Primal-dual distance bounds of linear codes with application to cryptography

Let $N(d,d^\perp)$ denote the minimum length $n$ of a linear code $C$ with $d$ and $d^{\bot}$, where $d$ is the minimum Hamming distance of $C$ and $d^{\bot}$ is the minimum Hamming distance of $C^{\bot}$. In this paper, we show a lower bound and an upper bound on $N(d,d^\perp)$. Further, for small values of $d$ and $d^\perp$, we determine $N(d,d^\perp)$ and give a generator matrix of the optimum linear code. This problem is directly related to the design method of cryptographic Boolean functions suggested by Kurosawa et al.Comment: 6 pages, using IEEEtran.cls. To appear in IEEE Trans. Inform. Theory, Sept. 2006. Two authors were added in the revised versio

Environmental regulatory reform for Japanese fishing port development : adopting U.S. regulatory framework to the Japanese system

Thesis (M.C.P.)--Massachusetts Institute of Technology, Dept. of Urban Studies and Planning, 1997.Includes bibliographical references (leaves 102-104).by Kaoru Kurosawa.M.C.P

Power of a Public Random Permutation and its Application to Authenticated-Encryption

In this paper, we first show that many independent pseudorandom permutations over $\{0,1\}^n$ can be obtained from a single public random permutation and secret $n$ bits. We next prove that a slightly modified IAPM is secure even if the underlying block cipher $F$ is publicly accessible (as a blackbox). We derive a similar result for OCB mode, too. We finally prove that our security bound is tight within a constant factor

Round-Efficient Perfectly Secure Message Transmission Scheme Against General Adversary

In the model of Perfectly Secure Message Transmission Schemes (PSMTs), there are $n$ channels between a sender and a receiver, and they share no key. An infinitely powerful adversary $A$ can corrupt (observe and forge) the messages sent through some subset of $n$ channels. For non-threshold adversaries called $Q^2$, Kumar et al. showed a many round PSMT \cite{KGSR}. In this paper, we show round efficient PSMTs against $Q^2$-adevrsaries. We first give a $3$-round PSMT which runs in polynomial time in the size of the underlying linear secret sharing scheme. We next present a $2$-round PSMT which is inefficient in general. (However, it is efficient for some special case.

On the bound for anonymous secret sharing schemes

AbstractIn anonymous secret sharing schemes, the secret can be reconstructed without knowledge of which participants hold which shares. In this paper, we derive a tighter lower bound on the size of the shares than the bound of Blundo and Stinson for anonymous (k,n)-threshold schemes with 1<k<n. Our bound is tight for k=2. We also show a close relationship between optimum anonymous (2,n)-threshold secret schemes and combinatorial designs

Truly Efficient 2-Round Perfectly Secure Message Transmission Scheme

In the model of perfectly secure message transmission schemes (PSMTs), there are $n$ channels between a sender and a receiver. An infinitely powerful adversary \A may corrupt (observe and forge)the messages sent through $t$ out of $n$ channels. The sender wishes to send a secret $s$ to the receiver perfectly privately and perfectly reliably without sharing any key with the receiver. In this paper, we show the first $2$-round PSMT for $n=2t+1$ such that not only the transmission rate is $O(n)$ but also the computational costs of the sender and the receiver are both polynomial in $n$. This means that we solve the open problem raised by Agarwal, Cramer and de Haan at CRYPTO 2006

How to Factor N_1 and N_2 When p_1=p_2 mod 2^t

Let $N_1=p_1q_1$ and $N_2=p_2q_2$ be two different RSA moduli. Suppose that $p_1=p_2 \bmod 2^t$ for some $t$, and $q_1$ and $q_2$ are $\alpha$ bit primes. Then May and Ritzenhofen showed that $N_1$ and $N_2$ can be factored in quadratic time if $$t \geq 2\alpha+3.$$ In this paper, we improve this lower bound on $t$. Namely we prove that $N_1$ and $N_2$ can be factored in quadratic time if $$t \geq 2\alpha+1.$$ Further our simulation result shows that our bound is tight

Efficient No-dictionary Verifiable SSE

In the model of no-dictionary verifiable searchable symmetric encryption (SSE) scheme, a client does not need to keep the set of keywords ${\cal W}$ in the search phase, where ${\cal W}$ is called a dictionary. Still a malicious server cannot cheat the client by saying that ``your search word $w$ does not exist in the dictionary ${\cal W}$ when it exists. In the previous such schemes, it takes $O(\log m)$ time for the server to prove that $w \not\in {\cal W}$, where $m=|{\cal W}|$ is the number of keywords. In this paper, we show a generic method to transform any SSE scheme (that is only secure against passive adversaries) to a no-dictionary verifiable SSE scheme. In the transformed scheme, it takes only $O(1)$ time for the server to prove that $w \not\in {\cal W}$

How to Construct UC-Secure Searchable Symmetric Encryption Scheme

A searchable symmetric encryption (SSE) scheme allows a client to store a set of encrypted files on an untrusted server in such a way that he can efficiently retrieve some of the encrypted files containing (or indexed by) specific keywords keeping the keywords and the files secret. In this paper, we first extend the model of SSE schemes to that of verifiable SSE schemes, and formulate the UC security. We then prove its weak equivalence with privacy and reliability. Finally we show an efficient verifiable SSE scheme which is UC-secure