Atsuko MiyajiOsaka University | Handai
Atsuko Miyaji
Doctor of Science
About
300
Publications
34,967
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,828
Citations
Introduction
Skills and Expertise
Publications
Publications (300)
The widespread use of IoT devices is expected to enable the collection and utilization of a variety of data, including personal health information. For example, we could provide our personal information for machine learning operated by an external server, which in return detects signs of illness. However, it is necessary to protect privacy of perso...
The eBPF (Berkeley Packet Filter) in the Linux OS is a virtual machine for injecting user-space programs written in C language inside the Linux kernel, to perform a range of network processing functions, by attaching them to kernel level hooks such as system calls. Despite being a revolutionary replacement to in-kernel programming and being increas...
ChaCha is a stream cipher introduced by Daniel Bernstein as a variant of Salsa20. Since the release of ChaCha, it has received the attention of many researchers as it has been widely deployed. In this study, we derive a new linear approximation for ChaCha with a higher probability bias. In addition, we found a combination of input/output difference...
This paper studies the advanced methodologies of differential cryptanalysis with a particular emphasis on higher-order differentials and higher-order differential-linear cryptanalysis, along with their application to the ChaCha stream cipher. The study focuses on the impact of higher-order differential cryptanalysis on different rounds of the ChaCh...
Commitment schemes are cryptographic schemes that can be applied to zero-knowledge proof construction and blockchain construction. Recently, lattice-based cryptography has been intensively investigated due to the promising potential in quantum cryptography. Accordingly, commitment schemes based on lattice assumptions have been studied for practical...
The preservation of privacy during the learning phase of machine learning is challenging. There are two methods to achieve privacy-preserving machine learning: adding noise to machine-learning model parameters, which is often selected for its higher accuracy; and executing learning using noisy data, which is preferred for privacy. Recently, a Scala...
End-to-end encryption (E2EE) is widely used in instant messaging applications to protect data privacy. Forward secrecy (FS) and post-compromised security (PCS) are two essential features that aim to protect security when the session keys are compromised. Among E2EE applications, Signal is known for being the first one that guarantees FS and PCS con...
Multi-signatures are protocols that allow multiple signers to produce a joint signature on the same message. They are used in areas such as blockchains for cryptocurrencies. In recent years, multi-signature schemes have been proposed in lattice-based cryptography as well as pairing-based cryptography but there are currently no multi-signature schem...
Ring signature allows a signer to generate a signature on behalf of a set of public keys, while a verifier can verify the signature without identifying who the actual signer is. In Crypto 2021, Yuen et al. proposed a new type of ring signature scheme called DualRing. However, it lacks forward security. The security of DualRing cannot be guaranteed...
Blockchain plays an important role in distributed file systems, such as cryptocurrency. One of the important building blocks of blockchain is the key-value commitment scheme, which constructs a commitment value from two inputs: a key and a value. In an ordinal commitment scheme, a single user creates a commitment value from an input value, whereas,...
Group signatures allow users to sign messages on behalf of the group without prevealing their identities. However, the opening authority can trace signatures back to their source, raising concerns about privacy. To address this issue, Sakai et al. proposed a cryptographic primitive called Group Signature with Message-Dependent Opening (GS-MDO), whi...
The recent decision by the National Institute of Standards and Technology (NIST) to standardize lattice-based cryptography has further increased the demand for security analysis. The Ring-Learning with Error (Ring-LWE) problem is a mathematical problem that constitutes such lattice cryptosystems. It has many algebraic properties because it is consi...
Theoretically secure cryptosystems, digital signatures may not be secure after being implemented on Internet of Things (IoT) devices and PCs because of side-channel attacks (SCA). Because RSA key generation and ECDSA require GCD computations or modular inversions, which are often computed using the binary Euclidean algorithm (BEA) or binary extende...
This paper introduces significant improvements over the existing cryptanalysis approaches on Salsa20 and ChaCha stream ciphers. For the first time, we reduced the attack complexity on Salsa20/8 to the lowest possible margin. We introduced an attack on ChaCha7.25. It is the first attack of its type on ChaCha7.25/20. In our approach, we studied diffe...
During a network scanning, identifying the operating system (OS) running on each network attached host has been a research topic for a long time. Researchers have developed different approaches through network analysis using either passive or active techniques, such techniques are commonly called “OS fingerprinting”. According to best security prac...
An accumulator is a cryptographic protocol that compresses a set of inputs into a short string of a certain size and can efficiently prove that the compressed set contains a particular input element. Accumulators have been actively studied in recent years and are used to streamline various protocols such as membership rosters, zero-knowledge proofs...
Even theoretically secure cryptosystems, digital signatures, etc. may not be secure after being implemented on the Internet of Things (IoT) devices and PCs because of Side-Channel Attack (\(\text{ SCA }\)). Since RSA key generation and ECDSA need \(\text{ GCD }\) computations or modular inversions, which are often computed by Binary Euclidean Algor...
Social media (SM) has become a primary communication tool in the modern world, with an ever-increasing volume of users. Many SM users use anonymous nicknames as their public usernames. However, Zhang et al. (2018) were able to demonstrate an attack that can identify users from the contents of their posts. This attack is caused by the fact that two...
An auction is commonly used to sell limited resources in modern society.
M
+ 1st-price auction sells
M
identical goods to
B
bidders. The top
M
winners can buy the goods at the
M
+1st-price. Each bidder sends their bids secretly as a bit-slice bidding vector to a trusted manager. Bit-slice is commonly used to compare secret values without...
Cloud computing has been widely applied in data storage, but cloud computing is not armed with an efficient integrity check mechanism for users to learn whether their large volumes of data have been kept intact by the cloud. The concept of proofs of retrievability (PoR) was introduced to address such an issue by enabling users to check the integrit...
Elliptic curve cryptography (ECC) is a typical public key cryptography technique that can ensure equivalent security with considerably smaller key sizes than Rivest-Shamir-Adleman (RSA). Hence, various implementations based on ECC are recommended for block chain and Internet of Things (IoT) devices. Because elliptic curve scalar multiplication (ECS...
Since the beginning of the Covid-19 Pandemic, Contact Tracing Apps have been implemented in many countries as a way to detect if someone has been in contact with a patient within a minimum amount of time. However, most existing solutions only consider users in pairs. Since many people meet at the same time in real-life scenarios, those applications...
This study focuses on differential cryptanalysis of the ChaCha stream cipher. In the conventional approach, an adversary first searches for an input/output differential pair with the highest differential bias and then analyzes the probabilistic neutral bits (PNB) based on the obtained input/output differential pair. However, although the time and d...
This paper focuses on the differential cryptanalysis of the Salsa20 stream cipher. The existing differential cryptanalysis approaches first study the differential bias of the Salsa20 stream cipher and then search for probabilistic neutral bits (PNBs). However, the differential bias and the set of PNBs obtained in this method are not always the opti...
\(M+1\)st-price auction, also called Vickrey auction, is a type of sealed-bid auction to sell M identical goods. B bidders secretly choose a bid. The top M bidders can buy the goods at the \(M+1\)st bidding price. In previous research, a trusted manager is commonly used to decide the \(M+1\)st bidding price from these sealed ones and the top M bidd...
Policy-based chameleon hash is a useful primitive for blockchain rewriting systems. It allows a user to create a mutable transaction associated with an access policy, whereas a modifier who possesses sufficient rewriting privileges from a trusted authority satisfying the access policy can rewrite the mutable transaction. However, it lacks a revocat...
BACKGROUND
By integrating data corresponding to individuals between databases managed by different institutions, big data useful for epidemiological research can be obtained. It is a requirement that privacy information is protected while performing efficient data matching at a high level.
OBJECTIVE
Privacy-Preserving Distributed Data Integration...
Background
Big data useful for epidemiological research can be obtained by integrating data corresponding to individuals between databases managed by different institutions. Privacy information must be protected while performing efficient, high-level data matching.
Objective
Privacy-preserving distributed data integration (PDDI) enables data match...
We present the first constant-round, tree-based, group key exchange protocol based on SIDH with logarithmic-order communication and memory complexity, where the only previous isogeny-based group key exchange, SIBD, has linear-order communication and memory complexity. We call our protocol the supersingular isogeny tree-based group key exchange (SIT...
A commitment scheme is a fundamental protocol and an essential component of basic cryptographic tasks, such as zero-knowledge identification. In recent years, lattice-based cryptography has been intensively studied owing to its potential to be promising post-quantum cryptography. Therefore, the commitment schemes based on lattice assumption have be...
In an M+1st-price auction, all bidders submit their bids simultaneously, and the M highest bidders purchase M identical goods at the M+1st bidding price. Previous research is constructed based on trusted managers such as a trusted third party (TTP), trusted mix servers, and honest managers. All of the previous auctions are not fit for edge-assisted...
Low output locality is a property of functions, in which every output bit depends on a small number of input bits. In IoT devices with only a fragile CPU, it is important for many IoT devices to cooperate to execute a single function. In such IoT’s collaborative work, a feature of low output locality is very useful. This is why it is desirable to r...
We present the first constant round, multicast, authenticated tree-based R-LWE group key exchange protocol with logarithmic communication and memory complexity. Our protocol achieves post-quantum security through a reduction to a Diffie–Hellman-like analogue to the decisional R-LWE problem. We also present a sequential version with constant memory...
Elliptic curve cryptography (ECC) is one of promising cryptosystems in embedded systems as it provides high security levels with short keys. Scalar multiplication is a dominating and time-consuming process that ensures security in ECC. We implement hardware modules for generic ECC over 256-bit prime fields on field-programmable gate array (FPGA). T...
In 1985, Miller and Koblitz independently introduced elliptic curve cryptosystems, a type of public key cryptosystem. Elliptic curve cryptosystems use the fact that elliptic curves become a group to realize an ID-based cryptosystem for the first time, by applying a bilinear map on an elliptic curve. Furthermore, in recent years, isogenies on ellipt...
Isogeny-based cryptography, such as commutative supersingular isogeny Diffie-Hellman (CSIDH), have been shown to be promising candidates for post-quantum cryptography. However, their speeds have remained unremarkable. This study focuses on computing odd-degree isogeny between Montgomery curves, which is a dominant computation in CSIDH.
Our proposed...
The rapid proliferation of Radio Frequency Identification (RFID) tags in the past decade has made tremendous impact on our daily lives. As part of Internet of Things (IoT), RFID technology ensures an efficient, secure and reliable system to identify tagged objects in supply chain environment such as manufacturing, automotive and healthcare. Several...
This paper presents new key correlations of the keystream bytes generated from RC4 and their application to plaintext recovery on WPA-TKIP. We first observe new key correlations between two bytes of the RC4 key pairs and a keystream byte in each round, and provide their proofs. We refer to these correlations as iterated RC4 key correlations since t...
A huge number of documents such as news articles, public reports, and personal essays have been released on websites and social media. Once documents containing privacy-sensitive information are published, the risk of privacy breaches increases, thus requiring very careful review of documents prior to publication. In many cases, human experts redac...
We propose a group key exchange compiler using any two-party key exchange for which the shared key space is the subset of a group and whose security reduces to a decisional hard problem, such that the security of the group key exchange relies on the security of the two-party key exchange and, in turn, the hardness of the underlying decisional probl...
Isogeny-based cryptography, such as commutative supersingular isogeny Diffie-Hellman (CSIDH), has been shown to be promising candidates for post-quantum cryptography. However, their speeds have remained unremarkable. For example, computing odd-degree isogenies between Montgomery curves is a dominant computation in CSIDH. To increase the speed of th...
We present the first constant-round, multicast, tree-based Ring-LWE group key exchange protocol with logarithmic communication and memory complexity. Our protocol achieves post-quantum security through a reduction to a Diffie-Hellman-like decisional analogue to the decisional Ring-LWE problem. We also present a sequential, multicast, tree-based Rin...
Elliptic curve cryptosystems (ECCs) are widely used because of their short key size. ECCs can ensure sufficient security with shorter keys, using less memory to reduce parameters. Hence, ECCs are typically used in IoT devices. The dominant computation of an ECC is scalar multiplication $Q = kP$ for $P \in E(\mathbb{F}_q)$. Thus, the security and ef...
Elliptic curve cryptography (ECC) can ensure an equivalent security with much smaller key sizes. Elliptic curve scalar multiplication (ECSM) is a fundamental computation used in ECC. This paper focuses on ECSM resisting simple power attack and safe error attack of side-channel attack specifically. Elliptic curve complete addition (CA) formulae can...
In the age of information and communications technology (ICT), not only collecting data but also using such data is provided in various services. It is necessary to ensure data privacy in such services while providing efficient computation and communication complexity. In this paper, we propose the first interval test designed according to the noti...
In this chapter, we describe two security primitives for big data utilization. One is a privacy-preserving data integration among databases distributed in different organizations. This primitive integrates the same data among databases kept in different organizations while keeping any different data in an organization secret to other organizations....
In this chapter, we describe the analysis of security basis. One is the analysis of elliptic curve discrete logarithm problem (ECDLP). ECDLP is one of the public-key cryptosystems that can achieve a short key size but it is not a post-quantum cryptosystem. Another is analysis to learning with error (LWE), which is a post-quantum cryptosystem and ha...
In this chapter, we introduce data anonymization techniques for several types of datasets. Data anonymity of anonymized datasets is an index for estimating the (maximum) reidentification risk from anonymized datasets and is generally defined as a quantitative index based on adversary models. The adversary models are implicitly defined according to...
RFID enable applications are ubiquitous in our society, especially become more and more important as IoT management rises. Meanwhile, the concern of security and privacy of RFID is also increasing. The pseudorandom number generator is one of the core primitives to implement RFID security. Therefore, it is necessary to design and implement a secure...
Time-sequence data is high dimensional and contains a lot of information, which can be utilized in various fields, such as insurance, finance, and advertising. Personal data including time-sequence data is converted to anonymized datasets, which need to strike a balance between both privacy and utility. In this paper, we consider low-rank matrix fa...
Akiyama, Goto, Okumura, Takagi, Nuida and Hanaoka introduced an indeterminate equation analogue of learning with errors (IE-LWE) problem as a new computationally hard problem and constructed a candidate of post-quantum cryptosystem, called “Giophantus”. Giophantus satisfies the indistinguishability under chosen plaintext attack (IND-CPA) if IE-LWE...
This open access book describes the technologies needed to construct a secure big data infrastructure that connects data owners, analytical institutions, and user institutions in a circle of trust. It begins by discussing the most relevant technical issues involved in creating safe and privacy-preserving big data distribution platforms, and especia...
The security of elliptic curve cryptography is closely related to the computational complexity of the elliptic curve discrete logarithm problem (ECDLP). Today, the best practical attacks against ECDLP are exponential-time generic discrete logarithm algorithms such as Pollard's rho method. A recent line of inquiry in index calculus for ECDLP started...
Elliptic curve cryptosystems (ECCs) are widely used because of their short key size. They can ensure enough security with shorter keys, and use less memory space to reduce parameters. Hence, an elliptic curve is typically used in embedded systems. The dominant computation of an ECC is scalar multiplication \(Q = kP, P \in E({\mathbb F}_{q})\). Thus...
In Asiacrypt 2016, Guo, Johansson, and Stankovski presented a reaction attack against QC-MDPC McEliece. In their attack, by observing the difference in failure rates for various sets \(\varPhi _d\) of error vectors, the attacker obtains the distances between 1’s in the secret key and can thus recover the whole secret key. While the attack appears t...
An RFID ownership transfer protocol enables a tag owner to transfer the ownership of the tag to a new owner. While there have been a large number of such protocols in the literature, designing secure and efficient protocols remains a challenging task. In this paper, we propose a scalable and secure RFID ownership transfer protocol that can be deplo...
This paper investigates key correlations of the keystream generated from RC4, and then presents significant improvements for a plaintext recovery attack on WPA-TKIP from the attack by Isobe et al. at FSE 2013. We first discuss newly discovered key correlations between 2 bytes of the RC4 key and a keystream byte in each round. Such correlations are...
Recent advances of the Internet of Things (IoT) technologies have enhanced the use of radio-frequency identification-based tracking system to be widely deployed in supply chain management covering every step involved in the flow of merchandise from the supplier to the customer to ensure a trustworthy delivery environment. Such authentication system...
This paper describes a secure data collection infrastructure involving standardized electronic medical record (EMR) storage and Private Set Intersection, a secure data collection technology based on Bloom filter. The objective of this infrastructure is to facilitate rapid secondary use of exported EMR data in cross-patient or cross-institutional an...
Cloud computing is a distributed computation model over a large pool of shared and virtualized computing resources, such as storage, processing power, applications and services. It has received considerable attention from the research communities and the industry due to its practicality This kind of new computing represents a vision of providing co...
Security, privacy and data integrity are the critical issues in Big Data application of IoT-enable environment and cloud-based services. There are many upcoming challenges to establish secure computations for Big Data applications. Authenticated encryption (AE) plays one of the core roles for Big Data’s confidentiality, integrity, and real-time sec...
Oblivious Random Access Machine (ORAM) constructions can be used to hide a client’s access pattern from a trusted but curious storage server. The privacy provided comes at the cost of increasing communication overhead, storage overhead, and computation overhead of the system. Recursive Matrixbased ORAM (RM-ORAM) is a new ORAM construction which is...
Medical data are often maintained by different organizations. However, detailed analyses sometimes require these datasets to be integrated without violating patient or commercial privacy. Multiparty Private Set Intersection (MPSI), which is an important privacy-preserving protocol, computes an intersection of multiple private datasets. This approac...