An introduction to Cryptographical Research at the Tokyo Institute of Technology

Title:  "An introduction to Cryptographical Research at the Tokyo Institute
        of Technology"

Speakers:

(I)   Professor Keisuke Tanaka,  Tokyo Institute of Technology
(II)  Ai Ishida,  Tokyo Institute of Technology
(III) Fuyuki Kitagawa, Tokyo Institute of Technology

Time/Date:  Tuesday March 15,  2-3PM

Location:   Room 1504


Abstract:

Part I: Short introduction to the cryptographical research in the Tanaka 
lab at the Tokyo Institute of Technology.

Part II: Group signatures, which is one of digital signatures have been an 
active research topic in cryptography. Group signatures allow members of a 
group to anonymously sign messages on behalf of the group. In order to 
prevent abuses, a group manager (called opener) is able to identify the 
signer of a signature.  Full anonymity is a form of anonymity which is a 
security requirement of group signatures. Intuitively, full anonymity 
requires that any adversary except for the opener cannot extract the 
signer's information from a signature. A full anonymous group signature 
scheme can be constructed from a public-key encryption scheme, a signature 
scheme, and an non-interactive zero-knowledge proof system.  Full anonymity 
is the most popular anonymity notion of group signatures. However it is 
slightly too strong since full anonymity requires that for a signature, 
even the signer of that signature is not able to know whether the signature 
is produced by him/her or not.  In this work, we construct a group 
signature scheme from weaker primitives than those used in the construction 
of a full anonymous group signature scheme by requiring selfless anonymity 
instead of full anonymity of group signatures. Selfless anonymity requires 
that any adversary except for the opener and the signer cannot extract the 
signer's information from a signature.

Part III: In PKC 1999, Fujisaki and Okamoto showed how to convert any 
public key encryption (PKE) scheme secure against chosen plaintext attacks 
(CPA) to a PKE scheme which is secure against chosen ciphertext attacks 
(CCA) in the random oracle model. Surprisingly, the resulting CCA secure 
scheme has almost the same efficiency as the underlying CPA secure scheme. 
Moreover, in J. Cryptology 2013, they proposed the more efficient 
conversion by using the hybrid encryption framework.  In this work, we 
clarify whether these two constructions are also secure in the sense of key 
dependent message security against chosen ciphertext attacks (KDM-CCA 
security), under exactly the same assumptions on the building blocks as 
those used by Fujisaki and Okamoto. Specifically, we show two results: 
Firstly, we show that the construction proposed in PKC 1999 does not 
satisfy KDM-CCA security generally. Secondly, on the other hand, we show 
that the construction proposed in J. Cryptology 2013 satisfies KDM-CCA 
security.


Biography

I: Keisuke Tanaka is currently a professor at the Tokyo Institute of 
Technology

II:  Ai Ishida received her B.S. and M.S. degrees from the Tokyo Institute 
of Technology in 2013 and 2015, respectively. She is now a first grade 
Ph.D. student at the Tokyo Institute of Technology. She received Lthe 
A/EATCS Best Presentation Award from EATCS Japan Chapter in 2015 and the 
SCIS Paper Prize from IEICE in 2015.

III:  Fuyuki Kitagawa recieved his bachelor's degree in Science from the 
Department of Information Science, Tokyo Institute of Technology in 2014. 
Currently, he is attending a Msters course in the Department of 
Mathematical and Computing Science, Tokyo Institute of Technology. He is 
interested in the research of public key cryptography and provable 
security.


More information on the CSE Theory Seminars can be found at 
http://cse.hkust.edu.hk/tcsc/seminars.html