyo
Institute of Technology in 2013 and 2015, respectively. She is now a
first grade Ph.D. student at the Tokyo Institute of Technology. She
received Lthe A/EATCS Best Presentation Award from EATCS Japan Chapter
in 2015 and the SCIS Paper Prize from IEICE in 2015.

III: Fuyuki Kitagawa recieved his bachelor's degree in Science from
the Department of Information Science, Tokyo Institute of Technology
in 2014. Currently, he is attending a Msters course in the Department
of Mathematical and Computing Science, Tokyo Institute of
Technology. He is interested in the research of public key
cryptography and provable security.