## CryptoDB

### Takeshi Okamoto

#### Publications

Year
Venue
Title
2008
EPRINT
There is an open problem to construct ID-based signature schemes which satisfy strongly EUF-ID-CMA, without random oracles. It is known that strongly EUF-ID-CMA is a concept of the strongest security in ID-based signatures. In this paper, we propose a solution to the open problem, that is an ID-based signature scheme, which satisfies strongly EUF-ID-CMA, without random oracles for the first time. Security of the scheme is based on the difficulty to solve three problems related to the Diffie-Hellman problem and a one-way isomorphism.
2008
EPRINT
Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. As they rely critically on efficient algorithms and implementations of pairing primitives, the study of hardware accelerators became an active research area. In this paper, we propose two coprocessors for the reduced $\eta_T$ pairing introduced by Barreto {\it et al.} as an alternative means of computing the Tate pairing on supersingular elliptic curves. We prototyped our architectures on FPGAs. According to our place-and-route results, our coprocessors compare favorably with other solutions described in the open literature. We also present the first ASIC implementation of the reduced $\eta_T$ pairing.
2006
EPRINT
Signature schemes with message recovery have been wildly investigated a decade ago in the literature, but the first ID-based signature with message recovery goes out into the world until 2005. In this paper, we first point out and revise one little but important problem which occurs in the previous ID-based signature with message recovery scheme. Then, by completely different setting, we propose a new ID-based signature scheme with message recovery. Our scheme is much more efficient than the previous scheme. In our scheme (as well as other signature schemes with message recovery), the message itself is not required to be transmitted together with the signature, it turns out to have the least data size of communication cost comparing with generic (not short) signature schemes. Although the communication overhead is still larger than Boneh et al. 's short signature (which is not ID-based), the computational cost of our scheme is more efficient than Boneh et al. 's scheme in the verification phase. We will also prove that the proposed scheme is provably secure in the random oracle model under CDH Assumption.
2006
EPRINT
The main characteristic of a mobile ad-hoc network is its infrastructure-less, highly dynamic topology, which is subject to malicious traffic analysis. Malicious intermediate nodes in wireless mobile ad-hoc networks are a threat concerning security as well as anonymity of exchanged information. To protect anonymity and achieve security of nodes in mobile ad-hoc networks, an anonymous on-demand routing protocol, termed RIOMO, is proposed. For this purpose, pseudo IDs of the nodes are generated considering Pairing-based Cryptography. Nodes can generate their own pseudo IDs independently. As a result RIOMO reduces pseudo IDs maintenance costs. Only trust-worthy nodes are allowed to take part in routing to discover a route. To ensure trustiness each node has to make authentication to its neighbors through an anonymous authentication process. Thus RIOMO safely communicates between nodes without disclosing node identities; it also provides different desirable anonymous properties such as identity privacy, location privacy, route anonymity, and robustness against several attacks.
2006
EPRINT
In this paper, we present a new proxy cryptosystem named subject-delegated decryption scheme, in which the original decryptor delegates decryption authority to multiple proxies according to different subjects. The advantage of our scheme is that the proxy authorities are tightly limited (Tightly" Limited Authority). This means that the proxy authority can be temporarily aborted even if the validity period of the proxy key does not expire. Consequently, our protocol is more practical than the existential protocols because the secrecy of the original decryptor can be protected efficiently from his proxy, especially when the proxy becomes corrupted. Our scheme is efficient because the encryption method in our scheme is based on a hybrid of symmetric key and public key cryptographic techniques. We give the provable security using a variant decisional Bilinear Diffie-Hellman (BDH) assumption.
2005
EPRINT
Although many watermarking schemes consider the case of universal verifiability, it is undesirable in some applications. Designated verification is a possible solution for this problem. Watermarking scheme with (non-interactive) designated verification through non-invertible schemes was proposed by Lee et al in 2003, to resolve multiple watermarking problem. Yoo et al [14] proposed a very similar watermarking scheme. In this paper, we propose a cryptanalytic attack on both of these schemes that allows a dishonest watermarker to send illegal watermarked images and to convince the designated verifier or customer that received watermarked images are valid. We modify the above schemes to overcome the attack. Further, we also propose a new robust watermarking scheme with (non-interactive) designated verification through non-invertible watermarks. Interestingly, our scheme can be extended for joint copyright protection (security of ownership rights for images to be owned by more than one entity).
2005
EPRINT
In this paper, we introduce a simple strong-designated verifier signature (SDVS) scheme which is much more efficient than previously proposed SDVS schemes. In addition, with only one more parameter published by the signer, this scheme can provide signer's forward security. That is, the consistency of a signature cannot be verified by any third party even if he/she knows a signer's private key. Thus the privacy of a signer's identity is protected independently in each signature, if the designated verifier's private key has not been disclosed. In addition, this scheme can be easily modified to a designated verifier signcryption scheme with virtually no additional cost. We will also show that the proposed scheme is provably secure in the random oracle model.
2005
EPRINT
Verifiable secret sharing schemes proposed so far can only allow participants to verify whether their shares are correct or not. In this paper, we propose a new protocol which can allow participants not only to verify the correctness of their shares but also to revise the faulty shares. It is achieved in a cooperative way by participants, but without any assistance from the dealer. This protocol, to the best of our knowledge, is the first one providing such kind of ability. Correcting shares by participants instead of the dealer is important in many situations. In addition, this protocol is also useful for adding new participants without the dealer's assistance.