A Secure Traitor Tracing Scheme against Key Exposure

Copyright protection is a major issue in distributing digital content. On the other hand, improvements to usability are sought by content users. In this paper, we propose a secure {\it traitor tracing scheme against key exposure (TTaKE)} which contains the properties of both a traitor tracing scheme and a forward secure public key cryptosystem. Its structure fits current digital broadcasting systems and it may be useful in preventing traitors from making illegal decoders and in minimizing the damage from accidental key exposure. It can improve usability through these properties.Comment: 5 pages, IEEE International Symposium on Information Theory 2005 (ISIT 2005

A Constant-Size Signature Scheme with a Tighter Reduction from the CDH Assumption

We present a signature scheme with the tightest security-reduction among known constant-size signature schemes secure under the computational Diffie-Hellman (CDH) assumption. It is important to reduce the security-reduction loss of a cryptosystem, which enables choosing of a smaller security parameter without compromising security; hence, enabling constant-size signatures for cryptosystems and faster computation. The tightest security reduction far from the CDH assumption is $\mathcal{O}(q)$, presented by Hofheinz et al., where $q$ is the number of signing queries. They also proved that the security loss of $\mathcal{O}(q)$ is optimal if signature schemes are ``re-randomizable . In this paper, we revisit the non-re-randomizable signature scheme proposed by Bohl et al. Their signature scheme is the first that is fully secure under the CDH assumption and has a compact public key. However, they constructed the scheme with polynomial-order security-reduction loss. We first constructed a new existentially unforgeable againt extended random-message attack (EUF-XRMA) secure scheme based on Bohl et al.\u27s scheme, which has tighter security reduction of $\mathcal{O}(q/d)$ to the CDH assumption, where $d$ is the number of group elements in a verification key. We then transformed the EUF-XRMA secure signature scheme into an existentially unforgeable against adaptively chosen-message attack (EUF-CMA) secure one using Abe et al.\u27s technique. In this construction, no pseudorandom function, which results in increase of reduction loss, is used, and the above reduction loss can be achieved. Moreover, a tag can be generated more efficiently than Bohl et al.\u27s signature scheme, which results in smaller computation. Consequently, our EUF-CMA secure scheme has tighter security reduction to the CDH assumption than any previous schemes

Membership Privacy for Asynchronous Group Messaging

The Signal protocol is a secure messaging protocol providing end-to-end encrypted asynchronous communication. In this paper, we focus on a method capable of hiding membership information from the viewpoint of non group members in a secure group messaging (SGM) protocol, which we call membership privacy\u27\u27. Although Chase et al. (ACM CCS 2020) have considered the same notion, their proposal is an extension of Signal so called Pairwise Signal\u27\u27 where a group message is repeatedly sent over individual Signal channels. Thus their protocol is not scalable. In this work, we extend the Cohn-Gordon et al. SGM protocol (ACM CCS 2018), which we call the Asynchronous Ratcheting Trees (ART) protocol, to add membership privacy. We employ a key-private and robust public-key encryption (Abdalla et al., TCC2010/JoC2018) for hiding membership-related values in the setup phase. Furthermore, we concentrate on the fact that a group common key provides anonymity. This fact is used to encrypt membership information in the key update phase. Our extension does not affect the forward secrecy and post-compromise security of the original ART protocol. Our modification achieves asymptotically the same efficiency of the ART protocol in the setup phase. Any additional cost for key update does not depend on the number of group members (specifically, one encryption and decryption of a symmetric key-encryption scheme and one execution of a key-derivation function for each key update are employed). Therefore, the proposed protocol can add membership privacy to the ART protocol with a quite small overhead

Continuous Group Key Agreement with Flexible Authorization and Its Applications

Secure messaging (SM) protocols allow users to communicate securely over an untrusted infrastructure. The IETF currently works on the standardization of secure group messaging (SGM), which is SM done by a group of two or more people. Alwen et al. formally defined the key agreement protocol used in SGM as continuous group key agreement (CGKA) at CRYPTO 2020. In their CGKA protocol, all of the group members have the same rights and a trusted third party is needed. On the contrary, some SGM applications may have a user in the group who has the role of an administrator. When the administrator as the group manager (GM) is distinguished from other group members, i.e., in a one-to-many setting, it would be better for the GM and the other group members to have different authorities. We achieve this flexible autho-rization by incorporating a ratcheting digital signature scheme (Cremers et al. at USENIX Security 2021) into the existing CGKA protocol and demonstrate that such a simple modification allows us to provide flexible authorization. This one-to-many setting may be reminiscent of a multi-cast key agreement protocol proposed by Bienstock et al. at CT-RSA 2022, where GM has the role of adding and removing group members. Although the role of the GM is fixed in advance in the Bienstock et al. protocol, the GM can flexibly set the role depending on the application in our protocol. On the other hand, in Alwen et al.’s CGKA protocol, an external public key infrastructure (PKI) functionality as a trusted third party manages the confidential information of users, and the PKI can read all messages until all users update their own keys. In contrast, the GM in our protocol has the same role as the PKI functionality in the group, so no third party outside the group handles confidential informa-tion of users and thus no one except group members can read messages regardless of key updates. Our proposed protocol is useful in the creation of new applications such as broadcasting services

Short Lattice Signature Scheme with Tighter Reduction under Ring-SIS Assumption

We propose a short signature scheme under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction [Ducas and Micciancio, CRYPTO 2014], we demonstrate lattice-based signatures with improved reduction loss. As far as we know, there are no ways to use multiple tags in the signature simulation of security proof in the lattice tag-based signatures. We address the tag-collision possibility in the lattice setting, which improves reduction loss. Our scheme generates tags from messages by constructing a scheme under a mild security condition that is existentially unforgeable against random message attack with auxiliary information. Thus our scheme can reduce the signature size since it does not need to send tags with the signatures. Our scheme has short signature sizes of (1) and achieves tighter reduction loss than that of Ducas et al.’s scheme. Our proposed scheme has two variants. Our scheme with one property has tighter reduction and the same verification key size of (log ) as that of Ducas et al.’s scheme, where is the security parameter. Our scheme with the other property achieves much tighter reduction loss of (/) and verification key size of (), where is the number of signing queries

Thin crystal development and applications for hard x-ray free-electron lasers

Taito Osaka, Makina Yabashi, Yasuhisa Sano, Kensuke Tono, Yuichi Inubushi, Takahiro Sato, Kanade Ogawa, Satoshi Matsuyama, Tetsuya Ishikawa, and Kazuto Yamauchi "Thin crystal development and applications for hard x-ray free-electron lasers", Proc. SPIE 8848, Advances in X-Ray/EUV Optics and Components VIII, 884804 (27 September 2013); https://doi.org/10.1117/12.2023465

Development of split-delay x-ray optics using Si(220) crystals at SACLA

Taito Osaka, Takashi Hirano, Makina Yabashi, Yasuhisa Sano, Kensuke Tono, Yuichi Inubushi, Takahiro Sato, Kanade Ogawa, Satoshi Matsuyama, Tetsuya Ishikawa, and Kazuto Yamauchi "Development of split-delay x-ray optics using Si(220) crystals at SACLA", Proc. SPIE 9210, X-Ray Free-Electron Lasers: Beam Diagnostics, Beamline Instrumentation, and Applications II, 921009 (8 October 2014); https://doi.org/10.1117/12.2060238

The Japanese Clinical Practice Guideline for acute kidney injury 2016

Acute kidney injury (AKI) is a syndrome which has a broad range of etiologic factors depending on different clinical settings. Because AKI has significant impacts on prognosis in any clinical settings, early detection and intervention are necessary to improve the outcomes of AKI patients. This clinical guideline for AKI was developed by a multidisciplinary approach with nephrology, intensive care medicine, blood purification, and pediatrics. Of note, clinical practice for AKI management which was widely performed in Japan was also evaluated with comprehensive literature search