A limitation on security evaluation of cryptographic primitives with fixed keys

In this paper, we discuss security of public‐key cryptographic primitives in the case that the public key is fixed. In the standard argument, security of cryptographic primitives are evaluated by estimating the average probability of being successfully attacked where keys are treated as random variables. In contrast to this, in practice, a user is mostly interested in the security under his specific public key, which has been already fixed. However, it is obvious that such security cannot be mathematically guaranteed because for any given public key, there always potentially exists an adversary, which breaks its security. Therefore, the best what we can do is just to use a public key such that its effective adversary is not likely to be constructed in the real life and, thus, it is desired to provide a method for evaluating this possibility. The motivation of this work is to investigate (in)feasibility of predicting whether for a given fixed public key, its successful adversary will actually appear in the real life or not. As our main result, we prove that for any digital signature scheme or public key encryption scheme, it is impossible to reduce any fixed key adversary in any weaker security notion than the de facto ones (i.e., existential unforgery against adaptive chosen message attacks or indistinguishability against adaptive chosen ciphertext attacks) to fixed key adversaries in the de facto security notion in a black‐box manner. This result means that, for example, for any digital signature scheme, impossibility of extracting the secret key from a fixed public key will never imply existential unforgery against chosen message attacks under the same key as long as we consider only black‐box analysis

Generic Hardness of Inversion on Ring and Its Relation to Self-Bilinear Map

In this paper, we study the generic hardness of the inversion problem on a ring, which is a problem to compute the inverse of a given prime $c$ by just using additions, subtractions and multiplications on the ring. If the characteristic of an underlying ring is public and coprime to $c$, then it is easy to compute the inverse of $c$ by using the extended Euclidean algorithm. On the other hand, if the characteristic is hidden, it seems difficult to compute it. For discussing the generic hardness of the inversion problem, we first extend existing generic ring models to capture a ring of an unknown characteristic. Then we prove that there is no generic algorithm to solve the inversion problem in our model when the underlying ring is isomorphic to $\mathbb{Z}_p$ for a randomly chosen prime $p$ assuming the hardness of factorization of an unbalanced modulus. We also study a relation between the inversion problem on a ring and a self-bilinear map. We give a ring-based construction of a self-bilinear map, and prove that natural complexity assumptions including the multilinear computational Diffie-Hellman (MCDH) assumption hold w.r.t the resulting sef-bilinear map if the inversion problem is hard on the underlying ring

Self-bilinear Map on Unknown Order Groups from Indistinguishability Obfuscation and Its Applications

A self-bilinear map is a bilinear map where the domain and target groups are identical. In this paper, we introduce a self-bilinear map with auxiliary information which is a weaker variant of a self-bilinear map, construct it based on indistinguishability obfuscation and prove that a useful hardness assumption holds with respect to our construction under the factoring assumption. From our construction, we obtain a multilinear map with interesting properties: the level of multilinearity is not bounded in the setup phase, and representations of group elements are compact, i.e., their size is independent of the level of multilinearity. This is the first construction of a multilinear map with these properties. Note, however, that to evaluate the multilinear map, auxiliary information is required. As applications of our multilinear map, we construct multiparty non-interactive key-exchange and distributed broadcast encryption schemes where the maximum number of users is not fixed in the setup phase. Besides direct applications of our self-bilinear map, we show that our technique can also be used for constructing somewhat homomorphic encryption based on indistinguishability obfuscation and the Phi-hiding assumption

Adversary-dependent Lossy Trapdoor Function from Hardness of Factoring Semi-smooth RSA Subgroup Moduli

Lossy trapdoor functions (LTDFs), proposed by Peikert and Waters (STOC\u2708), are known to have a number of applications in cryptography. They have been constructed based on various assumptions, which include the quadratic residuosity (QR) and decisional composite residuosity (DCR) assumptions, which are factoring-based {\it decision} assumptions. However, there is no known construction of an LTDF based on the factoring assumption or other factoring-related search assumptions. In this paper, we first define a notion of {\it adversary-dependent lossy trapdoor functions} (ad-LTDFs) that is a weaker variant of LTDFs. Then we construct an ad-LTDF based on the hardness of factorizing RSA moduli of a special form called semi-smooth RSA subgroup (SS) moduli proposed by Groth (TCC\u2705). Moreover, we show that ad-LTDFs can replace LTDFs in many applications. Especially, we obtain the first factoring-based deterministic encryption scheme that satisfies the security notion defined by Boldyreva et al. (CRYPTO\u2708) without relying on a decision assumption. Besides direct applications of ad-LTDFs, by a similar technique, we construct a chosen ciphertext secure public key encryption scheme whose ciphertext overhead is the shortest among existing schemes based on the factoring assumption w.r.t. SS moduli

A Framework and Compact Constructions for Non-monotonic Attribute-Based Encryption

In this paper, we propose new non-monotonic attribute-based encryption schemes with compact parameters. The first three schemes are key-policy attribute-based encryption (KP-ABE) and the fourth scheme is ciphertext-policy attribute-based encryption (CP-ABE) scheme. \begin{itemize} \item Our first scheme has very compact ciphertexts. The ciphertext overhead only consists of two group elements and this is the shortest in the literature. Compared to the scheme by Attrapadung et al. (PKC2011), which is the best scheme in terms of the ciphertext overhead, our scheme shortens ciphertext overhead by $33\%$. The scheme also reduces the size of the master public key to about half. \item Our second scheme is proven secure under the decisional bilinear Diffie-Hellman (DBDH) assumption, which is one of the most standard assumptions in bilinear groups. Compared to the non-monotonic KP-ABE scheme from the same assumption by Ostrovsky et al. (ACM-CCS\u2707), our scheme achieves more compact parameters. The master public key and the ciphertext size is about the half that of their scheme. \item Our third scheme is the first non-monotonic KP-ABE scheme that can deal with unbounded size of set and access policies. That is, there is no restriction on the size of attribute sets and the number of allowed repetition of the same attributes which appear in an access policy. The master public key of our scheme is very compact: it consists of only constant number of group elements. \item Our fourth scheme is the first non-monotonic CP-ABE scheme that can deal with unbounded size of set and access policies. The master public key of the scheme consists of only constant number of group elements. \end{itemize} We construct our KP-ABE schemes in a modular manner. We first introduce special type of predicate encryption that we call two-mode identity based broadcast encryption (TIBBE). Then, we show that any TIBBE scheme that satisfies certain condition can be generically converted into non-monotonic KP-ABE scheme. Finally, we construct efficient TIBBE schemes and apply this conversion to obtain the above new non-monotonic KP-ABE schemes

大腸腫瘍性病変の拾い上げ診断における透明フードを併用した自家蛍光内視鏡の有用性:前向き無作為化比較試験

BACKGROUND: Colonoscopy is one of the most reliable methods for detection of colorectal neoplasms, but conventional colonoscopy can miss some lesions. OBJECTIVE: To evaluate the efficacy of autofluorescence imaging (AFI) with a transparent hood (TH) for detection of colorectal neoplasms. DESIGN: A 2 × 2 factorial designed, prospective, randomized, controlled trial. SETTING: This study was conducted at the Osaka Medical Center for Cancer and Cardiovascular Diseases, a tertiary cancer center. PATIENTS: A total of 561 patients. INTERVENTIONS: Patients were allocated to 1 of 4 groups: (1) white light imaging (WLI) alone--colonoscopy using WLI without a TH; (2) WLI+TH--colonoscopy using WLI with a TH; (3) AFI alone--colonoscopy using AFI without a TH; and (4) AFI+TH--colonoscopy using AFI with a TH. Eight colonoscopists used each allocated method. MAIN OUTCOME MEASUREMENT: The difference in neoplasm detection rate (number of detected neoplasms per patient) between the WLI alone and AFI+TH groups. RESULTS: Neoplasm detection rate (95% confidence interval) in the AFI+TH group was significantly higher than in the WLI alone group (1.96 [1.50-2.43] vs 1.19 [0.93-1.44]; P = .023, Tukey-Kramer multiple comparison test). Relative detection ratios (95% confidence interval) for polypoid neoplasms based on Poisson regression model were significantly increased by mounting a TH (1.69 [1.34-2.12], P < .001), and relative detection ratios for flat neoplasms were significantly increased by AFI observation (1.83 [1.24-2.71], P = .002). LIMITATIONS: Open trial performed in single cancer referral center. CONCLUSION: AFI colonoscopy with a TH detected significantly more colorectal neoplasms than did conventional WLI colonoscopy without a TH.博士（医学）・乙1327号・平成26年3月17

Comprehensive investigation of areae gastricae pattern in gastric corpus using magnifying narrow band imaging endoscopy in patients with chronic atrophic fundic gastritis.

Background:  Barium radiographic studies have suggested the importance of evaluating areae gastricae pattern for the diagnosis of gastritis. Significance of endoscopic appearance of areae gastricae in the diagnosis of chronic atrophic fundic gastritis (CAFG) was investigated by image-enhanced endoscopy. Materials and Methods:  Endoscopic images of the corpus lesser curvature were studied in 50 patients with CAFG. Extent of CAFG was evaluated with autofluorescence imaging endoscopy. The areae gastricae pattern was evaluated with 0.2% indigo carmine chromoendoscopy. Micro-mucosal structure was examined with magnifying chromoendoscopy and narrow band imaging. Results:  In patients with small extent of CAFG, polygonal areae gastricae separated by a narrow intervening part of areae gastricae was observed, whereas in patients with wide extent of CAFG, the size of the areae gastricae decreased and the width of the intervening part of areae gastricae increased (p < 0.001). Most areae gastricae showed a foveola-type micro-mucosal structure (82.7%), while intervening part of areae gastricae had a groove-type structure (98.0%, p < 0.001). Groove-type mucosa had a higher grade of atrophy (p < 0.001) and intestinal metaplasia (p < 0.001) compared with foveola type. Conclusions:  As extent of CAFG widened, multifocal groove-type mucosa that had high-grade atrophy and intestinal metaplasia developed among areae gastricae and increased along the intervening part of areae gastricae. Our observations facilitate our understanding of the development and progression of CAFG

Transoral surgery for superficial head and neck cancer: National Multi‐Center Survey in Japan

Head and neck cancers, especially in hypopharynx and oropharynx, are often detected at advanced stage with poor prognosis. Narrow band imaging enables detection of superficial cancers and transoral surgery is performed with curative intent. However, pathological evaluation and real-world safety and clinical outcomes have not been clearly understood. The aim of this nationwide multicenter study was to investigate the safety and efficacy of transoral surgery for superficial head and neck cancer. We collected the patients with superficial head and neck squamous cell carcinoma who were treated by transoral surgery from 27 hospitals in Japan. Central pathology review was undertaken on all of the resected specimens. The primary objective was effectiveness of transoral surgery, and the secondary objective was safety including incidence and severity of adverse events. Among the 568 patients, a total of 662 lesions were primarily treated by 575 sessions of transoral surgery. The median tumor diameter was 12 mm (range 1–75) endoscopically. Among the lesions, 57.4% were diagnosed as squamous cell carcinoma in situ. The median procedure time was 48 minutes (range 2–357). Adverse events occurred in 12.7%. Life-threatening complications occurred in 0.5%, but there were no treatment-related deaths. During a median follow-up period of 46.1 months (range 1–113), the 3-year overall survival rate, relapse-free survival rate, cause-specific survival rate, and larynx-preservation survival rate were 88.1%, 84.4%, 99.6%, and 87.5%, respectively. Transoral surgery for superficial head and neck cancer offers effective minimally invasive treatment