| Program
1:30-2:00
Speaker: Hirotoshi Takebe (Tokyo Inst. Tech.)
Title: Symmetric-Key Encryption Scheme with Multi-Ciphertext Non-malleability
Abstract:
A standard notion of non-malleability
is that an adversary cannot forge a ciphertext $c'$
from a single valid ciphertext $c$ for which
a plaintext $m'$ of $c'$ is meaningfully
related to a plaintext $m$ of $c$.
The {\em multi-ciphertext non-malleability} is a
stronger notion; an adversary is allowed to
obtain multiple ciphertexts $c_1,c_2,...$
in order to forge $c'$.
We provide an efficient symmetric-key encryption scheme with
an information-theoretic version of
the multi-ciphertext non-malleability
in this paper by using $\ell$-wise almost independent
permutations of Kaplan, Naor, and Reingold.
2:00-2:30
Speaker: Vorapong Suppakitpaisarn (U. Tokyo)
Title: Generalized Analysis Methods for Efficiency of Representations for Elliptic Curve Scalar Multiplication
Abstract:
In this talk, we introduce the algorithmic analysis approach for
elliptic curve scalar multiplication implemented using various kinds
of number representations. Scalar multiplication is the bottleneck
operation of elliptic curve cryptography, and there are many works
proposed to speed-up the operation including the improvement on how we
represent the scalar. Many number representations, which are designed
to optimize the computation time in a specific type of elliptic curve
implementation, are too complicated to be analyzed using mathematical
approach. We devise the method based on dynamic programming scheme,
automatically-generated Markov chain, and the generic property of most
representations. Our focus in this presentation is the r-radix
representation for r > 2, which is practically used in pairing-based
cryptography. We found an interesting relationship between the memory
usage and the average speed of optimal scalar multiplication.
2:30-2:50
Break
2:50-3:50
Speaker: Takeshi Koshiba (Saitama Univ.)
Title: On Unidirectional Public Discussion in Secure Message Transmission
Abstract:
We consider the possibility and the limitation of secure message
transmission (SMT) in the "unidirectional" public discussion (PD)
model. Let epsilon be the privacy parameter and delta be the
reliability parameter, where smaller values are better.
[K-Sawada 2010] has shown that the privacy and the reliability
are not compatible in the SMT-PD model when only backward public
channel is avaiable.
Roughly speaking, epsilon + delta must be close to 1.
Also, we have shown that delta must be larger than approximately 1/2
when only foreward public channel is avaiable, while we provide an
upper-bound protocol achieving approximately delta < t/n, where
n is the number of channels and t |