## CryptoDB

### Goichiro Hanaoka

#### Publications

**Year**

**Venue**

**Title**

2024

TCC

Tighter Adaptive IBEs and VRFs: Revisiting Waters’ Artificial Abort
Abstract

One of the most popular techniques to prove adaptive security of identity-based encryptions (IBE) and verifiable random functions (VRF) is the _partitioning technique_. Currently, there are only two methods to relate the adversary's advantage and runtime (\epsilon, T) to those of the reduction's (\epsilon_proof, T_proof) using this technique: One originates to Waters (Eurocrypt 2005) who introduced the famous _artificial abort_ step to prove his IBE, achieving (\epsilon_proof, T_proof) = (O(\epsilon/Q), T+O(Q^2/\epsilon^2)), where Q is the number of key queries. Bellare and Ristenpart (Eurocrypt 2009) provide an alternative analysis for the same scheme removing the artificial abort step, resulting in (\epsilon_proof, T_proof) = (O(\epsilon^2/Q), T+O(Q)). Importantly, the current reductions all loose quadratically in \epsilon.
In this paper, we revisit this two decade old problem and analyze proofs based on the partitioning technique through a new lens. For instance, the Waters IBE can now be proven secure with (\epsilon_proof, T_proof) = (O(\epsilon^{3/2}/Q), T+O(Q)), breaking the quadratic dependence on \epsilon. At the core of our improvement is a finer estimation of the failing probability of the reduction in Waters' original proof relying on artificial abort. We use Bonferroni's inequality, a tunable inequality obtained by cutting off higher order terms from the equality derived by the inclusion-exclusion principle.
Our analysis not only improves the reduction of known constructions but also opens the door for new constructions. While a similar improvement to Waters IBE is possible for the lattice-based IBE by Agrawal, Boneh, and Boyen (Eurocrypt 2010), we can slightly tweak the so-called partitioning function in their construction, achieving (\epsilon_proof, T_proof) = (O(\epsilon/Q), T+O(Q)). This is a much better reduction than the previously known (O(\epsilon^3/Q^2), T+O(Q)). We also propose the first VRF with proof and verification key sizes sublinear in the security parameter under the standard d-LIN assumption, while simultaneously improving the reduction cost compared to all prior constructions.

2021

PKC

Impossibility on Tamper-Resilient Cryptography with Uniqueness Properties
📺
Abstract

In this work, we show negative results on the tamper-resilience of a wide class of cryptographic primitives with uniqueness properties, such as unique signatures, verifiable random functions, signatures with unique keys, injective one-way functions, and encryption schemes with a property we call unique-message property. Concretely, we prove that for these primitives, it is impossible to derive their (even extremely weak) tamper-resilience from any common assumption, via black-box reductions. Our proofs exploit the simulatable attack paradigm proposed by Wichs (ITCS ’13), and the tampering model we treat is the plain model, where there is no trusted setup.

2019

PKC

Improved Security Evaluation Techniques for Imperfect Randomness from Arbitrary Distributions
Abstract

Dodis and Yu (TCC 2013) studied how the security of cryptographic primitives that are secure in the “ideal” model in which the distribution of a randomness is the uniform distribution, is degraded when the ideal distribution of a randomness is switched to a “real-world” (possibly biased) distribution that has some lowerbound on its min-entropy or collision-entropy. However, in many constructions, their security is guaranteed only when a randomness is sampled from some non-uniform distribution (such as Gaussian in lattice-based cryptography), in which case we cannot directly apply the results by Dodis and Yu.In this paper, we generalize the results by Dodis and Yu using the Rényi divergence, and show how the security of a cryptographic primitive whose security is guaranteed when the ideal distribution of a randomness is a general (possibly non-uniform) distribution Q, is degraded when the distribution is switched to another (real-world) distribution R. More specifically, we derive two general inequalities regarding the Rényi divergence of R from Q and an adversary’s advantage against the security of a cryptographic primitive. As applications of our results, we show (1) an improved reduction for switching the distributions of distinguishing problems with public samplability, which is simpler and much tighter than the reduction by Bai et al. (ASIACRYPT 2015), and (2) how the differential privacy of a mechanism is degraded when its randomness comes from not an ideal distribution Q but a real-world distribution R. Finally, we show methods for approximate-sampling from an arbitrary distribution Q with some guaranteed upperbound on the Rényi divergence (of the distribution R of our sampling methods from Q).

2018

PKC

Fast Lattice Basis Reduction Suitable for Massive Parallelization and Its Application to the Shortest Vector Problem
Abstract

The hardness of the shortest vector problem for lattices is a fundamental assumption underpinning the security of many lattice-based cryptosystems, and therefore, it is important to evaluate its difficulty. Here, recent advances in studying the hardness of problems in large-scale lattice computing have pointed to need to study the design and methodology for exploiting the performance of massive parallel computing environments. In this paper, we propose a lattice basis reduction algorithm suitable for massive parallelization. Our parallelization strategy is an extension of the Fukase–Kashiwabara algorithm (J. Information Processing, Vol. 23, No. 1, 2015). In our algorithm, given a lattice basis as input, variants of the lattice basis are generated, and then each process reduces its lattice basis; at this time, the processes cooperate and share auxiliary information with each other to accelerate lattice basis reduction. In addition, we propose a new strategy based on our evaluation function of a lattice basis in order to decrease the sum of squared lengths of orthogonal basis vectors. We applied our algorithm to problem instances from the SVP Challenge. We solved a 150-dimension problem instance in about 394 days by using large clusters, and we also solved problem instances of dimensions 134, 138, 140, 142, 144, 146, and 148. Since the previous world record is the problem of dimension 132, these results demonstrate the effectiveness of our proposal.

2018

ASIACRYPT

Attribute-Based Signatures for Unbounded Languages from Standard Assumptions
Abstract

Attribute-based signature (ABS) schemes are advanced signature schemes that simultaneously provide fine-grained authentication while protecting privacy of the signer. Previously known expressive ABS schemes support either the class of deterministic finite automata and circuits from standard assumptions or Turing machines from the existence of indistinguishability obfuscations.In this paper, we propose the first ABS scheme for a very general policy class, all deterministic Turing machines, from a standard assumption, namely, the Symmetric External Diffie-Hellman (SXDH) assumption. We also propose the first ABS scheme that allows nondeterministic finite automata (NFA) to be used as policies. Although the expressiveness of NFAs are more restricted than Turing machines, this is the first scheme that supports nondeterministic computations as policies.Our main idea lies in abstracting ABS constructions and presenting the concept of history of computations; this allows a signer to prove possession of a policy that accepts the string associated to a message in zero-knowledge while also hiding the policy, regardless of the computational model being used. With this abstraction in hand, we are able to construct ABS for Turing machines and NFAs using a surprisingly weak NIZK proof system. Essentially we only require a NIZK proof system for proving that a (normal) signature is valid. Such a NIZK proof system together with a base signature scheme are, in turn, possible from bilinear groups under the SXDH assumption, and hence so are our ABS schemes.

2016

CRYPTO

2016

ASIACRYPT

2015

ASIACRYPT

2015

ASIACRYPT

2014

CRYPTO

2012

CRYPTO

2008

ASIACRYPT

1999

ASIACRYPT

#### Program Committees

- Asiacrypt 2024
- PKC 2022 (Program chair)
- Asiacrypt 2018
- Eurocrypt 2016
- PKC 2015
- Crypto 2013
- Asiacrypt 2009
- PKC 2004

#### Coauthors

- Nuttapong Attrapadung (7)
- Ronald Cramer (1)
- Keita Emura (2)
- Yumiko Hanaoka (3)
- Goichiro Hanaoka (41)
- Dennis Hofheinz (1)
- Hideki Imai (10)
- Tetsuya Izu (1)
- Kenji Kashiwabara (1)
- Shuichi Katsumata (2)
- Eike Kiltz (1)
- Kei Kimura (1)
- Fuyuki Kitagawa (1)
- Hirotaka Komaki (1)
- Noboru Kunihiro (6)
- Kaoru Kurosawa (1)
- Takahiro Matsuda (14)
- Kanta Matsuura (1)
- Takao Murakami (1)
- Takashi Nishide (1)
- Tsuyoshi Nishioka (1)
- Koji Nuida (1)
- Kazuo Ohta (1)
- Go Ohtake (1)
- Eiji Okamoto (1)
- Rafael Pass (1)
- Yusuke Sakai (3)
- Yumi Sakemi (1)
- Bagus Santoso (1)
- Jacob C. N. Schuldt (3)
- Abhi Shelat (1)
- Junji Shikata (6)
- Kazumasa Shinagawa (1)
- Kenta Takahashi (1)
- Kaoru Takemure (1)
- Masahiko Takenaka (1)
- Keisuke Tanaka (4)
- Tadanori Teruya (1)
- Vinod Vaikuntanathan (1)
- Yuyu Wang (3)
- Yuji Watanabe (1)
- Jian Weng (1)
- Shota Yamada (10)
- Takashi Yamakawa (2)
- Masaya Yasuda (1)
- Rui Zhang (1)
- Zongyang Zhang (1)
- Yunlei Zhao (1)
- Yuliang Zheng (4)