IIS Open House 2022

Japanese version is here.
Welcome to the Matsuura Laboratory IIS Open House 2022 Web page.
In 2022, IIS Open House will be held on June 10 (Fri.), and June 11 (Sat.) Online.
In Matsuura Laboratory, we will present our researches related to information security and cryptography.

Date and Time
2022/6/10(Fri.) 10:00 - 17:00
2022/6/11(Sat.) 10:00 - 17:00
Research Topics
Realization of a Signature for Objects Scheme with Advanced Functionality
A digital signature scheme assigns a signature to binary strings. Based on this, we propose the concept of a "signature for objects" scheme that enables signatures on arbitrary physical objects. Intuitively, a "signature for objects" is expected to be realized by combining sensing (such as taking a photograph) with conventional digital signature schemes. We formulate the theory and provide the security proofs necessary to realize such a "signature for objects" scheme. We will also study other advanced features such as extensions to multiple objects and privacy considerations.
Aggregate Signature Schemes with Traceability of Devices Dynamically Generating Invalid Signatures
Aggregate signature schemes enable us to aggregate multiple signatures into a single short signature. One of its typical applications is sensor networks, where a large number of users and devices measure their environments, create signatures to ensure the integrity of the measurements, and transmit their signed data. However, if an invalid signature is mixed into aggregation, the aggregate signature becomes invalid. In this case, it is necessary to identify the invalid signature. Furthermore, we need to deal with a situation where an invalid sensor generates invalid signatures probabilistically. In this paper, we introduce a model of aggregate signature schemes with interactive tracing functionality that captures such a situation, and define its functional and security requirements and propose aggregate signature schemes that can identify all rogue sensors. More concretely, based on the idea of Dynamic Traitor Tracing, we can trace rogue sensors dynamically and incrementally, and eventually identify all rogue sensors of generating invalid signatures even if the rogue sensors adaptively collude. In addition, the efficiency of our proposed method is also sufficiently practical.
Secret sharing
On Private Information Retrieval Supporting Multi-dimensional Range Queries
Private information retrieval (PIR) allows a client to retrieve data from a database without the database server learning what data is being retrieved. Although many PIR schemes have been proposed in the literature, almost all of these focus on retrieval of a single database element, and often consider a one-dimensional array as the database used for retrieval. However, databases and query types used in the real world are more complex. In this paper, we define rigorous security models for PIR schemes supporting multi-dimensional range queries, and then propose secure constructions based on function secret sharing.
Constructive t-secure Homomorphic Secret Sharing for Low Degree Polynomials
(Poster : in English)
This paper proposes t-secure homomorphic secret sharing schemes for low degree polynomials. Homomorphic secret sharing is a cryptographic technique to outsource the computation to a set of servers while restricting some subsets of servers from learning the secret inputs. Prior to our work, at Asiacrypt 2018, Lai, Malavolta, and Schroder proposed a 1-secure scheme for computing polynomial functions. They also alluded to t-secure schemes without giving explicit constructions; constructing such schemes would require solving set cover problems, which are generally NP-hard. Moreover, the resulting implicit schemes would require a large number of servers. In this paper, we provide a constructive solution for threshold-t structures by combining homomorphic encryption with the classic secret sharing scheme for general access structure by Ito, Saito, and Nishizeki. Our scheme also quantitatively improves the number of required servers from O(t^2) to O(t), compared to the implicit scheme of Lai et al. We also suggest several ideas for future research directions.
Load evaluation of Proof-of-Verification
(Poster : in English)
Bitcoin, a cryptocurrency on blockchain, maintains its soundness by successive block generation. Block generation offers a reward for success on a first-come-first-served basis. It consumes a huge computational cost, so block generation triers (miners) have an incentive to skip other computations. A block contains many transaction data of coins, whose validity check, especially signature verification needs cryptographic calculations and can be the first skip target. To address this issue, a method called "Proof-of-Verification" (PoV) was proposed, which can indicate signatures in the block have been verified. We introduce the load evaluation of PoV.
Coin Transfer Unlinkability under Subjective Privacy Adversary Model
Unlinkability is a crucial property of cryptocurrencies that protects users from deanonymization attacks. However, existing anonymous cryptocurrency do not necessarily attain unlinkability, particularly under specified conditions. In this paper, to analyze an unlinkability of existing anonymous cryptocurrencies, we formally define an unlinkability and a privacy adversary model in cryptocurrencies called "subjective privacy adversary model." On these theoretical bases, we define an abstract model of blockchain-based cryptocurrencies called "coin transfer system," and an unlinkability called "coin transfer unlinkability (CT-unlinkability)." Furthermore, we introduce a zero-knowledge property into the coin transfer system to propose a proving method to easily prove the CT-unlinkability of existing anonymous cryptocurrency protocols, e.g., Zerocash.
Automatically Appending Execution Stall/Stop Prevention to Vanilla Script Engines
Malware (malicious software) widely uses an anti-analysis technique that stalls/stops execution with exceptions and unnecessary loops during analysis. This is generally prevented by detecting and skipping execution stall/stop based on the observation of executed instructions and execution context. However, for malicious scripts, developing such a mechanism is difficult because it requires observation of unknown virtual machines (VMs) with unknown instructions and construction of CFGs/CGs. To address this problem, in this study, we propose an approach that automatically appends execution stall/stop prevention to vanilla script engines. It first analyzes the target script engine VM for observing and controlling its execution context. It then analyzes the instruction set architecture of the VM for building a control-flow graph with unknown bytecode. With these steps, it appends the code that detects and skips the execution stall/stop. Through the experiments, we proved that our approach could indeed prevent the anti-analysis technique.
Network Security
A Study on Automated Penetration Testing for Web Applications Using Deep Reinforcement Learning
Penetration testing is said to be one of the most effective ways to counter cyber-attacks, as it actually conducts a simulated attack on the target environment to discover vulnerabilities that could lead to an intrusion. However, it requires well-trained personnel and is very costly. As a countermeasure, we proposed to improve efficiency by using deep reinforcement learning. First, a simulated environment is created based on the existing versions of 15 well-known web applications and publicly available exploits, and a task is set up to find exploits that adapt to the versions. We then apply deep reinforcement learning using the PPO algorithm to this task and show that the trained agent can find the correct exploit. Next, we create a simulated environment that introduces the efficacy of a number of tools that are not only exploit and the concept of state transitions, and apply deep reinforcement learning in the same way to study the efficacy of deep reinforcement learning in the more complex field of penetration testing.
Research on Darknet De-anonymization Methods
Darknet is a generic term for overlay networks constructed by anonymous communication systems such as Tor, I2P, etc. We introduce existing research on de-anonymization methods for Tor-constructed darknet and recent changes to Tor specifications.

IIS Open House 2022, Matsuura Lab.