BAGUS SANTOSO
| Department of Computer and Network Engineering | Associate Professor |
| Cluster II (Emerging Multi-interdisciplinary Engineering) | Associate Professor |
Researcher Information
Field Of Study
Career
- 01 Oct. 2015 - 30 Sep. 2020
University of Electro-Communications, Department of Computer and Network Engineering, Assistant Professor - 01 Oct. 2011 - 29 Sep. 2015
Agency for Science Technology and Research (A*STAR), Institute for Infocomm Research, Research Scientist I - 01 Apr. 2009 - 29 Sep. 2011
National Institute of Advanced Industrial Science and Technology, 情報セキュリティ研究センター, 特別研究員
Research Activity Information
Award
Paper
- Revisiting the Soundness of 5-Pass Identification Scheme
Daigo Kuroki; Kaoru Takemure; Bagus Santoso
Last, ISEC2023-81, 123, 424, 44-51, Mar. 2024
Symposium, Japanese - Public-Key Identification Scheme Based on a New NP-Hard Tensor Problem
Akitaka Yokota; Bagus Santoso
Last, ISEC2023-89, 123, 424, 94-101, Mar. 2024
Symposium, Japanese - A Proposal to Improve the Accuracy of BKW Algorithm
Yuto Ko; Bagus Santoso
Last, IEICE Technical Report, IT2023-41, 123, 338, 62-67, Jan. 2024
Symposium, Japanese - More Efficient Two-Round Multi-Signature Scheme with Provably Secure Parameters for Standardized Elliptic Curves
Kaoru TAKEMURE; Yusuke SAKAI; Bagus SANTOSO; Goichiro HANAOKA; Kazuo OHTA
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Institute of Electronics, Information and Communications Engineers (IEICE), Oct. 2023, Peer-reviwed
Scientific journal, English - A Framework for Shannon Ciphers under Side-Channel Attacks: a Strong Converse and More
Yasutada Oohama; Bagus Santoso
IEEE International Symposium on Information Theory, ISIT 2022, IEEE, CFP22SIF-ART, 1, 862-867, 26 Jun. 2022, Peer-reviwed, In this paper, we propose a general framework of source encryption with a symmetric key under the side-channel attacks, which applies to any source encryption with a symmetric key and any kind of side-channel attacks targeting the secret key. We also propose a new security criterion for strong secrecy under side-channel attacks, which is a natural extension of mutual information, i.e., the maximum conditional mutual information between the plaintext and the ciphertext given the adversarial key leakage, where the maximum is taken over all possible plaintext distribution. Under this new criterion, we successfully formulate the rate region, which serves as both necessary and sufficient conditions to have secure transmission even under side-channel attacks.
International conference proceedings, English - New Post-Quantum Digital Signature Scheme based on MinRank Problem
Bagus Santoso; Yasuhiko Ikematsu; Shuhei Nakamura; Takanori Yasuda
2022 Symposium on Cryptography and Information Security (SCIS 2022), 2022, 2A5-1, 1-8, 18 Jan. 2022, In Asiacrypt 2001, Courtois proposed the first
three-pass zero-knowledge identification (ID) scheme
based on the MinRank problem. However, in Courtois’basic ID scheme, the cheating probability, i.e., the
success probability of cheating prover, is 2/3, which is
larger than half. Based on our modification [3] of Curtois’ ID scheme into a three-pass ID scheme with cheating probability of 1/2, we propose a new digital signature scheme based on MinRank problem. Our scheme
is constructed based on the Fiat-Shamir paradigm for
post-quantum lossy ID scheme which are proposed by
Kiltz et al. at Eurocrypt 2018. Therefore, our scheme
also inherits the provable security under chosen message attacks against quantum adversaries.
Symposium, English - MinRank Based Three-Pass Identification Scheme with Half Cheating Probability
Bagus Santoso; Yasuhiko Ikematsu; Shuhei Nakamura; Takanori Yasuda
Computer Security Symposium 2021 (CSS 2021), 2021, 3E2-3, 1-8, 26 Oct. 2021, In Asiacrypt 2001, Courtois proposed the first three-pass zero-knowledge identification (ID)
scheme based on the MinRank problem. However, in Courtois’ basic ID scheme, the cheating probabil-
ity, i.e., the success probability of cheating prover, is 2/3, which is larger than half. Although Courtois
also proposed a variant scheme which is claimed to have half cheating probability, the security of the variant
scheme is not formally proven and it requires another hardness assumption on a specific one-way function and
also an additional assumption that verifier always generates challenges according to a specific distribution.
In this paper, we propose the first three-pass zero-knowledge ID scheme based on the MinRank problem with
the cheating probability of exactly half even with only two-bit challenge space, without any additional as-
sumption. Our proposed ID scheme reduces the necessary number of rounds in order to achieve the targeted
security level against impersonation.
Symposium, English - Strong Converse for Distributed Source Coding with Encryption Using Correlated Keys
Yasutada Oohama; Bagus Santoso
2021 IEEE Information Theory Workshop (ITW), Institute of Electrical and Electronics Engineers (IEEE), ITW, 2021, 1-6, 17 Oct. 2021, Peer-reviwed, We pose and investigate the distributed secure source coding based on the common key cryptosystem. This cryptosystem includes the secrecy amplification problem for distributed encrypted sources with correlated keys using post-encryption-compression, which was previously studied by Santoso and Oohama. In this paper we propose another new security criterion which is generally more strict compared with the commonly used security criterion based on the upper bound of mutual information between the plaintext and the ciphertext. Under this criterion, we establish the necessary and sufficient conditions for the secure transmission of correlated sources.
International conference proceedings, English - Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers
Kaoru Takemure; Yusuke Sakai; Bagus Santoso; Goichiro Hanaoka; Kazuo Ohta
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Institute of Electronics, Information and Communication Engineers, E104-A, 9, 65-84, Sep. 2021, Peer-reviwed, In this paper, we introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the
impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility
result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of
the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao’s scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.
Scientific journal, English - Security Analysis on an El-Gamal-like Multivariate Encryption Scheme Based on Isomorphism of Polynomials
Yasuhiko Ikematsu; Shuhei Nakamura; Bagus Santoso; Takanori Yasuda
Information Security and Cryptology, 17th International Conference, Inscrypt 2021, Springer International Publishing, LNCS 13007, 1, 235-250, 11 Aug. 2021, Peer-reviwed, At PQC 2020, Santoso proposed a problem originated from IP2S, which is called block isomorphism of polynomials with circulant matrices (BIPC) problem. The BIPC problem is obtained by linearizing IP2S and restricting secret linear maps to linear maps represented by circulant matrices. Using the commutativity of products of circulant matrices, Santoso also proposed an El-Gamal-like encryption scheme based on the BIPC problem. In this paper, we give a new security analysis on the El-Gamal-like encryption scheme. In particular, we introduce a new attack (called linear stack attack) which finds an equivalent key of the El-Gamal-like encryption scheme by using the linearity of the BIPC problem.
International conference proceedings, English - Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers.
Kaoru Takemure; Yusuke Sakai 0001; Bagus Santoso; Goichiro Hanaoka; Kazuo Ohta
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 104-A, 9, 1188-1205, 2021
Scientific journal - Revisiting the IND-CPA Security of LWE Encryption Scheme
Takahiro Arai; Bagus Santoso; Kaoru Takemure
IEICE Technical Report, IEICE, 120, 320, 271-276, Jan. 2021, In this paper, we propose a new simpler security notion which is
equivalence to the standard IND-CPA notion,
and based on the newly proposed security notion, we construct a new algorithm to attack
the IND-CPA security of LWE encryption scheme. The constructed
attack algorithm is an extension of the attack algorithm against
Compact-LWE proposed by Bootle et al. in CT-RSA'18 which is applied
to LWE encryption scheme. We perform a machine experiment to test
the performance of our proposed attack against
LWE encryption scheme which is instantiated
with $30$-bit security parameters.
The machine experiment shows that the complexity of the newly constructed attack algorithm is approximately $O(2^{23})times T$, where $T$ is
the complexity of the lattice reduction algorithm.
Symposium, Japanese - An Introduction to Provable Secure Post-Quantum Cryptography
Bagus Santoso
Technical Report of IEICE, IEICE, QIT, 1-6, Dec. 2020, Public key cryptographic schemes are essential to guarantee the security of network communication over an untrusted communication channel. However, it has been proven theoretically that quantum computers have the ability to efficiently break all current standard public-key cryptographic schemes. Moreover, the research on developing practical quantum computers has been gaining momentum in recent years. Therefore, there is an urging demand to construct or discover post-quantum public-key cryptographic schemes, i.e., public key cryptographic schemes which are still secure even in the presence of quantum computers.
In this presentation, we explain the general paradigm for constructing post-quantum public-key cryptographic schemes. As a concrete example, we show how to construct a public-key digital signature scheme based on a computational problem called isomorphism of polynomials with two secrets (IP2S) and explain how to prove the security of the scheme against quantum adversaries.
Symposium, English - Generalization of Isomorphism of Polynomials with Two Secrets and Its Application to Public Key Encryption
Bagus Santoso
Post-Quantum Cryptography - 11th International Conference, PQCrypto 2020, Springer, LNCS, 12100, 340-359, 15 Apr. 2020, Peer-reviwed, Most of the public key encryption (PKE) schemes based on multivariate quadratic polynomials rely on Hidden Field Equation (HFE) paradigm. However, most of HFE based schemes have been broken in only several years just after their introduction. In this paper, we propose an alternative paradigm for constructing PKE based on multivariate quadratic polynomials. At the heart of our proposal is a new family of computational problems based on the generalization of Isomorphism of Polynomials with Two Secrets (IP2S) problem. The main computational problem in the new family is proven as hard as the original IP2S problem and is more robust, in the sense that we can associate it with circulant matrices as solutions without degrading its computational hardness too much, in contrast to the original IP2S problem which immediately becomes easy as soon as it is associated with circulant matrices. By associating it to circulant matrices, we obtain a Diffie-Hellman like structure which allows us to have an El-Gamal like PKE scheme.
International conference proceedings, English - Secrecy Amplification of Distributed Encrypted Sources With Correlated Keys Using Post-Encryption-Compression
Bagus Santoso; Yasutada Oohama
IEEE Transactions on Information Forensics and Security, IEEE, 14, 11, 3042-3056, Nov. 2019, Peer-reviwed
Scientific journal, English - Information Theoretic Security for Broadcasting of Two Encrypted Sources under Side-Channel Attacks
Bagus Santoso; Yasutada Oohama
Entropy, MDPI, 21, 8, 781, Aug. 2019, Peer-reviwed
Scientific journal, English - Secure Broadcasting of Two Encrypted Sources under Side-Channel Attacks
Bagus Santoso; Yasutada Oohama
IEEE International Symposium on Information Theory, ISIT 2019, IEEE, 2019, 305-309, 07 Jul. 2019, Peer-reviwed
International conference proceedings, English - Information Theoretic Security for Shannon Cipher System under Side-Channel Attacks
Bagus Santoso; Yasutada Oohama
Entropy, MDPI, 21, 5, 469, May 2019, Peer-reviwed
Scientific journal, English - A New Family of Isomorphism of Polynomials and Its Application to Public Key Encryption Scheme
BAGUS SANTOSO
IEICE Technical Report, IEICE, 118, 478, 33-38, 07 Mar. 2019
Symposium, English - 任意の環におけるイデアル格子問題に基づいた本人確認方式
竹牟禮 薫; バグス サントソ
IEICE Technical Report, 信学技報, 118, 478, 39-44, Mar. 2019, イデアル格子問題に基づいた本人確認方式は、多くの方式がRing-SIS問題やRing-LWE問題を基にして構築されている。これらの方式のほとんどは、構築時に扱う多項式環$mathbb{Z}_q[{bf x}]/langle {bf f} rangle$について、用いるモニック既約多項式${bf f}$を明確に示す必要がある。この場合、安全性は具体的に設定した${bf f}$ただ一つについてしか証明されない。2016年にLyubashevskyによって提案された電子署名方式は、安全性が${bf f}$の次数のみに依存し、構築時に具体的な${bf f}$を設定する必要がなく、安全性を複数の${bf f}$で保障できる。本研究では、Lyubashevskyの方式をベースに新たな本人確認方式を提案した。また、concurrent active attack上のなりすましに対して安全と証明するために、安全性証明の根拠となる困難性の仮定として、既存研究でLyubashevskyが導入した多項式環$mathbb{Z}_q[{bf x}]$上のRing-SIS問題を参考に、多項式環$mathbb{Z}_q[{bf x}]$上の衝突問題を導入した。
Symposium, Japanese - Measuring Security of Symmetric Encryption Schemes Against On-the-Fly Side-Channel Key-Recovery Attacks
Bagus Santoso; Yasutada Oohama; Chunhua Su
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11928 LNCS, 3-17, 2019, Peer-reviwed, © 2019, Springer Nature Switzerland AG. In this paper, we propose a framework to analyze the security of symmetric encryption schemes against an adversary which attempts to recover the secret key by mounting side-channel attacks. In our adversarial side-channel model, the adversary is allowed to eavesdrop the public communication channel to obtain the ciphertexts and to collect on-the-fly some information about the secret keys of the scheme via measurement of certain physical phenomenon induced by the physical device, when the device is running the encryption process. Based on our framework, we derive the maximum success probability of the adversary to recover the secret keys. Our analysis does not assume any computation or storage limitation on the adversary and uses the bandwidths of the public communication channel and side-channel as the parameters. Hence, our results apply even in the case of quantum adversaries. Though in our framework the adversary does not have full control of the physical device, our framework is entirely independent of the type of physical phenomenon observed by the adversary and also of the method used by the adversary, which is interesting in its own right.
International conference proceedings - A New Identification Scheme based on Syndrome Decoding Problem with Provable Security against Quantum Adversaries.
Bagus Santoso; Chunhua Su
J. UCS, 25, 3, 294-308, 2019, Peer-reviwed
Scientific journal, English - A New Three-Pass Code-based Zero-Knowledge Identification Scheme with Cheating Probability of Exactly Half
Bagus Santoso
International Symposium on Information Theory and Its Applications (ISITA), ISITA2018, Tu-PM-1-2, 2-2, 28 Oct. 2018, Peer-reviwed
International conference proceedings, English - Post Encryption Compression with Affine Encoders for Secrecy Amplification in Distributed Source Encryption with Correlated Keys
Bagus Santoso; Yasutada Oohama
International Symposium on Information Theory and Its Applications (ISITA), ISITA2018, We-PM-2-4, 1-1, 28 Oct. 2018, Peer-reviwed
International conference proceedings, English - Entanglement Between Hash Encodings and Signatures from ID Schemes with Non-binary Challenges: A Case Study on Lightweight Code-Based Signatures
Bagus Santoso; Taiyo Yamaguchi; Tomoyuki Ohkubo
Information Security Practice and Experience - 14th International Conference, ISPEC 2018, Springer, LNCS, 11125, 248-262, 25 Sep. 2018, Peer-reviwed
International conference proceedings, English - Extension of Easy-to-Understand Structure for Chosen-Ciphertext-Attack Security from Decisional Diffie-Hellman Assumption
Daisuke Ueda; Bagus Santoso
IEICE-ISEC2018-59, IEICE, IEICE-ISEC2018-59, IEICE-118, 43-50, 07 Sep. 2018
Symposium, English - Information Theoretical Analysis of Side-Channel Attacks to the Shannon Cipher System
Yasutada Oohama; Bagus Santoso
IEEE International Symposium on Information Theory - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2018-, 581-585, 15 Aug. 2018, We study side-channel attacks for the Shannon cipher system. To pose side channel-attacks to the Shannon cipher system, we regard them as a signal estimation via encoded data from two distributed sensors. This can be formulated as the one helper source coding problem posed and investigated by Ahlswede, Korner(1975), and Wyner(1975). We further investigate the posed problem to derive new secrecy bounds. Our results are derived by a coupling of the result Watanabe and Oohama(2012) obtained on bounded storage eavesdropper with the exponential strong converse theorem Oohama(2015) established for the one helper source coding problem.
International conference proceedings, English - Reviving identification scheme based on isomorphism of polynomials with two secrets: A refined theoretical and practical analysis
Bagus Santoso
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Institute of Electronics, Information and Communication, Engineers, IEICE, E101A, 5, 787-798, 01 May 2018, Peer-reviwed, The isomorphism of polynomials with two secret (IP2S) problem is one candidate of computational assumptions for post-quantum cryptography. The idea of identification scheme based on IP2S is firstly introduced in 1996 by Patarin. However, the scheme was not described concretely enough and no more details are provided on how to transcribe the idea into a real-world implementation. Moreover, the security of the scheme has not been formally proven and the originally proposed security parameters are no longer secure based on the most recent research. In this paper, we propose a concrete identification scheme based on IP2S with the idea of Patarin as the starting point. We provide formal security proof of the proposed scheme against impersonation under passive attack, sequential active attack, and concurrent active attack. We also propose techniques to reduce the implementation cost such that we are able to cut the storage cost and average communication cost to an extent that under parameters for the standard 80-bit security, the scheme is implementable even on the lightweight devices in the current market. key words: post-quantum cryptography, Isomorphism of Polynomials, multivariate cryptography, identification scheme, zero knowledge proof.
Scientific journal, English - Provably Secure Code-Based Signature Schemes via Fiat-Shamir Transform with Theoretical and Practical Analysis on Hash Encodings
Taiyo Yamaguchi; Bagus Santoso
IEICE Technical Report, IEICE, IEICE-117, 202, 35-42, 04 Sep. 2017
Symposium, English - New Public Key Encryption Scheme based on Code and Multivariate Polynomials in Binary Field
Tomoyuki Ohkubo; Bagus Santoso
IEICE Technical Report, IEICE, IEICE-117, no.202, 29-33, 28 Aug. 2017
Symposium, Japanese - Privacy Amplification of Distributed Encrypted Sources with Correlated Keys
Bagus Santoso; Yasutada Oohama
IEEE International Symposium on Information Theory, IEEE, 1-5, 26 Jun. 2017, Peer-reviwed
International conference proceedings, English - Provable Secure Signature Scheme against Quantum Adversaries based on Decisional Isomorphism of Polynomials with Two Secrets
Bagus Santoso
TECHNICAL REPORT OF IEICE, 信学技報, 116, 505, 149-154, 02 Mar. 2017
Symposium, English - Universally Composable RFID Mutual Authentication
Chunhua Su; Bagus Santoso; Yingjiu Li; Robert H. Deng; Xinyi Huang
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, IEEE COMPUTER SOC, 14, 1, 83-94, Jan. 2017, Peer-reviwed, Universally Composable (UC) framework provides the strongest security notion for designing fully trusted cryptographic protocols, and it is very challenging on applying UC security in the design of RFID mutual authentication protocols. In this paper, we formulate the necessary conditions for achieving UC secure RFID mutual authentication protocols which can be fully trusted in arbitrary environment, and indicate the inadequacy of some existing schemes under the UC framework. We define the ideal functionality for RFID mutual authentication and propose the first UC secure RFID mutual authentication protocol based on public key encryption and certain trusted third parties which can be modeled as functionalities. We prove the security of our protocol under the strongest adversary model assuming both the tags' and readers' corruptions. We also present two (public) key update protocols for the cases of multiple readers: one uses Message Authentication Code (MAC) and the other uses trusted certificates in Public Key Infrastructure (PKI). Furthermore, we address the relations between our UC framework and the zero- knowledge privacy model proposed by Deng et al. [1].
Scientific journal, English - Provable secure post-quantum signature scheme based on isomorphism of polynomials in quantum random oracle model
Bagus Santoso; Chunhua Su
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Lecture Notes in Computer Science, 10592 LNCS, 271-284, 2017, Peer-reviwed, © 2017, Springer International Publishing AG. Since a quantum adversary is supposed to be able to perform hash computation with superposition of the quantum bits, it is natural that in random oracle model, the reduction algorithm for security proof should allow the quantum adversary to query random oracle in superposition of quantum bits. However, due to physical nature of quantum states, any observation on a superposition of quantum bits will be noticed by quantum adversaries. Hence, to simulate the true random oracle, the reduction algorithm has to answer the queries without observing their content. This makes the classical reduction algorithms fail to properly perform rewinding and random oracle programming against quantum adversaries and it has been shown recently that several signature schemes generated by Fiat-Shamir transformation might be insecure against quantum adversaries although they have been proven secure in classical setting against classical adversaries. In this paper, we propose a method to construct reduction algorithm without rewinding of quantum adversary and such that the random oracle programming is unnoticeable by the quantum adversary except with negligible probability. We show the feasibility of our method by applying it on signature scheme generated via Fiat-Shamir transformation of an identification scheme whose security is based on the decisional problem of isomorphism of polynomials with two secrets.
International conference proceedings, English - Refining identification scheme based on isomorphism of polynomials with two secrets: A new theoretical and practical analysis
Bagus Santoso
AsiaPKC 2016 - Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, Co-located with Asia CCS 2016, Association for Computing Machinery, Inc, ASIAPKC, 31-38, 30 May 2016, Peer-reviwed, The isomorphism of polynomials with two secret (IP2S) problem is one candidate of computational assumptions for postquantum cryptography. The only identification scheme based on IP2S is introduced in 1996 by Patarin. However, the security of the scheme has not been formally proven and we discover that the originally proposed parameters are no longer secure based on the most recent research. In this paper, we present the first formal security proof of identification scheme based on IP2S against impersonation under passive attack, sequential active attack, and concurrent active attack. We propose new secure parameters and methods to reduce the implementation cost. Using the proposed methods, we are able to cut the storage cost and average communication cost in a drastic way that the scheme is implementable even on the lightweight devices in the current market.
International conference proceedings, English - Revisiting Isomorphism of Polynomials with Two Secrets
Bagus Santoso
TECHNICAL REPORT OF IEICE, The Institute of Electronics, Information and Communication Engineers, 115, 501, 67-74, 03 Mar. 2016, The isomorphism of polynomials with two secret (IP2S) problem is one candidate of computational assumptions for post-quantum cryptography. In 1996, Patarin introduced the identification scheme based on IP2S problem
in the form of interactive zero-knowledge proof. However, the security of the scheme is not entirely clear since the
scheme has not been formally proven secure against adversarial scenarios towards identification scheme.
In this paper, we propose a new identification scheme which is essentially a generalization of the Patarin’s identification
scheme. In the new scheme, the prover may have a secret key with a public restricted format. In order to accommodate this new scheme, we extend the IP2S problem into a more general problem and prove the security of the new
scheme against impersonation under passive, sequential active, and concurrent active attacks. We propose new secure
parameters and several methods to reduce the implementation cost. Using the proposed methods, we successfully
obtain huge cuts on the storage cost and average communication cost which opens the possibility of implementation
of the proposed scheme on lightweight devices.
Symposium, English - Revisiting Isomorphism of Polynomials with Two Secrets: towards a Shorter Zero Knowledge Protocol
Bagus Santoso
2016 Symposium on Cryptography and Information Security, 1D1-4, 1-6, 19 Jan. 2016
Symposium, English - An Efficient Authentication for Lightweight Devices by Perfectiong Zero-Knwoledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
IEICE Trans. Fundamentals, E94-A, 1, 92-103, Jan. 2011
Scientific journal, English - Improving Efficiency of An 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgenes
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
Proc. RSA Conference 2010, LNCS, 5985, 284-301, Mar. 2010
International conference proceedings, English
Lectures, oral presentations, etc.
- Card-Based Interactive Protocol Based on Partial Latin Square Completion Problem
Taichi Yaguchi; Bagus Santoso; Akitaka Yokota
Oral presentation, Japanese, Symposium on Cryptography and Information Security 2024
25 Jan. 2024
23 Jan. 2024- 26 Jan. 2024 - New NP-Complete Morphism of Polynomials Problem Based Identification Scheme
横田 明卓; 竹牟禮 薫; Bagus Santoso
Oral presentation, Symposium on Cryptography and Information Security 2023 (SCIS 2023)
25 Jan. 2023
24 Jan. 2023- 27 Jan. 2023 - New Post-Quantum Digital Signature Scheme based on MinRank Problem
Bagus Santoso; Yasuhiko Ikematsu; Shuhei Nakamura; Takanori Yasuda
Oral presentation, English, 2022 Symposium on Cryptography and Information Security (SCIS 2022), Domestic conference
18 Jan. 2022 - MinRank Based Three-Pass Identification Scheme with Half Cheating Probability
Bagus Santoso; Yasuhiko Ikematsu; Shuhei Nakamura; Takanori Yasuda
Oral presentation, English, Computer Security Symposium 2021 (CSS 2021), In Asiacrypt 2001, Courtois proposed the first three-pass zero-knowledge identification (ID)
scheme based on the MinRank problem. However, in Courtois’ basic ID scheme, the cheating probabil-
ity, i.e., the success probability of cheating prover, is 2/3, which is larger than half. Although Courtois
also proposed a variant scheme which is claimed to have half cheating probability, the security of the variant
scheme is not formally proven and it requires another hardness assumption on a specific one-way function and
also an additional assumption that verifier always generates challenges according to a specific distribution.
In this paper, we propose the first three-pass zero-knowledge ID scheme based on the MinRank problem with
the cheating probability of exactly half even with only two-bit challenge space, without any additional as-
sumption. Our proposed ID scheme reduces the necessary number of rounds in order to achieve the targeted
security level against impersonation., Domestic conference
26 Oct. 2021 - Shannonワンタイムパッド暗号に置ける秘匿性の必要十分条件の再考察
和田一生; バグス サントソ
Oral presentation, Japanese, 2020 暗号と情報セキュリティシンポジウム, Domestic conference
31 Jan. 2020 - 事前通信モデルにおけるペアリングを用いない集約署名
竹牟禮 薫; 坂井 祐介; Bagus Santoso; 花岡 悟一郎; 太田 和夫
Oral presentation, Japanese, 2020 Symposium on Cryptography and Information Security, Domestic conference
29 Jan. 2020 - 単純な構造をもった公開鍵暗号方式の単純化
上田 大輔; バグス サントソ
Oral presentation, Japanese, 2020 暗号と情報セキュリティシンポジウム, Domestic conference
28 Jan. 2020 - Concurrently Secure Identification Schemes Based on the Hardness of Ideal Lattice Problems in all Rings and a General Simulatable Sampling
Kaoru Takemure; Bagus Santoso
Poster presentation, English, SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS (SITA) 2019, Domestic conference
26 Dec. 2019 - Post-Quantum Cryptography for Internet of Things (IoT): Next Generation Cryptography for Next Generation Network
Bagus Santoso
Invited oral presentation, English, ECTI-UEC Workshop, Invited, International conference
06 Sep. 2019 - LWE暗号の計算機における安全性評価
荒井嵩博; バグス サントソ
Poster presentation, Japanese, SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS (SITA) 2019, International conference
24 Jan. 2019 - A New Family of Isomorphism of Polynomials and Its Applications to Public Key Encryption Scheme
BAGUS SANTOSO
Oral presentation, English, 2019 Symposium on Cryptography and Information Security, In this paper, we propose a new family of computational problems based on a generalization of Isomorphism of Polynomials with Two Secrets (IP2S) problem. Our generalized problem is as hard as the original IP2S problem and provides more freedom on setting the structure and the size of the solutions. Since IP2S problem is supposed to be hard against quantum adversaries, our generalized problem is also supposed to be hard against quantum adversaries. Furthermore, we develop several new computational problems derived from the generalized problem and based on these derived problems, we propose a new paradigm to construct public key cryptographic scheme and identification scheme by making use the commutative property of circulant matrices. The robustness of our proposed problems allows us to use them with circulant matrices without degrading the hardness of the problems too much, in contrast to the original IP2S problem which becomes easy when it is used with circulant matrices., Domestic conference
24 Jan. 2019 - Another Look at One-More Discrete Logarithm Problem in Generic Model
BAGUS SANTOSO
Oral presentation, English, 2019 Symposium on Cryptography and Information Security, Domestic conference
23 Jan. 2019 - 符号ベース暗号方式と多変数多項式ベース暗号方式を組み合わせた暗号方式の構築法
大久保 智之; バグス サントソ
Oral presentation, Japanese, 2019暗号と情報セキュリティシンポジウム, ICICS 2015で安田らは多変数多項式ベース暗号方式SRPを提案した。暗号方式SRPは、多変数多項式ベース暗号方式Squareを、多変数多項式ベース署名方式Rainbowを暗号方式に応用したRainbow-Plus(RP)構造と組み合わせたものである。しかし、暗号方式SRPは、SAC 2017でPerlnerらが提案したMin-Q-Rank攻撃によって破られた。PQCrypto 2018で池松らは多変数多項式べース暗号HFEをRP構造と組み合わせた暗号方式HFERPを提案した。単体の暗号方式HFEはMin-Q-Rankによって破られているにも関わらず、暗号方式HFERPは実験でMin-Q-Rank攻撃に対して安全であると示された。本研究は、RP構造を暗号方式の安全性強化手法とみなし、符号ベース暗号方式McElieceとRP構造を組み合わせた新たな暗号方式McEliece-RPを提案した。提案方式に対してグレブナー基底攻撃を行い、攻撃時間とグレブナー基底の計算におけるDegree of Regularityを計測し、グレブナー基底攻撃に対する安全性を評価した。, Domestic conference
22 Jan. 2019 - 任意の環におけるイデアル格子問題に基づいた本人確認方式
竹牟禮 薫; バグス サントソ; 荒井 嵩博
Oral presentation, Japanese, 2019年暗号と情報セキュリティシンポジウム, イデアル格子問題を基にした方式には,主に Ring-SIS 問題や Ring-LWE 問題が用いられる が,これらは多項式環 Zq[x]/f 上で扱われる.また,これらの問題の難しさは f-SVP 問題の難しさに よって保証されているが,多項式環の設定時に選ぶ多項式 f によってその難しさは変動する.多くの多 項式 f によって方式の安全が保証されていれば便利であり,2016 年に Lyubashevsky は任意の環におけ るイデアル格子問題を基にした電子署名方式を提案した.本研究では,Lyubashevsky の方式をベースに 新たな本人確認方式を提案した.ただし,本研究では安全性証明の効率を向上するために,安全性証明 における困難性の仮定として,既存研究で Lyubashevsky が導入した任意の環上の Ring-SIS 問題の代わ りに,任意の環のイデアル格子の衝突問題を使用した.提案方式は,concurrent active attack 上のなり すましに対して安全と証明された, Domestic conference
22 Jan. 2019 - Code-based Identification Scheme with Security against Quantum Adversaries under Fully Concurrent Active Attacks
BAGUS SANTOSO
Oral presentation, English, SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS (SITA) 2018, Domestic conference
19 Dec. 2018 - Quantum Communications, Quantum Computers and Cryptography
BAGUS SANTOSO
Public discourse, Japanese, 14th Honjo International Foundation Workshop, Invited, 本庄国際財団, 東京, The advance of science so far has taken us to an era of information society where we can collect, distribute, and process a tremendous amount of information for our use in daily life. Meanwhile, the recent advance in physics has enabled us to control the matter even in the quantum level and this ability has given birth new technologies, i.e., quantum computers and quantum communication.
Researchers have also discovered that although new quantum technologies give us the ability to improve the quality of
information processing and communication, these technologies have also brought us dire threats in the security and privacy
of information. In a nutshell, almost all standard technologies for protecting our security and privacy can be broken efficiently
by quantum computers!
In this talk, we will discuss the two faces of these new quantum technologies: the benefits and the security threats brought by
these new quantum technologies for information and communication. Additionally, we give a brief introduction to the close
relationship between the progress of information technologies and information security, and also the speaker's specialty, i.e.,
post-quantum cryptography.
10 Nov. 2018 - Distributed Privacy Amplification of Encrypted Multiple Sources with Correlated Keys
Yasutada Oohama; Bagus Santoso
Oral presentation, English, 第39回情報理論とその応用シンポジウム, 電子情報通信学会, Domestic conference
14 Dec. 2016 - Revisiting Isomorphism of Polynomials with Two Secrets: towards a Shorter Zero Knowledge Protocol
BAGUS SANTOSO
Oral presentation, English, Domestic conference
19 Jan. 2016
Courses
- Fundamentals of Computer and Network Engineering
Apr. 2022 - Present
The University of Electro-Communications - Probability and Statistics
2024
The University of Electro-Communications - Topics in Mathematical Informatics I
Chiba University - 情報数理学特論 I
千葉大学 - 情報・ネットワーク工学専攻基礎
電気通信大学 - 確率統計
電気通信大学 - 情報通信工学実験
The University of Electro-Communications - 情報通信工学実験
電気通信大学
Affiliated academic society
Research Themes
- IoT社会の高度化に必要な多端子情報理論と暗号理論を柱とした安全通信理論の構築
Yasutada Oohama
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research, The University of Electro-Communications, Grant-in-Aid for Scientific Research (B), IoTの急速な進歩により,悪意を持った第三者(以後敵と記す)のハードウェア攻撃とよばれる暗号系への物理的アクセスが高度化かつ多様化し,秘密情報漏えいの危険性が著しく増大している.本研究は,この問題の根本的解決に挑む.具体的には多端子情報理論と暗号理論を基盤として IoT 環境下での情報漏えいの理論的モデルを構築する.このモデルに基づき,敵から想定される最大級の攻撃を受けた場合も,既存暗号系を変更せずに秘密情報の漏れを防止し,安全通信を維持できるための理論的条件と維持の具体的方法とを与える.理論結果の導出では,研究代表者が開発した独自の手法を更に発展させた手法を用いる.また,理論の検証と実用化への見通しを目的として,IoT 環境下における暗号通信系を実システムあるいは計算機上の仮想システムとして実現して通信実験を行う., 18H01438
01 Apr. 2018 - 31 Mar. 2023 - New Paradigm to Construct Public Key Cryptographic Schemes for Lightweight Devices with Provable Security against Quantum Attackers
BAGUS SANTOSO
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research, The University of Electro-Communications, Grant-in-Aid for Scientific Research (C), Public Key Cryptographic (PKC) schemes are an essential technology to build secure communication in networks. However, it has been proven that quantum computers can break all current standard PKC schemes, and moreover, the research on developing practical quantum computers has been gaining momentum in recent years. The main goal of this proposed research is to develop a new paradigm based on (1) computational problems in the binary field which are hard even for quantum computers, and (2) a new framework for proving security against quantum computers, to overcome those flaws and then use it to construct new PKC schemes which require small costs for implementation and are equipped with concrete security proof against quantum computers. As application target, we expect that the results of this project can be applied to secure communication between lightweight devices against quantum computers in networks comprising a large variety of devices such as the Internet of Things (IoT)., 18K11292
01 Apr. 2018 - 31 Mar. 2022
