Primal-dual distance bounds of linear codes with application to cryptography

Let $N(d,d^\perp)$ denote the minimum length $n$ of a linear code $C$ with $d$ and $d^{\bot}$, where $d$ is the minimum Hamming distance of $C$ and $d^{\bot}$ is the minimum Hamming distance of $C^{\bot}$. In this paper, we show a lower bound and an upper bound on $N(d,d^\perp)$. Further, for small values of $d$ and $d^\perp$, we determine $N(d,d^\perp)$ and give a generator matrix of the optimum linear code. This problem is directly related to the design method of cryptographic Boolean functions suggested by Kurosawa et al.Comment: 6 pages, using IEEEtran.cls. To appear in IEEE Trans. Inform. Theory, Sept. 2006. Two authors were added in the revised versio

Environmental regulatory reform for Japanese fishing port development : adopting U.S. regulatory framework to the Japanese system

Thesis (M.C.P.)--Massachusetts Institute of Technology, Dept. of Urban Studies and Planning, 1997.Includes bibliographical references (leaves 102-104).by Kaoru Kurosawa.M.C.P

Power of a Public Random Permutation and its Application to Authenticated-Encryption

In this paper, we first show that many independent pseudorandom permutations over $\{0,1\}^n$ can be obtained from a single public random permutation and secret $n$ bits. We next prove that a slightly modified IAPM is secure even if the underlying block cipher $F$ is publicly accessible (as a blackbox). We derive a similar result for OCB mode, too. We finally prove that our security bound is tight within a constant factor

Round-Efficient Perfectly Secure Message Transmission Scheme Against General Adversary

In the model of Perfectly Secure Message Transmission Schemes (PSMTs), there are $n$ channels between a sender and a receiver, and they share no key. An infinitely powerful adversary $A$ can corrupt (observe and forge) the messages sent through some subset of $n$ channels. For non-threshold adversaries called $Q^2$, Kumar et al. showed a many round PSMT \cite{KGSR}. In this paper, we show round efficient PSMTs against $Q^2$-adevrsaries. We first give a $3$-round PSMT which runs in polynomial time in the size of the underlying linear secret sharing scheme. We next present a $2$-round PSMT which is inefficient in general. (However, it is efficient for some special case.

On the bound for anonymous secret sharing schemes

AbstractIn anonymous secret sharing schemes, the secret can be reconstructed without knowledge of which participants hold which shares. In this paper, we derive a tighter lower bound on the size of the shares than the bound of Blundo and Stinson for anonymous (k,n)-threshold schemes with 1<k<n. Our bound is tight for k=2. We also show a close relationship between optimum anonymous (2,n)-threshold secret schemes and combinatorial designs

Truly Efficient 2-Round Perfectly Secure Message Transmission Scheme

In the model of perfectly secure message transmission schemes (PSMTs), there are $n$ channels between a sender and a receiver. An infinitely powerful adversary \A may corrupt (observe and forge)the messages sent through $t$ out of $n$ channels. The sender wishes to send a secret $s$ to the receiver perfectly privately and perfectly reliably without sharing any key with the receiver. In this paper, we show the first $2$-round PSMT for $n=2t+1$ such that not only the transmission rate is $O(n)$ but also the computational costs of the sender and the receiver are both polynomial in $n$. This means that we solve the open problem raised by Agarwal, Cramer and de Haan at CRYPTO 2006

Efficient No-dictionary Verifiable SSE

In the model of no-dictionary verifiable searchable symmetric encryption (SSE) scheme, a client does not need to keep the set of keywords ${\cal W}$ in the search phase, where ${\cal W}$ is called a dictionary. Still a malicious server cannot cheat the client by saying that ``your search word $w$ does not exist in the dictionary ${\cal W}$ when it exists. In the previous such schemes, it takes $O(\log m)$ time for the server to prove that $w \not\in {\cal W}$, where $m=|{\cal W}|$ is the number of keywords. In this paper, we show a generic method to transform any SSE scheme (that is only secure against passive adversaries) to a no-dictionary verifiable SSE scheme. In the transformed scheme, it takes only $O(1)$ time for the server to prove that $w \not\in {\cal W}$

Efficient Public Key Steganography Secure Against Adaptively Chosen Stegotext Attacks

We define the notion of adative chosen stegotext security. We then construct \emph{efficient} public key steganographic schemes secure against adaptively chosen stegotext attacks, without resort to any special existence assumption such as unbiased functions. This is the first time such a construction is obtained. Not only our constructions are \emph{secure}, but also are essentially optimal and have \emph{no error} decoding. We achieve this by applying a primitive called $\ch{P}$-codes

Kurosawa-Desmedt Key Encapsulation Mechanism, Revisited and More

While the hybrid public key encryption scheme of Kurosawa and Desmedt (CRYPTO 2004) is provably secure against chosen ciphertext attacks (namely, IND-CCA-secure), its associated key encapsulation mechanism (KEM) is widely known as not \CCA-secure. In this paper, we present a direct proof of IND-CCA security thanks to a simple twist on the Kurosawa-Desmedt KEM. Our KEM beats the standardized version of Cramer-Shoup KEM in ISO/IEC 18033-2 by margins of -- at least 20\% in encapsulation speed, and -- up to 60\% in decapsulation speed, which are verified by both theoretical comparison and experimental results. The efficiency of decapsulation can be even -- about 40\% better than the decapsulation of the PSEC-KEM in ISO/IEC 18033-2 -- only slightly worse than the decapsulation of the ECIES-KEM in ISO/IEC 18033-2 which is of independent interest since the security of both PSEC-KEM and ECIES-KEM are argued using the controversial random oracle heuristic in contrast to ours. We then generalize the technique into hash proof systems, proposing several KEM schemes with IND-CCA security under decision linear and decisional composite residuosity assumptions respectively. All the KEMs are in the standard model, and use standard, computationally secure symmetric building blocks. We finally show that, with additional simple yet innovative twists, the KEMs can be proved resilient to certain amount of leakage on the secret key. Specifically with the DDH-based scheme, a fraction of $1/4-o(1)$ of the secret key can be leaked, and when conditioned on a fixed leakage rate, we obtain the most efficient leakage-resilient KEMs regarding computation and storage