Program

1:30-2:00
Speaker: Hirotoshi Takebe (Tokyo Inst. Tech.)
Title: Symmetric-Key Encryption Scheme with Multi-Ciphertext Non-malleability
Abstract:
A standard notion of non-malleability
is that an adversary cannot forge a ciphertext $c'$
from a single valid ciphertext $c$ for which 
a plaintext $m'$ of $c'$ is meaningfully 
related to a plaintext $m$ of $c$.
The {\em multi-ciphertext non-malleability} is a 
stronger notion; an adversary is allowed to 
obtain multiple ciphertexts $c_1,c_2,...$ 
in order to forge $c'$. 
We provide an efficient symmetric-key encryption scheme with 
an information-theoretic version of
the multi-ciphertext non-malleability 
in this paper by using $\ell$-wise almost independent 
permutations of Kaplan, Naor, and Reingold.

2:00-2:30
Speaker: Vorapong Suppakitpaisarn (U. Tokyo)
Title: Generalized Analysis Methods for Efficiency of Representations for Elliptic Curve Scalar Multiplication
Abstract: 
 In this talk, we introduce the algorithmic analysis approach for 
elliptic curve scalar multiplication implemented using various kinds 
of number representations. Scalar multiplication is the bottleneck 
operation of elliptic curve cryptography, and there are many works 
proposed to speed-up the operation including the improvement on how we 
represent the scalar. Many number representations, which are designed 
to optimize the computation time in a specific type of elliptic curve 
implementation, are too complicated to be analyzed using mathematical 
approach. We devise the method based on dynamic programming scheme, 
automatically-generated Markov chain, and the generic property of most 
representations. Our focus in this presentation is the r-radix 
representation for r > 2, which is practically used in pairing-based 
cryptography. We found an interesting relationship between the memory 
usage and the average speed of optimal scalar multiplication.

2:30-2:50
Break

2:50-3:50
Speaker: Takeshi Koshiba (Saitama Univ.)
Title: On Unidirectional Public Discussion in Secure Message Transmission
Abstract: 
We consider the possibility and the limitation of secure message 
transmission (SMT) in the "unidirectional" public discussion (PD) 
model. Let epsilon be the privacy parameter and delta be the 
reliability parameter, where smaller values are better.
[K-Sawada 2010] has shown that the privacy and the reliability 
are not compatible in the SMT-PD model when only backward public 
channel is avaiable.
Roughly speaking, epsilon + delta must be close to 1.
Also, we have shown that delta must be larger than approximately 1/2 
when only foreward public channel is avaiable, while we provide an
upper-bound protocol achieving approximately delta < t/n, where
n is the number of channels and t