More about HKUST
An introduction to Cryptographical Research at the Tokyo Institute of Technology
Title: "An introduction to Cryptographical Research at the Tokyo Institute of Technology" Speakers: (I) Professor Keisuke Tanaka, Tokyo Institute of Technology (II) Ai Ishida, Tokyo Institute of Technology (III) Fuyuki Kitagawa, Tokyo Institute of Technology Time/Date: Tuesday March 15, 2-3PM Location: Room 1504 Abstract: Part I: Short introduction to the cryptographical research in the Tanaka lab at the Tokyo Institute of Technology. Part II: Group signatures, which is one of digital signatures have been an active research topic in cryptography. Group signatures allow members of a group to anonymously sign messages on behalf of the group. In order to prevent abuses, a group manager (called opener) is able to identify the signer of a signature. Full anonymity is a form of anonymity which is a security requirement of group signatures. Intuitively, full anonymity requires that any adversary except for the opener cannot extract the signer's information from a signature. A full anonymous group signature scheme can be constructed from a public-key encryption scheme, a signature scheme, and an non-interactive zero-knowledge proof system. Full anonymity is the most popular anonymity notion of group signatures. However it is slightly too strong since full anonymity requires that for a signature, even the signer of that signature is not able to know whether the signature is produced by him/her or not. In this work, we construct a group signature scheme from weaker primitives than those used in the construction of a full anonymous group signature scheme by requiring selfless anonymity instead of full anonymity of group signatures. Selfless anonymity requires that any adversary except for the opener and the signer cannot extract the signer's information from a signature. Part III: In PKC 1999, Fujisaki and Okamoto showed how to convert any public key encryption (PKE) scheme secure against chosen plaintext attacks (CPA) to a PKE scheme which is secure against chosen ciphertext attacks (CCA) in the random oracle model. Surprisingly, the resulting CCA secure scheme has almost the same efficiency as the underlying CPA secure scheme. Moreover, in J. Cryptology 2013, they proposed the more efficient conversion by using the hybrid encryption framework. In this work, we clarify whether these two constructions are also secure in the sense of key dependent message security against chosen ciphertext attacks (KDM-CCA security), under exactly the same assumptions on the building blocks as those used by Fujisaki and Okamoto. Specifically, we show two results: Firstly, we show that the construction proposed in PKC 1999 does not satisfy KDM-CCA security generally. Secondly, on the other hand, we show that the construction proposed in J. Cryptology 2013 satisfies KDM-CCA security. Biography I: Keisuke Tanaka is currently a professor at the Tokyo Institute of Technology II: Ai Ishida received her B.S. and M.S. degrees from the Tokyo Institute of Technology in 2013 and 2015, respectively. She is now a first grade Ph.D. student at the Tokyo Institute of Technology. She received Lthe A/EATCS Best Presentation Award from EATCS Japan Chapter in 2015 and the SCIS Paper Prize from IEICE in 2015. III: Fuyuki Kitagawa recieved his bachelor's degree in Science from the Department of Information Science, Tokyo Institute of Technology in 2014. Currently, he is attending a Msters course in the Department of Mathematical and Computing Science, Tokyo Institute of Technology. He is interested in the research of public key cryptography and provable security. More information on the CSE Theory Seminars can be found at http://cse.hkust.edu.hk/tcsc/seminars.html