|
Encryption Scheme
|
|
Updatable Encryption Resilient to Encryption/Update Randomness Leakage
|
|
Updatable encryption (UE) allows a third-party server to update outsourced encrypted data without exposing keys or plaintext. The server can update ciphertexts to ones under a new key using an update token provided by the client. UE can realize efficient key rotation and is effective against key compromise. The standard security notions of UE capture the property that even if keys or update tokens are compromised, the confidentiality of messages is maintained by the key update and ciphertext update. In general, the randomness used in the encryption and ciphertext update algorithms must be kept secret in the same way as the keys. On the other hand, while key compromise is considered in existing security notions, randomness compromise is not. In this paper, we define a new security notion for UE, IND-UE-R security, that is resilient to the compromise of randomness used to generate or update ciphertexts. Furthermore, we prove that the UE construction RISE (EUROCRYPT'18) satisfies our proposed security notion.
|
|
Acceleration of the polynomial multiplication used in Learning With Errors
|
|
Due to the appearance of quantum computers, post-quantum cryptography will be used instead of currently used public-key cryptography. Many problems are proposed for the realization of post-quantum cryptography. Especially, Learning With Errors (LWE) is often among them. In many cases, polynomial multiplication is used in LWE. In order to calculate it quickly, an algorithm called the Number Theorem Transform (NTT) is used. Fast calculations are necessary in order to apply LWE practically. For such reasons, acceleration of NTT is important, and there are actually many studies that accelerate it. We propose the acceleration method of NTT based on the value of modulo in this research.
|
|
Attacks on Privacy of Private Information Retrieval (PIR) Schemes and Its Countermeasure
|
|
Private Information Retrieval (PIR) allows clients to search data in a database on some server while keeping the index they want to retrieve hidden from the server. Existing PIR schemes satisfy privacy, i.e., the server cannot learn where clients searched from the received queries as long as the server runs honestly. However, the server does not always run honestly (e.g., network failures may occur). In this work, we revisit the privacy of PIR, especially when we consider that servers do arbitrary actions.
|
|
Signature Scheme
|
Constraints and Evaluations on Signature Transmission Interval for Aggregate Signatures with Interactive Tracing
(Poster : in Japanese)
|
|
Fault-tolerant aggregate signature (FT-AS) is a special type of aggregate signature that is equipped with the functionality for tracing signers who generated invalid signatures in the case an aggregate signature is detected as invalid. In existing FT-AS schemes (whose tracing functionality requires multi-rounds), a verifier needs to send a feedback to an aggregator for efficiently tracing the invalid signer(s). However, in practice, if this feedback is not responded to the aggregator in a sufficiently past and timely manner, the tracing process will fail. Therefore, it is important to estimate whether this feedback can be responded and received in time on a real system. In this work, we measure the total processing time required for the feedback by implementing an existing FT-AS scheme, and evaluate whether the scheme works without problems in real systems. We further propose a novel FT-AS scheme that does not require any feedback. We also implement our new scheme.
|
|
Cryptocurrency/Blockchain
|
Load evaluation of Proof-of-Verification
(Poster : in English)
|
|
Bitcoin, a cryptocurrency on blockchain, maintains its soundness by successive block generation. Block generation offers a reward for success on a first-come-first-served basis. It consumes a huge computational cost, so block generation triers (miners) have an incentive to skip other computations. A block contains many transaction data of coins, whose validity check, especially signature verification needs cryptographic calculations and can be the first skip target. To address this issue, a method called "Proof-of-Verification" (PoV) was proposed, which can indicate signatures in the block have been verified. We introduce the load evaluation of PoV.
|
|
Scam Token Detection Based On Static Analysis Before Contract Deployment
|
|
In recent years, the number of crimes involving smart contracts has increased. In particular, fraud using tokens, such as rug-pull, has become an unignorable issue in the field of decentralized finance because a lot of users have been scammed. Therefore, constructing a detection system for scam tokens is an urgent need. Existing methods are based on machine learning, and they use transaction and liquidity data as features. However, they cannot completely remove the risk of being scammed because these features can be extracted after scam tokens are deployed to the blockchain. In this paper, we propose a scam token detection system based on static analysis. In order to detect scam tokens before deployment, we utilize code-based data, such as bytecodes and opcodes, because they can be obtained before contract deployment. Since N-gram includes information regarding the order of code sequences and scam tokens have a specific order of code-based data, we adopt N-gram of them as features. Furthermore, for the purpose of achieving high detection performance, each feature is categorized into a scam-oriented feature or a benign-oriented one to make differences in the values of feature vectors between scam and benign tokens. Our results show the effectiveness of code-based data for detection by achieving a higher F1-score compared to the methods of another field of fraud detection in Ethereum based on code-based data. In addition, we also confirmed that the position of effective code for detection is near the start position of runtime code in our experiments.
|
|
Lightweight Decentralized Timestamp with Joint-Signatures
|
|
In decentralized trustless data utilization, evidence (log) management and verification play a crucial role in assessing the reliability of other users (nodes). For secure evidence management, permissionless blockchains do not assume trust in a third-party community, which makes them highly verifiable. However, they require computational resources and usage fees. We propose a new protocol, DT-DAG, that enables to verify data through graph traversal of joint-signatures by introducing lightweight local chains between users. DT-DAG allows users to maintain and use an evidence management system by managing only lightweight local chains using their resources (e.g., smartphones), thereby eliminating the need for fees for using external ones. Users can also verify the existence of the evidence through permissionless joint-signature verification. Our implementation of the proposed protocol using IPFS as an example framework acts as a proof-of-concept, confirming the feasibility of the DT-DAG in a local environment.
|
|
Combining Malicious Reorg Attacks with Partitioning Attack against Ethereum 2.0
|
|
Attacks against the consensus-layer of a blockchain are a serious attack that undermines its security. Malicious block reorg attacks in Ethereum 2.0 have been proposed in previous research. However, the method proposed in the previous study has a high execution cost and is not feasible. If this attack can be constructed at a lower cost, it is more likely that an attacker will use the technique to carry out the attack, so this research aims to find a method to realize this attack at a lower cost from such an attacker's point of view and propose a defense method in advance, thereby contributing to design more secure systems. Specifically, we consider combining partitioning attack, one of the attacks in the network layer, to realize a malicious block reorg attacks at a lower cost.
|
|
Network Security
|
|
An Overlay Communication System for Traffic Confirmation Attack Against Tor Hidden Services
|
|
Tor hidden services are services hosted on the Tor network. The IP addresses of theses services are hidden by onion routing. Previous research has shown that traffic confirmation attack methods can reveal IP addresses of hidden services. However, the methods are subject to false positives when multiple entities use the same method. In this research, we propose an overlay communication system on the Tor network to confirm the sender of signals in a traffic confirmation attack.
|
|