理学学士, 早稲田大学

理学修士, 早稲田大学

理学博士, 早稲田大学

Cryptography / Information theoritic security / common key cryptosystem / information theory/ private key cryptosystem quantum calculation / public key cryptosystem / Authentication / Exhaustive search /

1997 - 31 Mar. 2013
早稲田大学理工学部, 非常勤講師

Apr. 2001
電気通信大学, 教授

Apr. 1979 - 31 Mar. 2001
日本電信電話公社横須賀電気通信研究所

Oct. 1995 - Sep. 1998
電気通信大学大学院情報システム学研究科, 客員教授

Mar. 1979
Waseda University, Graduate School, Division of Science and Engineering, 数学専攻

Mar. 1977
Waseda University, Faculty of Science and Engineering, 数学科

Mar. 1973
早稲田大学高等学院

Jul. 2019 - Mar. 2021
委員, 暗号技術検討会（総務省・情報流通行政局）, 暗号技術を客観的に評価し，高度な信頼性および安全性に支えられた電子政府の構築に貢献する

Jul. 2017 - Mar. 2019
委員長, 暗号技術評価委員会（情報通信研究機構，情報処理推進機構）

Jul. 2017 - Mar. 2019
委員, 暗号技術検討会（総務省・情報流通行政局）, 暗号技術を客観的に評価し，高度な信頼性および安全性に支えられた電子政府の構築に貢献する

Oct. 2016 - Mar. 2017
委員, 重点課題検討タスクフォース（総務省・情報流通行政局）, 当該タスクフォースの使命は，日本の暗号政策に関する議論を踏まえて，情報システム全体のセキュリティ基盤に必要となるCRYPTRECの活動方向を議論することである．

Apr. 2016 - Mar. 2017
委員長, 暗号技術評価委員会（情報通信研究機構，情報処理推進機構）

Apr. 2016 - Mar. 2017
委員, 暗号技術検討会（総務省・情報流通行政局）, 暗号技術を客観的に評価し，高度な信頼性および安全性に支えられた電子政府の構築に貢献する

Oct. 2015 - Mar. 2016
委員, 重点課題検討タスクフォース（総務省・情報流通行政局）, 当該タスクフォースの使命は，日本の暗号政策に関する議論を踏まえて，情報システム全体のセキュリティ基盤に必要となるCRYPTRECの活動方向を議論することである．

Apr. 2015 - Mar. 2016
委員長, 暗号技術評価委員会（情報通信研究機構，情報処理推進機構）

Apr. 2015 - Mar. 2016
委員, 暗号技術検討会（総務省・情報流通行政局）, 暗号技術を客観的に評価し，高度な信頼性および安全性に支えられた電子政府の構築に貢献する

Apr. 2015 - Sep. 2015
委員, CRYPTRECの在り方に関する検討グループ（総務省・情報流通行政局）, 当該グループの使命は，日本の暗号政策に関する議論を踏まえて，情報システム全体のセキュリティ基盤に必要となるCRYPTRECの活動方向を議論することである．

Apr. 2014 - Mar. 2015
委員, 暗号技術検討会（総務省・情報流通行政局）, 暗号技術を客観的に評価し，高度な信頼性および安全性に支えられた電子政府の構築に貢献する

Apr. 2013 - Mar. 2015
委員, 暗号技術評価委員会（情報通信研究機構，情報処理推進機構）

Apr. 2013 - Mar. 2015
委員, 暗号技術調査ワーキンググループ（情報通信研究機構，情報処理推進機構）

Apr. 2013 - Mar. 2014
委員, 暗号技術検討会（総務省・情報流通行政局）, 暗号技術を客観的に評価し，高度な信頼性および安全性に支えられた電子政府の構築に貢献する

May 2009 - May 2013
顧問, 情報セキュリティ研究専門委員会（電子情報通信学会）

Apr. 2012 - Mar. 2013
委員, 暗号技術検討会（総務省）

Apr. 2011 - Mar. 2013
委員, 暗号技術調査ワーキンググループ（情報通信研究機構，情報処理推進機構）

Apr. 2011 - Mar. 2012
委員, 暗号技術検討会（総務省）

May 2009 - May 2011
代議員, 基礎・境界ソサイエティ（電子情報通信学会）

Apr. 2010 - Mar. 2011
委員, 暗号技術検討会（総務省）

Jul. 2006 - 2011
委員, 先導的情報セキュリティ人材育成推進委員会（文部科学省）, 先導的ITスペシャリスト育成推進プログラムは大学間および産学の壁を越えて潜在能力を終結し，教育内容・体制を強化するとことにより，社会情勢の変化に先見性を持って対応できるIT人材を育成するためのプログラム（）文部科学省主管）であり，活動している委員会は情報セキュリティ人材育成を担当している．

Apr. 2009 - Mar. 2010
委員, 暗号技術検討会（総務省）, 安全性及び信頼性の高い電子政府の構築や電子署名等の電子認証の普及を実現するための，情報セキュリティ技術の基盤をなす暗号技術について，客観的な評価や標準化に貢献する．

May 2008 - May 2009
委員長, 情報セキュリティ研究専門委員会（電子情報通信学会）, ISEC研究会

Apr. 2008 - Mar. 2009
委員, 暗号技術検討会（総務省）

Apr. 2007 - Mar. 2009
委員, 暗号技術監視委員会（情報通信研究機構，情報処理推進機構）

2009 - 2009
英文論文誌 基礎・境界 暗号と情報セキュリティ 小特集号編集委員長, 電子情報通信学会, Society

May 2006 - May 2008
副委員長, 情報セキュリティ研究専門委員会（電子情報通信学会）, Society

Apr. 2007 - Mar. 2008
委員, 暗号技術検討会（総務省）

Apr. 2006 - Mar. 2007
委員, 暗号技術検討会（総務省）

May 2002 - May 2006
専門委員, 情報セキュリティ研究専門委員会（電子情報通信学会）, Society

16 Dec. 2004 - 31 Mar. 2006
委員, 情報セキュリティサポートメンバー会議（情報通信研究機構，情報処理推進機構）

2006
電子情報通信学会 ソサイエティ論文誌編集委員会 査読委員, 電子情報通信学会, Society

2003 - 2004
英文論文誌 基礎・境界 暗号と情報セキュリティ 小特集号編集委員, 電子情報通信学会, Society

Apr. 2002 - Mar. 2003
専門評価委員, 「戦略的情報通信研究開発推進制度」（総務省）

2001 - 2001
論文誌編集委員会基礎グループ主査, 情報処理学会, Society

1999 - 2000
論文誌編集委員会基礎グループ 副査, 情報処理学会, Society

1998 - 1999
副委員長, 情報セキュリティ研究専門委員会（電子情報通信学会）, Society

1998 - 1998
英文論文誌 基礎・境界 暗号と情報セキュリティ 小特集号編集委員, 電子情報通信学会, Society

1997 - 1998
「数理科学の産業応用」調査研究部会 幹事, 日本応用数理学会, Society

1993 - 1997
和文論文誌 基礎・境界, 電子情報通信学会, Society

1995 - 1996
英文論文誌 基礎・境界 暗号と情報セキュリティ 小特集号編集委員, 電子情報通信学会, Society

1989 - 1993
学会誌編集委員, 情報処理学会, Society

1987 - 1991
情報規格調査会SC27/WG2, 幹事, 情報処理学会, Society

Oct. 2018
IEEE Information Theory Society Japan Chapter
IEEE Information Theory Society Japan Chapter Young Researcher Best Paper Award, Y. Watanabe;Y. Kuroki;S. Suzuki;Y. Koga;M. Iwamoto;K. Ohta
International society

Mar. 2018
社団法人 電子情報通信学会
証明可能理論を核とした暗号基盤技術の研究
一般社団法人 電子情報通信学会 フェロー
Others

Mar. 2012
情報セキュリティ文化賞審査委員会, 日本電信電話株式会社電気通信研究所および電気通信大学において長年にわたり暗号の安全性評価や暗号プロトコルを中心とした基盤研究を推進し多くの実績をあげられ、特にハッシュ関数MD5を利用した認証プロトコルAPOPの現実的な脆弱性を指摘し安全な電子メールの利用環境構築に寄与されたことに加え、優秀な情報セキュリティ研究者・技術者の育成・輩出にも尽力されるなど、わが国の情報セキュリティ技術の進展に多大な貢献をされたこと。
第8回「情報セキュリティ文化賞」
情報セキュリティ文化賞

May 2010
社団法人 電子情報通信学会
平成21年度 電子情報通信学会論文賞

May 2008
独立行政法人 情報処理推進機構, 電子メールの認証プロトコルとしてよく使われているAPOPの脆弱性について、脆弱性関連情報届出制度に従って届け出を行い、危険性を指摘するとともに、当面の対策研究を迅速に行い、安全な電子メールの利用環境構築に寄与した。 同氏の指摘は、改めてハッシュ関数MD5の危殆化がユーザに及ぼす影響について焦点を当て、暗号アルゴリズム世代交代の重要性に関する議論を活性化し、情報セキュリティの向上に貢献した。
第4回 IPA賞（情報セキュリティ部門）
情報処理推進機構

Dec. 1995
NTT社内表彰
電子現金方式
NTT研究開発本部長 特許発明賞
Others

May 1993
公開鍵認証方式に関する研究
電子情報通信学会業績賞

May 1993
公開鍵認証方式に関する研究
電子情報通信学会小林記念特別賞

Nov. 1991
NTT社内表彰
ディジタル署名方式と電子印鑑方式「ESIGN」の研究開発
NTT研究開発技術本部長 研究開発賞
Others

Efficient Private PEZ Protocols for Symmetric Functions,
Yoshiki Abe; Mitsugu Iwamoto; Kazuo Ohta
Theory of Cryptography Conference (TCC2019), Lecture Note in Computer Science, Springer Verlag, LNCS, Dec. 2019, Peer-reviwed
International conference proceedings, English

How to improve the private PEZ protocol for general functions,
Yoshiki Abe; Mitsugu Iwamoto; Kazuo Ohta
Advances in Information and Computer Security - The 14th International Workshop on Security (IWSEC2019), poster session, Aug. 2019, Peer-reviwed
International conference proceedings, English

Single-Round Pattern Matching Key Generation Using Physically Unclonable Function
Y. Komano; K. Ohta; K. Sakiyama; M. Iwamoto; I. Verbauwhede
Security and Communication Networks, Wiley, 0, 0, 0, Jan. 2019, Peer-reviwed
Scientific journal, English

Multi-Party Computation for Modular Exponentiation based on Replicated Secret Sharing
K. Ohara; Y. Watanabe; M. Iwamoto; K. Ohta
IEICE Trans. Fundam. Electron. Commun Comput. Sci., 00-00, 2019, Peer-reviwed
Scientific journal, English

Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology
Kazuma Ohara; Keita Emura; Goichiro Hanaoka; Ai Ishida; Kazuo Ohta; Yusuke Sakai
IEICE Trans. Fundam. Electron. Commun Comput. Sci., 00-00, 2019, Peer-reviwed
Scientific journal, English

Security formalizations and their relationships for encryption and key agreement in information-theoretic cryptography
Mitsugu Iwamoto; Kazuo Ohta; Junji Shikata
IEEE Transactions on Information Theory, Institute of Electrical and Electronics Engineers Inc., 64, 1, 654-685, 01 Jan. 2018, Peer-reviwed, This paper analyzes the formalizations of information-theoretic security for the fundamental primitives in cryptography: symmetric-key encryption and key agreement. Revisiting the previous results, we can formalize information-theoretic security using different methods, by extending Shannon’s perfect secrecy, by information-theoretic analogues of indistinguishability and semantic security, and by the frameworks for composability of protocols. We show the relationships among the security formalizations and obtain the following results. First, in the case of encryption, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy or a variant of information-theoretic indistinguishability is the strongest notion. Second, in the case of key agreement, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy is the strongest notion. In particular, in both encryption and key agreement, the formalization of composable security is not stronger than any other formalizations. Furthermore, as an application of the relationships in encryption and key agreement, we simultaneously derive a family of lower bounds on the size of secret keys and security quantities required under the above formalizations, which also implies the importance and usefulness of the relationships.
Scientific journal, English

Four Cards Are Sufficient for a Card-Based Three-Input Voting Protocol Utilizing Private Permutations
Takeshi Nakai; Satoshi Shirouchi; Mitsugu Iwamoto; Kazuo Ohta
Information Theoretic Security - 10th International Conference, ICITS 2017, LNCS 10681, Springer-Verlag, 153-165, 29 Nov. 2017, Peer-reviwed
International conference proceedings, English

Application of Joux-Lucks Search Algorithm for Multi-Collisions to MicroMint
Y. Kamoshida; M. Iwamoto; K. Ohta
Advances in Information and Computer Security - 11th International Workshop on Security, IWSEC 2016, poster session, 12 Sep. 2016, Peer-reviwed
International conference proceedings, English

Constructions of dynamic and non-dynamic threshold public-key encryption schemes with decryption consistency
Yusuke Sakai; Keita Emura; Jacob C. N. Schuldt; Goichiro Hanaoka; Kazuo Ohta
THEORETICAL COMPUTER SCIENCE, ELSEVIER SCIENCE BV, 630, 5, 95-116, May 2016, Peer-reviwed, Dynamic threshold public-key encryption, proposed by Delerablee and Pointcheval (CRYPTO 2008), is an extension of ordinary threshold encryption which enables decryption servers to join the system even after the setup phase, and to choose the authorized set and the threshold of decryption dynamically. Delerablee and Pointcheval proposed the first dynamic threshold public-key encryption scheme, which they proved secure under a non-standard q-type assumption. However, decryption consistency, which is an important security property that guarantees uniqueness of decryption, even when a sender and decryption servers behave maliciously, is only shown to hold in the random oracle model. In this paper, we propose three threshold public-key encryption schemes. The first and second schemes are both dynamic schemes. The former achieves a relatively weaker variant of decryption consistency, while the latter achieves a strong variant thereof. The former is a generic construction from public-key encryption with non interactive opening (PKENO), while the latter is a specific construction from a standard number-theoretic assumption. These are the first constructions of dynamic public-key encryption, which achieve decryption consistency without relying on the random oracle model. Furthermore, both schemes can be realized based on standard assumptions. The third construction is a generic construction from PKENO achieving the strong variant of decryption consistency. This construction affirmatively answers the question indirectly posed by Galindo et al. (AFRICACRYPT 2010) of whether a generic construction achieving strong decryption consistency is possible. (C) 2016 Elsevier B.V. All rights reserved.
Scientific journal, English

Simple, Secure, and Efficient Searchable Symmetric Encryption with Multiple Encrypted Indexes
Takato Hirano; Mitsuhiro Hattori; Yutaka Kawai; Nori Matsuda; Mitsugu Iwamoto; Kazuo Ohta; Yusuke Sakai; Tatsuji Munaka
ADVANCES IN INFORMATION AND COMPUTER SECURITY, IWSEC 2016, SPRINGER INT PUBLISHING AG, 9836, Springer-Verlag, 91-110, 2016, Peer-reviwed, In searchable symmetric encryption (SSE), adding documents to a database is an indispensable functionality in real situations, and there are two approaches for executing the process: One approach is to update the encrypted index, and the other is to generate a new encrypted index. The former approach is called dynamic SSE, which has been extensively studied recently due to its importance. The latter approach has an advantage such that it can be directly applied to any existing SSE scheme without degrading its original functionalities, but previous methods are not satisfactory from a viewpoint of security, storage size, or efficiency. In this paper, we propose a simple document adding method that resolve the problem occurred in the latter approach. Our method is quite generic, and therefore can be applied to any existing SSE scheme (e.g. non-dynamic one with useful functionalities). Our key idea is to utilize publicly available information and hash chains in construction of encrypted indexes. In order to exhibit the ability of our method, we present a concrete scheme which is led by applying our method to the well-known and influential scheme SSE-2 ( ACM CCS 2006). Thanks to the simplicity of our method, the scheme can be easily proved secure under a naturally generalized setting of the most widely used security model.
International conference proceedings, English

Probabilistic Generation of Trapdoors: Reducing Information Leakage of Searchable Symmetric Encryption
Kenichiro Hayasaka; Yutaka Kawai; Yoshihiro Koseki; Takato Hirano; Kazuo Ohta; Mitsugu Iwamoto
CRYPTOLOGY AND NETWORK SECURITY, CANS 2016, SPRINGER INT PUBLISHING AG, 10052, Springer-Verlag, 350-364, 2016, Peer-reviwed, Searchable symmetric encryption (SSE) enables a user to outsource a collection of encrypted documents in the cloud and to perform keyword searching without revealing information about the contents of the documents and queries. On the other hand, the information (called search pattern) whether or not the same keyword is searched in each query is always leaked in almost all previous schemes whose trapdoors are generated deterministically. Therefore, reducing the search pattern leakage is outside the scope of almost all previous works. In this paper, we tackle to the leakage problem of search pattern, and study methodology to reduce this leakage. Especially, we discuss that it might be possible to reduce the search pattern leakage in cases where a trapdoor does not match any encrypted document. We also point out that the same search pattern is leaked regardless of probabilistic or deterministic generation of trapdoors when the user searches using a keyword which has already searched and matched a certain encrypted document. Thus, we further aim to construct SSE schemes with fast "re-search" process, in addition to reducing the search pattern leakage. In order to achieve the above, we introduce a new technique "trapdoor locked encryption" which can extract a deterministic trapdoor from a probabilistic trapdoor, and then propose a new SSE scheme which can generate trapdoors probabilistically and reduce the search pattern leakage. Our scheme is constructed by applying our technique to the well-known and influential scheme SSE-2 (ACM CCS 2006) and can be proved secure in the standard model.
International conference proceedings, English

Efficient Card-Based Cryptographic Protocols for Millionaires' Problem Utilizing Private Permutations
Takeshi Nakai; Yuuki Tokushige; Yuto Misawa; Mitsugu Iwamoto; Kazuo Ohta
CRYPTOLOGY AND NETWORK SECURITY, CANS 2016, SPRINGER INT PUBLISHING AG, 10052, Springer-Verlag, 500-517, 2016, Peer-reviwed, We propose several efficient card-based cryptographic protocols for the millionaires' problem by introducing a new operation called Private Permutation (PP) instead of the shuffle used in existing card-based cryptographic protocols. Shuffles are useful randomization techniques for designing card-based cryptographic protocols for logical gates, and this approach seems to be almost optimal. This fact, however, implies that there is room for improvements if we do not use logical gates as building blocks for secure computing, and we show that such an improvement is actually possible for the millionaires' problem. Our key technique, PP, is a natural randomization operation for permuting a set of cards behind the player's back, and hence, a shuffle can be decomposed into two PPs with one communication between them. Thus PP not only allows us to transform Yao's seminal protocol into a card-based cryptographic protocol, but also enables us to propose entirely novel and efficient protocols by securely updating bitwise comparisons between two numbers. Furthermore, it is interesting to remark that one of the proposed protocols has a remarkably deep connection to the well-known logical puzzle known as "The fork in the road".
International conference proceedings, English

A Limitation on Security Evaluation of Cryptographic Primitives with Fixed Keys
Yutaka Kawai(Mi; subishi Electric; Goichiro Hanaoka(National; Institute of; Advanced Industrial Science; Technology; Kazuo Ohta(The; University of Electro-Communications; Noboru Kunihiro(The; University of Tokyo
Security and Communication Networks, Wiley, 9, 12, 1663-1675, 2016, Peer-reviwed
Scientific journal, English

A new method for enhancing variety and maintaining reliability of PUF responses and its evaluation on ASICs
Dai Yamamoto; Kazuo Sakiyama; Mitsugu Iwamoto; Kazuo Ohta; Masahiko Takenaka; Kouichi Itoh; Naoya Torii
Journal of Cryptographic Engineering, Springer Verlag, 5, 3, 187-199, 10 Sep. 2015, Peer-reviwed, Physically unclonable functions (PUFs) are expected to provide a breakthrough in anti-counterfeiting devices for secure ID generation and authentication, etc. Factory-manufactured PUFs are generally more secure if the number of outputs (the variety of responses) is larger (e.g., a 256-bit full-entropy response is more secure than a 128-bit response). In Yamamoto et al. (J Cryptogr Eng 3(4):197–211, 2013), we presented a latch-based PUF structure, which enhances the variety of responses by utilizing the location information of the RS (Reset-Set) latches outputting random numbers. We confirmed the effectiveness of this method using two kinds of different Xilinx FPGA chips: Spartan-3E and Spartan-6. In this paper, we propose a novel method of further enhancing the variety of responses while maintaining the reliability of responses, i.e., consistency over repeated measurements. The core idea in this method is to effectively utilize the information on the proportion of ‘1’s in the random number sequence output by the RS latches. This proportion information is determined during the manufacturing process, making it relatively stable and reliable once PUFs are manufactured. We estimated the variety of responses generated by the PUFs to which the proposed method was applied. According to our experiment with 73 ASIC chips fabricated by a 0.18-$$\\upmu $$μm CMOS process, latch-based PUFs with 256 RS latches can improve the variety of responses to as much as $$2^{379}$$<
sup>
2379<
/sup>
. This is much larger than $$2^{220}$$<
sup>
2220<
/sup>
for conventional methods, and $$2^{314}$$<
sup>
2314<
/sup>
for our previous method presented in Yamamoto et al., J Cryptogr Eng 3(4):197–211, 2013). The average error rate (reliability) of responses is only 0.064 when both temperature and voltage are changed to $$-20 \\sim 60^\\circ $$-20∼<
sup>
60∘<
/sup>
C and $$1.80 \\pm 0.15\\mathrm{V}$$1.80±0.15V, respectively. Our proposed PUF enhances the variety of responses dramatically while maintaining reliability.
Scientific journal, English

A Silicon-Level Countermeasure Against Fault Sensitivity Analysis and Its Evaluation
Sho Endo; Yang Li; Naofumi Homma; Kazuo Sakiyama; Kazuo Ohta; Daisuke Fujimoto; Makoto Nagata; Toshihiro Katashita; Jean-Luc Danger; Takafumi Aoki
IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 23, 8, 1429-1438, Aug. 2015, Peer-reviwed, In this paper, we present an efficient countermeasure against fault sensitivity analysis (FSA) based on configurable delay blocks (CDBs). FSA is a new type of fault attack, which exploits the relationship between fault sensitivity (FS) and secret information. Previous studies reported that it could break cryptographic modules equipped with conventional countermeasures against differential fault analysis (DFA), such as redundancy calculation, masked AND-OR, and wave dynamic differential logic. The proposed countermeasure can thwart both DFA and FSA attacks based on setup time violation faults. The proposed ideas are to use a CDB as a time base for detection and to combine the technique with Li's countermeasure concept that removes the dependency between FSs and secret data. The postmanufacture configuration of the CDBs allows minimization of the overhead in operating frequency that comes from manufacture variability. In this paper, we also present an implementation of the proposed countermeasure in application-specified integrated circuit, and describe its configuration method. We then investigate the hardware overhead of the proposed countermeasure for an advanced encryption standard processor and demonstrate its validity through an experiment.
Scientific journal, English

“A New Model of Client–Server Communications under Information Theoretic Security,”
M. Iwamoto; T. Omino; Y. Komano; K. Ohta
IEEE Information Theory Workshop (ITW2014), 512-516, 05 Nov. 2014, Peer-reviwed
International conference proceedings, English

“Cheating on a Visual Secret Sharing Scheme under a Realistic Scenario,”
P. Lumyong; M. Iwamoto; K. Ohta
International Symposium on Information Theory and Its Applications (ISITA2014), 546-550, 29 Oct. 2014, Peer-reviwed
International conference proceedings, English

Improved Indifferentiable Security Analysis of PHOTON
Yusuke Naito; Kazuo Ohta
Security and Cryptography for Networks - 9th International Conference (SCN 2014),, Lecture Notes in Computer Science (LNCS) – Springer, LNCS Springer-Verlag, 8642, 340-357, 03 Sep. 2014, Peer-reviwed
International conference proceedings, English

“Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest, ”
Christophe Clavier; Jean-Luc Danger; Guillaume Duc; M. Abdelaziz; Elaabid, Benoît Gérard; Sylvain Guilley; Annelie Heuser; Michael Kasper; Yang Li; Victor Lomné; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama; Laurent Sauvage; Werner Schindler; Marc Stöttinger; Nicolas Veyrat-Charvillon; Matthieu Walle; Antoine Wurcker
J. Cryptographic Engineering,, 4, 1, 1-16, Apr. 2014, Peer-reviwed
Scientific journal, English

An Automated Evaluation Tool for Improved Rebound Attack: New ShiftBytes Parameters for Grøstl
Yu Sasaki; Yuuki Tokushige; Lei Wang; Mitsugu Iwamoto; Kazuo Ohta; Yusuke Naito; Kazuki Yoneyama; Kazuo Ohta
Proc. of CT-RSA2014, Lecture Notes in Computer Science (LNCS) – Springer, LNCS Springer-Verlag, 8366, 424-443, Feb. 2014, Peer-reviwed
International conference proceedings, English

“Privacy-Mode Switching: Toward Flexible Privacy Protection for RFID Tags in Internet of Things,”
Yang Li; Toshiki Nakasone; Kazuo Ohta; Kazuo Sakiyama
In Proc. The 11th Annual IEEE Consumer Communications & Networking Conference (CCNC’14),, IEEE, xx-yy, Jan. 2014, Peer-reviwed
International conference proceedings, English

Practical DFA strategy for AES under limited-access conditions
Kazuo Sakiyama; Yang Li; Shigeto Gomisawa; Yu-Ichi Hayashi; Mitsugu Iwamoto; Naofumi Homma; Takafumi Aoki; Kazuo Ohta
Journal of Information Processing, Information Processing Society of Japan, 22, 2, 142-151, 2014, Peer-reviwed, Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remotefault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections. © 2014 Information Processing Society of Japan.
Scientific journal, English

Constant Rounds Almost Linear Complexity Multi-party Computation for Prefix Sum
Kazuma Ohara; Kazuo Ohta; Koutarou Suzuki; Kazuki Yoneyama
PROGRESS IN CRYPTOLOGY - AFRICACRYPT 2014, SPRINGER-VERLAG BERLIN, 8469, 8469, 285-299, 2014, Peer-reviwed, One of research goals on multi-party computation (MPC) is to achieve both perfectly secure and efficient protocols for basic functions or operations (e.g., equality, comparison, bit decomposition, and modular exponentiation). Recently, for many basic operations, MPC protocols with constant rounds and linear communication cost (in the input size) are proposed. In this paper, we propose the first MPC protocol for prefix sum in general semigroups with constant 2d + 2dc rounds and almost linear O(l log*((c)) l) communication complexity, where c is a constant, d is the round complexity of subroutine protocol used in the MPC protocol, l is the input size, and log*((c)) is the iterated logarithm function. The prefix sum protocol can be seen as a generalization of the postfix comparison protocol proposed by Toft. Moreover, as an application of the prefix sum protocol, we construct the first bit addition protocol with constant rounds and almost linear communication complexity.
International conference proceedings, English

Reset Indifferentiability from Weakened Random Oracle Salvages One-Pass Hash Functions
Yusuke Naito; Kazuki Yoneyama; Kazuo Ohta
APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, ACNS 2014, SPRINGER-VERLAG BERLIN, 8479, 8479, 235-252, 2014, Peer-reviwed, Ristenpart et al. (EUROCRYPT 2011) showed that the indifferentiability theorem of Maurer et al. (TCC 2004) does not cover all multi-stage security notions; it only covers single-stage security notions. They defined reset indifferentiability, and proved the reset indifferentiability theorem, which covers all security notions; if a hash function is reset indifferentiable from a random oracle denoted by RO, for any security, any cryptosystem is at least as secure under the hash function as in the RO model. Unfortunately, they also proved the impossibility of one-pass hash functions such as ChopMD and Sponge; there exists a multi-security notion such that some cryptosystem is secure in the RO model but insecure when RO is replaced with a one-pass hash function.
In order to ensure other multi-stage security notions, we propose a new methodology, called the WRO methodology, instead of the RO methodology. We consider "Reset Indifferentiability from Weakened Random Oracle" which salvages ChopMD and Sponge. The concrete procedure of the WRO methodology is as follows:
1. Define a new concept of WRO instead of RO,
2. Prove that a hash function H is reset indifferentiable from WRO, (here the examples are ChopMD and Sponge), and
3. For multi-stage security G, prove that a cryptosystem C is G-secure in the WRO model.
As a result, C with H is G-secure by combining the results of Steps 2, 3, and the theorem of Ristenpart et al. Moreover, for a public-key encryption scheme (as C) and the chosen-distribution attack game (as the game of G) we prove that C(WRO) is G-secure, which implies the appropriateness of the new concept of the WRO methodology.
International conference proceedings, English

Privacy-preserving smart metering with verifiability for both billing and energy management
Kazuma Ohara; Yusuke Sakai; Fumiaki Yoshida; Mitsugu Iwamoto; Kazuo Ohta
ASIAPKC 2014 - Proceedings of the 2nd ACM Workshop on ASIA Public-Key Cryptography, Association for Computing Machinery, 23-32, 2014, Peer-reviwed, In smart grid systems, security and privacy prevention is great concerns. The suppliers of the power in smart grid systems demand to know the consumption of each customer for correctly calculating billing price and the total amount of consumption in a certain region for managing energy supply adopted real-time needs. On the other hand, the customer of the power desires to hide his/her own consumption profile, since it contains privacy information of the customer. However, hiding the consumption allows customers to reduce billing price. Previous privacy-preserving smart metering schemes provide only one of billing or energy management functionality, or even if both of them are achieved, these schemes cannot verify the integrity of the consumption issued by the smart meter. We propose a novel smart metering scheme that provides both of billing and energy management functionality, as well as verifiability of the integrity of total amount of the consumption or billing price. © 2014 ACM.
International conference proceedings, English

“クロック間衝突を漏洩モデルとする新たなサイドチャネル解析と並列実装AES暗号ハードウェアにおける弱い鍵,”
中曽根俊貴; 李陽; 岩本貢; 太田和夫; 﨑山一男
電子情報通信学会論文誌(A),, 電子情報通信学会, J97-A, 11, 695-703, 2014, Peer-reviwed
Scientific journal, Japanese

Yet Another Fault-Based Leakage in Non-uniform Faulty Ciphertexts
Yang Li; Yu-ichi Hayashi; Arisa Matsubara; Naofumi Homma; Takafumi Aoki; Kazuo Ohta; Kazuo Sakiyama
Foundations and Practice of Security - 6th International Symposium, FPS 2013, Springer-Verlag, LNCS 8352, 272-287, 2014, Peer-reviwed
International conference proceedings, English

Variety enhancement of PUF responses using the locations of random outputting RS latches
Dai Yamamoto; Kazuo Sakiyama; Mitsugu Iwamoto; Kazuo Ohta; Masahiko Takenaka; Kouichi Itoh
Journal of Cryptographic Engineering, 3, 4, 197-211, Nov. 2013, Peer-reviwed, Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, manufactured PUFs are considered to be more secure when the pattern of outputs (the variety of responses) is larger, i.e., the response bit length is longer (e.g., 192-bit response is more secure than 128-bit one). However, the actual bit length is reduced because some response bits are inconsistent (random) for repeated measurements, which are regarded as unnecessary for ID generation and discarded. Latch-based PUFs with N RS latches, for example, generate ideally 2N responses depending on binary values output from RS latches (0/1). However, some RS latches output random responses which are inconsistent and cannot be used for reliable ID generation, so the variety of responses becomes smaller than 2N. In this paper, we propose a novel Latch-based PUF structure, which outputs larger variety of responses by utilizing location information of the RS latches outputting the random responses. Differently from random responses themselves, this location information is determined during a manufacturing process, so almost fixed once PUFs are manufactured. The proposed PUF generates 3N ≈ 21.58N responses by considering random responses as the third stable value: using ternary values (0/1/random). We estimate the variety of responses generated by the proposed PUFs. According to our experiment with 40 FPGAs, a Latch-based PUF with 128 RS latches can improve it from 2116 to 2192.7, this being maximized when the 128 latches outputs 0s, 1s, or random outputs with equal probability. We also show the appropriate RS latch structure for satisfying this condition, and validate it using two kinds of different Xilinx FPGAs: Spartan-3E and Spartan-6. The average error rate of responses is only 5.3 % when the core voltage is changed within the rated voltage range of the FPGAs. Our proposed PUF using ternary values enhances dramatically the variety of responses while keeping the reliability. © 2012 The Author(s).
Scientific journal, English

“Exploration of the CC-EMA Attack Towards Efficient Evaluation of EM Information Leakage,”
Toshiki Nakasone; Kazuo Sakiyama; Yang Li; Kazuo Ohta
In Proc. International Symposium on Electromagnetic Compatibility (EMC EUROPE) 2013,, IEEE, 411-414, Sep. 2013, Peer-reviwed
International conference proceedings, English

Meet-in-the-Middle Preimage Attacks Revisited: New Results on MD5 and HAVAL
Yu Sasaki; Wataru Komatsubara; Yasuhide Sakai; Lei Wang; Mitsugu Iwamoto; Kazuo Sakiyama; Kazuo Ohta
SECRYPT2013, Proceedings of the 10th International Conference on Security and Cryptography,, SciTePress, 111-122, Jul. 2013, Peer-reviwed
International conference proceedings, English

“Exploring the Relations Between Fault Sensitivity and Power Consumption
Yang Li; Sho Endo; Nicolas Debande; Naofumi Homma; Takafumi Aoki; Thanh-Ha Le; Jean-Luc Danger; Kazuo Ohta; Kazuo Sakiyama
COSADE’13, LNCS7864, Springer-Verlag, 137-153, Mar. 2013, Peer-reviwed
International conference proceedings, English

Ciphertext-Policy Delegatable Hidden Vector Encryption and Its Application
Mitsuhiro Hattori; Takato Hirano; Takashi Ito; Nori Matsuda; Takumi Mori; Yusuke Sakai; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E96A, 1, 53-67, Jan. 2013, Peer-reviwed, We propose a new hidden vector encryption (HVE) scheme that we call a ciphertext-policy delegatable hidden vector encryption (CP-dHVE) scheme. Several HVE schemes have been proposed and their properties have been analyzed extensively. Nonetheless, the definition of the HVE has been left unchanged. We therefore reconsider it, and point out that the conventional HVE should be categorized as the key-policy HVE, because the vectors corresponding to the secret keys can contain wildcards (which specify an access policy) whereas those corresponding to the ciphertexts cannot contain them. We then formalize its dual concept, the ciphertext-policy HVE, and propose a concrete scheme. Then, as an application of our scheme, we propose a public-key encryption with conjunctive keyword search scheme that can be used in the hierarchical user systems. Our scheme is novel in that the ciphertext size grows logarithmically to the number of uses in the system, while that of a conventional scheme grows linearly.
Scientific journal, English

A New Type of Fault-Based Attack: Fault Behavior Analysis,
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEICE Trans. Fundam. Electron. Commun Comput. Sci., A96-A, 1, 177-184, Jan. 2013, Peer-reviwed
Scientific journal, English

Boomerang Distinguishers for Full HAS-160 Compression Function
Yu Sasaki; Lei Wang; Yasuhiro Takasaki; Kazuo Sakiyama; Kazuo Ohta
International Workshop on Security (IWSEC), LNCS 7631, Springer-Verlag, 156-169, Nov. 2012, Peer-reviwed
International conference proceedings, English

Key-Dependent Weakness of AES-Based Ciphers Under Clockwise Collision Distinguisher
Toshiki Nakasone; Yang Li; Yu Sasaki; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
International Conference on Information Security and Cryptology 2012 (ICISC’12), LNCS 7839, Springer-Verlag, 395–409, Nov. 2012, Peer-reviwed
International conference proceedings, English

An Extension of Fault Sensitivity Analysis Based on Clockwise Collision
Yang Li; Kazuo Ohta; Kazuo Sakiyama
International Conferences on Information Security and Cryptology 2012 (Inscript’12),, Springer-Verlag, in press, Nov. 2012, Peer-reviwed
International conference proceedings, English

複数の要因に対する新たな故障感度解析
小池彩歌; 李陽; 中津大介; 太田和夫; 崎山一男
電子情報通信学会論文誌(A), J95-A,, 10, 751-755, Oct. 2012, Peer-reviwed
Scientific journal, Japanese

Three-Subset Meet-in-the-Middle Attack on Reduced XTEA
Yu Sasaki; Lei Wang; Yasuhide Sakai; Kazuo Sakiyama; Kazuo Ohta
International Conference on Cryptology In Africa (Africacrypt'12), LNCS 7374, Springer-Verlag, 138-154, Jul. 2012, Peer-reviwed
International conference proceedings, English

Fair and Consistent Hardware Evaluation of Fourteen Round Two SHA-3 Candidates
Miroslav Knezevic; Kazuyuki Kobayashi; Jun Ikegami; Shin'ichiro Matsuo; Akashi Satoh; Uenal Kocabas; Junfeng Fan; Toshihiro Katashita; Takeshi Sugawara; Kazuo Sakiyama; Ingrid Verbauwhede; Kazuo Ohta; Naofumi Homma; Takafumi Aoki
IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 20, 5, 827-840, May 2012, The first contribution of our paper is that we propose a platform, a design strategy, and evaluation criteria for a fair and consistent hardware evaluation of the second-round SHA-3 candidates. Using a SASEBO-GII field-programmable gate array (FPGA) board as a common platform, combined with well defined hardware and software interfaces, we compare all 256-bit version candidates with respect to area, throughput, latency, power, and energy consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specification for the SHA-3 module on our testing platform. The second contribution is that we provide both FPGA and 90-nm CMOS application-specific integrated circuit (ASIC) synthesis results and thereby are able to compare the results. Our third contribution is that we release the source code of all the candidates and by using a common, fixed, publicly available platform, our claimed results become reproducible and open for a public verification.
Scientific journal, English

New Truncated Differential Cryptanalysis on 3D Block Cipher
Takuma Koyama; Lei Wang; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
International Conference on Information Security Practice and Experience (ISPEC'12), LNCS 7232, Springer-Verlag, 109-125, Apr. 2012, Peer-reviwed
International conference proceedings, English

Information-Theoretic Approach to Optimal Differential Fault Analysis
Kazuo Sakiyama; Yang Li; Mitsugu Iwamoto; Kazuo Ohta
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 7, 1, 109-120, Feb. 2012, Peer-reviwed, This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active attack where attackers induce an error in operations to retrieve the secret internal information, e. g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA attacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.
Scientific journal, English

New Fault-Based Side-Channel Attack Using Fault Sensitivity
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 7, 1, 88-97, Feb. 2012, Peer-reviwed, This paper proposes a new fault-based attack called fault sensitivity analysis (FSA) attack. In the FSA attack, fault injections are used to test out the sensitive information leakage called fault sensitivity. Fault sensitivity means the critical fault injection intensity that corresponds to the threshold between devices' normal and abnormal behaviors. We demonstrate that without using the values of the faulty outputs, attackers can obtain the information of the secret key based on the data-dependency of the collected fault sensitivity data. This paper explains the successful FSA attacks against three Advanced Encryption Standard (AES) hardware implementations, where two of them are resistant to the differential fault analysis. This paper also discusses the countermeasures against the proposed FSA attacks.
Scientific journal, English

Meet-in-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128
Lei Wang; Yu Sasaki; Wataru Komatsubara; Kazuo Sakiyama; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E95A, 1, 100-110, Jan. 2012, Peer-reviwed, Even though meet-in-the-middle preimage attack framework has been successfully applied to attack most of narrow-pipe hash functions, it seems difficult to apply this framework to attack double-branch hash functions. Only few results have been published on this research. This paper proposes a refined strategy of applying meet-in-the-middle attack framework to double-branch hash functions. The main novelty is a new local-collision approach named one-message-word local collision. We have applied our strategy to two double-branch hash functions RIPEMD and RIPEMD-128, and obtain the following results.
On RIPEMD, We find a pseudo-preimage attack on 47-step compression function, where the full version has 48 steps, with a complexity of 2(119). It can be converted to a second preimage attack on 47-step hash function with a complexity of 2(124.5). Moreover, we also improve previous preimage attacks on (intermediate) 35-step RIPEMD, and reduce the complexity from 2(113) to 2(96).
On RIPEMD-128, We find a pseudo-preimage on (intermediate) 36-step compression function, where the full version has 64 steps, with a complexity of 2(123). It can1 be converted to a preimage attack on (intermediate) 36-step hash function with a complexity of 2(126.5).
Both RIPEMD and RIPEMD-128 produce 128-bit digests. Therefore our attacks are faster than the brute-force attack, which means that our attacks break the theoretical security bound of the above step-reduced variants of those two hash functions in the sense of (second) preimage resistance. The maximum number of the attacked steps on both those two hash functions is 35 among previous works based to our best knowledge. Therefore we have successfully increased the number of the attacked steps. We stress that our attacks does not break the security of full-version RIPEMD and RIPEMD-128. But the security mergin of RIPEMD becomes very narrow. On the other hand, RIPEMD-128 still has enough security margin.
Scientific journal, English

Toward Effective Countermeasures against an Improved Fault Sensitivity Analysis
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E95A, 1, 234-241, Jan. 2012, Peer-reviwed, This paper proposes the countermeasures against an improved fault sensitivity analysis. Our countermeasure is proposed based on the WDDL technique due to its built-in resistance against both the power-based attack and differential fault analysis. At CHES 2010, Li et al. proposed the FSA attack on WDDL-AES. The vulnerability of WDDL-AES in their attack mainly comes from the implementation deficiency rather than the WDDL technique itself. This paper first proposes an improved fault sensitive analysis that can threat a well-implemented WDDL-AES based on the input-data dependency for the critical path delay of WDDL S-box. Then we discuss the possibility of efficient countermeasures by modifying the WDDL circuit with a limited overhead. The countermeasures are discussed based on either modifying the dual-rail to single-rail converter or the introduction of the enable signal.
Scientific journal, English

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking
Yusuke Sakai; Jacob C. N. Schuldt; Keita Emura; Goichiro Hanaoka; Kazuo Ohta
PUBLIC KEY CRYPTOGRAPHY - PKC 2012, SPRINGER-VERLAG BERLIN, 7293, Springer-Verlag, 715-732, 2012, Peer-reviwed, We identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, we highlight that even if a scheme provably meets the security requirements of the model, a malicious group member can potentially claim ownership of a group signature produced by an honest group member by forging a proof of ownership. This property leads to a number of vulnerabilities in scenarios in which dynamic group signatures are likely to be used. We furthermore show that the currently most efficient dynamic group signature scheme does not provide protection against this type of malicious behavior.
To address this, we introduce the notion of opening soundness for group signatures which essentially requires that it is infeasible to produce a proof of ownership of a valid group signature for any user except the original signer. We then show a relatively simple modification of the scheme by Groth (ASIACRYPT 2007, full version) which allows us to prove opening soundness for the modified scheme without introducing any additional assumptions.
We believe that opening soundness is an important and natural security requirement for group signatures, and hope that future schemes will adopt this type of security.
International conference proceedings, English

Ciphertext-Policy Delegatable Hidden Vector Encryption and Its Application to Searchable Encryption in Multi-user Setting
Mitsuhiro Hattori; Takato Hirano; Takashi Ito; Nori Matsuda; Takumi Mori; Yusuke Sakai; Kazuo Ohta
IMA International Conference (IMACC 2011), LNCS 7089, Springer, 190-209, Dec. 2011, Peer-reviwed
International conference proceedings, English

Experimental Verification of Super-Sbox Analysis ― Confirmation of Detailed Attack Complexity
Yu Sasaki; Naoyuki Takayanagi; Kazuo Sakiyama; Kazuo Ohta
International Workshop on Security 2011 (IWSEC’11), LNCS 7038, Springer-Verlag, 178-192, Nov. 2011, Peer-reviwed
International conference proceedings, English

Intentional Electromagnetic Interference for Fault Analysis on AES Block Cipher IC
Yu-ichi Hayashi; Shigeto Gomisawa; Yang Li; Naofumi Homma; Kazuo Sakiyama; Takafumi Aoki; Kazuo Ohta
International Workshop on Electromagnetic Compatibility of Integrated Circuits (EMCCOMPO’11), 235-240, Nov. 2011, Peer-reviwed
International conference proceedings, English

Security of Practical Cryptosystems Using Merkle-Damng{/aa}rd Hash Function in the Ideal Cipher Model
Yusuke Naito; Kazuki Yoneyama; Lei Wang; Kazuo Ohta
ProvSec2011, 281-296, Oct. 2011, Peer-reviwed
International conference proceedings, English

Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches
Dai Yamamoto; Kazuo Sakiyama; Mitsugu Iwamoto; Kazuo Ohta; Takao Ochiai; Masahiko Takenaka; Kouichi Itoh
Cryptographic Hardware and Embedded Systems (CHES’11), LNCS 6917,, Springer-Verlag, 390-406, Sep. 2011, Peer-reviwed
International conference proceedings, English

First Experimental Results of Correlation-Enhanced EMA Collision Attack
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Poster Session, CHES2011, LNCS 6917, Springer-Verlag, XXX, Sep. 2011, Peer-reviwed
International conference proceedings, English

On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attack in a Combined Setting
Amir Moradi; Oliver Mischke; Christof Paar; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Cryptographic Hardware and Embedded Systems (CHES’11),, LNCS 6917,, Springer-Verlag, 292-311, Sep. 2011, Peer-reviwed
International conference proceedings, English

Security Notions for Information Theoretically Secure Encryptions
M. Iwamoto; K. Ohta
IEEE-ISIT, 1743-1747, Aug. 2011, Peer-reviwed
International conference proceedings, English

Variations of Information Theoretic Security Notions
M. Iwamoto; K. Ohta
7-th Asia-Europe Workshop on Information Theory, 73-76, Jul. 2011
International conference proceedings, English

Revisit Fault Sensitivity Analysis on WDDL-AES
Li Yang; Kazuo Ohta; Kazuo Sakiyama
International Symposium on Hardware-Oriented Security and Trust (HOST'11), 6pages, Jun. 2011, Peer-reviwed
International conference proceedings, English

How to Shorten a Ciphertext of Reproducible Key Encapsulation Mechanisms in the Random Oracle Model
Yusuke Sakai; Goichiro Hanaoka; Kaoru Kurosawa; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E94A, 6, 1293-1305, Jun. 2011, Peer-reviwed, This paper shows a simple methodology for shortening a ciphertext of reproducible key encapsulation mechanisms. Specifically, it transforms a key encapsulation mechanism having OW-CCCA security and reproducibility into that of IND-CCA secure in the random oracle model whose ciphertext is shorter. Various existing chosen-ciphertext secure key encapsulation mechanisms (in the standard model) are reproducible, and thus their ciphertext can be shortened by the proposed transformation. The transformed scheme requires only one additional hashing for encryption. This property enables us to implement both the original scheme and the transformed scheme into a single chip simultaneously with small gate-size overhead. Using this chip, a sender can flexibly switch schemes to encrypt a message in a message-by-message manner. Such a use of schemes is also analyzed.
Scientific journal, English

Preimage Attacks on 5-Pass HAVAL Reduced to 158-Steps and One-Block 3-Pass HAVAL
Yasuhide Sakai; Yu Sasaki; Lei Wang; Kazuo Ohta; Kazuo Sakiyama
Industrial Track Session, ACNS2011, 14 pages, Jun. 2011, Peer-reviwed
International conference proceedings, English

(Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach
Lei Wang; Yu Sasaki; Wataru Komatsubara; Kazuo Ohta; Kazuo Sakiyama
RSA Conference 2011, Cryptographer's Track (CT-RSA'11), LNCS 6558, Springer-Verlag, 197-212, Mar. 2011, Peer-reviwed
International conference proceedings, English

A Study on Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication
Yoshikazu Hanatani; Miyako Ohkubo; Shin'ichiro Matsuo; Kazuo Sakiyama; Kazuo Ohta
Real-Life Cryptographic Protocols and Standarization (RLCPS'11), LNCS, Springer-Verlag, X, Feb. 2011, Peer-reviwed
International conference proceedings, English

Combination of SW Countermeasure and CPU Modification on FPGA against Power Analysis
Daisuke Nakatsu; Yang Li; Kazuo Sakiyama; Kazuo Ohta
INFORMATION SECURITY APPLICATIONS, SPRINGER-VERLAG BERLIN, 6513, 6513, 258-272, 2011, Peer-reviwed, This paper presents a design flow for secure software (SW) implementations of cryptographic algorithms against Side-Channel Attacks (SCAs) by using a CPU modification. The development of countermeasures to increase resistance against the SCAs in SW implementations is a topic of ongoing research. Researchers have proposed SW-level countermeasures in order to defeat the SCAs. However, we notice that more secure SW implementations are possible with an additional support from a hardware (HW) level countermeasure such as partial CPU modifications. This paper proposes a co-design approach of SW-level countermeasures and CPU modifications to defeat the SCAs on Field Programmable Gate Arrays (FPGA). As a case study of evaluating an effectiveness of the combination of our SW-/HW-level countermeasures, the S-box algorithm proposed by Coron et al. [1] is used. According to our experimental results, we find that the algorithm can be performed with a higher resistance against power analysis by applying our countermeasures. Our proposed design flow is applicable to various kinds of algorithms as well.
International conference proceedings, English

Power Analysis against a DPA-resistant S-box Implementation Based on the Fourier Transform
Yang Li; Kazuo Sakiyama; Shinichi Kawamura; Kazuo Ohta
IEICE Trans. Fundamentals, E94-A, 1, 191-199, Jan. 2011, Peer-reviwed
Scientific journal, English

An Efficient Authentication for Lightweight Devices by Perfectiong Zero-Knwoledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
IEICE Trans. Fundamentals, E94-A, 1, 92-103, Jan. 2011
Scientific journal, English

Security of Cryptosystems Using Merkle-Damgard in the Random in the Random Oracle Model
Yusuke Naito; kazuki Yoneyama; Lei Wang; Kazuo Ohta
IEICE Trans. Fundamentals of Electronics,Communications and Computer Sciences, E94-A, 1, 57-70, Jan. 2011
Scientific journal, English

Universally Composable NBAC-Based Fair Voucher Exchange for Mobile Environments
Kazuki Yoneyama; Masayuki Terada; Sadayuki Hongo; Kazuo Ohta
IEICE Trans. Fandmentals, E94-A, 6, 1263-1273, Jan. 2011, Peer-reviwed
Scientific journal, English

Revisit fault sensitivity analysis on WDDL-AES
Yang Li; Kazuo Ohta; Kazuo Sakiyama
2011 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2011, 148-153, 2011, Peer-reviwed, This paper revisits and improves the fault sensitivity analysis (FSA) attack on WDDL-AES. At CHES 2010, the FSA attack on WDDL-AES was proposed by Li et al. based on the delay timing difference for complementary wires. In their attack, the vulnerability of WDDL-AES mainly comes from the implementation deficiency rather than the WDDL technique itself. On the contrary, we explain that a well-implemented WDDL-AES also has the vulnerability against the FSA attack due to the input-data dependency for the critical delay of the WDDL S-box. We explain the observed ciphertext-bit dependency for the fault sensitivity (FS) data when the clock glitch is injected at the final AES round. By proposing a new distinguisher, our FSA attack can successfully retrieve the secret key information for WDDL-AES on SASEBO-R. © 2011 IEEE.
International conference proceedings, English

Fault sensitivity analysis against elliptic curve cryptosystems
Hikaru Sakamoto; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Proceedings - 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, LNCS VVVV, Springer-Verlag, 11-20, 2011, Peer-reviwed, In this paper, we present a fault-based security evaluation for an Elliptic Curve Cryptography (ECC) implementation using the Montgomery Powering Ladder (MPL). We focus in particular on the López-Dahab algorithm, which is used to calculate a point on an elliptic curve efficiently without using the y - coordinate. Several previous fault analysis attacks cannot be applied to the ECC implementation employing the López-Dahab algorithm in a straight-forward manner. In this paper, we evaluate the security of the López-Dahab algorithm using Fault Sensitivity Analysis (FSA). Although the initial work on FSA was applied only to an Advanced Encryption Standard (AES) implementation, we apply the technique to the ECC implementation. Consequently, we found a vulnerability to FSA for the ECC implementation using the López-Dahab algorithm. © 2011 IEEE.
International conference proceedings, English

Proxiable designated verifier signature
Mebae Ushida; Yutaka Kawai; Kazuki Yoneyama; Kazuo Ohta
Journal of Information Processing, Information Processing Society of Japan, 19, 430-440, 2011, Peer-reviwed, Designated Verifier Signature (DVS) guarantees that only a verifier designated by a signer can verify the “validity of a signature”. In this paper, we propose a new variant of DVS
Proxiable Designated Verifier Signature (PDVS) where the verifier can commission a third party (i.e., the proxy) to perform some process of the verification. In the PDVS system, the verifier can reduce his computational cost by delegating some process of the verification without revealing the validity of the signature to the proxy. In all DVS systems, the validity of a signature means that a signature satisfies both properties that (1) the signature is judged “accept” by a decision algorithm and (2) the signature is confirmed at it is generated by the signer. So in the PDVS system, the verifier can commission the proxy to check only the property (1). In the proposed PDVS model, we divide verifier’s secret keys into two parts
one is a key for performing the decision algorithm, and the other is a key for generating a dummy signature, which prevents a third party from convincing the property (2). We also define security requirements for the PDVS, and propose a PDVS scheme which satisfies all security requirements we define.
Scientific journal, English

New Approach of Super-Sbox Analysis on AES-Based Permutations: Applications to ECHO and Grøstl
Yu Sasaki; Li Yang; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
Advances in Cryptology -- ASIACRYPT'10, LNCS 6477, Springer-Verlag, 38-55, Dec. 2010, Peer-reviwed
International conference proceedings, English

Rigorous Security Requirements for Designated Verifier Signatures
Kazuki Yoneyama; Mebae Ushida; Kazuo Ohta
Inscrypt 2010, LNCS 6584, 318-335, 20 Oct. 2010, Peer-reviwed
International conference proceedings, English

Fault Sensitive Analysis
Li Yang; Kazuo Sakiyama; Shigeto Gomisawa; Toshinori Fukunaga; Junko Takahashi; Kazuo Ohta
Cryptographic Hardware and Embedded Systems (CHES'10), LNCS 6225, 320-334, Aug. 2010, Peer-reviwed
International conference proceedings, English

Proxiable Designated Verifier Signature. SECRYPT 2010: 344-353
Mebae Ushida; Kazuo Ohta; Yutaka Kawai; Kazuki Yoneyama
SECRYPT 2010, The International Joint Conference on e-Business and Telecommunications., 344-353, 26 Jul. 2010, Peer-reviwed
International conference proceedings, English

Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition
Yutaka Kawai; Shotaro Tanno; Takahiro Kondo; Kazuki Yoneyama; Kazuo Ohta; Noboru Kunihiro
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E93A, 6, 1122-1131, Jun. 2010, Secret Handshake protocol allows members of the same group to authenticate each other secretly. That is, two members who belong to the same group can learn counterpart is in the same group, while non-member of the group cannot determine whether the counterpart is a member of the group or not. Yamashita and Tanaka proposed Secret Handshake Scheme with Multiple Groups (SHSMG). They extended a single group setting to a multiple groups setting where two members output "accept" iff both member's affiliations of the multiple groups are identical. In this paper, we first show the flaw of their SHSMG, and we construct a new secure SHSMG. Second, we introduce a new concept of Secret Handshake scheme, "monotone condition Secret Handshake with Multiple Groups (mc-SHSMG)," in order to extend the condition of "accept." In our new setting of handshake protocol, members can authenticate each other in monotone condition (not only both member's affiliations are identical but also the affiliations are not identical). The communication costs and computational costs of our proposed mc-SHSMG are fewer than the trivial construction of mc-SHSMG.
Scientific journal, English

Cryptanalysis of Two MD5-Based Authentication Protocols: APOP and NMAC
Lei Wang; Kazuo Ohta; Yu Sasaki; Kazuo Sakiyama; Noboru Kunihiro
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E93D, 5, 1087-1095, May 2010, Many hash-based authentication protocols have been proposed, and proven secure assuming that underlying hash functions are secure. On the other hand, if a hash function compromises, the security of authentication protocols based on this hash function becomes unclear. Therefore, it is significantly important to verify the security of hash-based protocols when a hash function is broken.
In this paper, we will re-evaluate the security of two MD5-based authentication protocols based on a fact that MD5 cannot satisfy a required fundamental property named collision resistance. The target protocols are APOP (Authenticated Post Office Protocol) and NMAC (Nested Message Authentication Code), since they or their variants are widely used in real world. For security evaluation of APOP, we will propose a modified password recovery attack procedure, which is twice as fast as previous attacks. Moreover, our attack is more realistic, as the probability of being detected is lower than that of previous attacks. For security evaluation of MD5-based NMAC, we will propose a new key-recovery attack procedure, which has a complexity lower than that of previous attack. The complexity of our attack is 2(76), while that of previous attack is 2(100).**Moreover, our attack has another interesting point. NMAC has two keys: the inner key and the outer key. Our attack can recover the outer key partially without the knowledge of the inner key.
Scientific journal, English

Improving Efficiency of An 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgenes
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
Proc. RSA Conference 2010, LNCS, 5985, 284-301, Mar. 2010
International conference proceedings, English

Improved Countermeasure against Address-bit DPA for ECC Scalar Multiplication
Masami Izumi; Jun Ikegami; Kazuo Sakiyama; Kazuo Ohta
ACM, 981-984, Mar. 2010
International conference proceedings, English

Power Variance Analysis Breaks a Masked ASIC Implementation of AES
Yang Li; Kazuo Sakiyama; Lejla Batina; Daisuke Nakatsu; Kazuo Ohta
ACM, 1059-1064, Mar. 2010
International conference proceedings, English

Improving Efficiency of An 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
RSA Conference 2010, LNCS 5985, 284-301, Mar. 2010
International conference proceedings, English

Multiple Designated Verifiers Signatures Reconsidered
Mebae Ushida; Tetsuya Izu; Masahiko Takenaka; Kazuo Ohta
Proc. ARES 2010, 586-590, Feb. 2010
International conference proceedings, English

On Clock-Based Fault Analysis Attack for an AES Hardware Using RSL
Kazuo Sakiyama; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E93A, 1, 172-179, Jan. 2010, As one of the logic-level countermeasures against DPA (Differential Power Analysis) attacks, Random Switching Logic (RSL) was proposed by Suzuki, Sacki and Ichikawa in 2004 [9]. The RSL technique was applied to AES hardware and a prototype chip was implement with a 0.13-mu m standard CMOS library for evaluating the DPA resistance [10]. Although the main purpose of using RSL is to resist the DPA attacks, our experimental results of Clock-based Fault Analysis (CFA) show that one can reveal the secret information from the prototype chip. This paper explains the mechanism of the CFA attack and discusses the reason for the success of the attack against a prototype implementation of AES with RSL (RSL-AES). Furthermore, we consider an ideal RSL-AES implementation that counteracts the CFA attacks.
Scientific journal, English

Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols
Yu Sasaki; Lei Wang; Kazuo Ohta; Kazumaro Aoki; Noboru Kunihiro
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E93A, 1, 84-92, Jan. 2010, In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password parallel to Challenge), which is called prefix approach, previous work needs to ask 2(37) queries to recover a password. Asking 2(37) queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 2(34) MD4 off-line computations. To recover up to 12-octet passwords, we only need 2(10) times the amount of eavesdropping, 2(10) queries, and 2(41) off-line MD4 computations. When responses are computed as MD4(Password parallel to Challengel parallel to Password), which is called hybrid approach. previous work needs to ask 2(63) queries, while in our attack, up to 8-octet passwords are practically recovered by 28 times the amount of eavesdropping. 28 queries, and 2(39) off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.
Scientific journal, English

Improved Countermeasure against Address-bit DPA for ECC Scalar Multiplication
Masami Izumi; Jun Ikegami; Kazuo Sakiyama; Kazuo Ohta
2010 DESIGN, AUTOMATION & TEST IN EUROPE (DATE 2010), IEEE, 981-984, 2010, Peer-reviwed, Messerges, Dabbish and Sloan proposed a DPA attack which analyzes the address values of registers [1]. This attack is called the Address-bit DPA (ADPA) attack. As countermeasures against ADPA, Itoh, Izu and Takenaka proposed algorithms that randomizes address bits [2]. In this paper, we point out that one of their countermeasures has vulnerability even if the address bits are uniformly randomized. When a register is overwritten by the same data as one stored in the register during a data move process, the power consumption is lower than the case of being overwritten by the different data. This fact enables us to separate the power traces. As a result, in the case of the algorithm proposed in [2], we could invalidate the randomness of the random bits and perform ADPA to retrieve a secret key. Moreover, for the purpose of overcoming the vulnerability, we propose a new countermeasure algorithm.
International conference proceedings, English

Power Variance Analysis Breaks a Masked ASIC Implementation of AES
Yang Li; Kazuo Sakiyama; Lejla Batina; Daisuke Nakatsu; Kazuo Ohta
2010 DESIGN, AUTOMATION & TEST IN EUROPE (DATE 2010), IEEE, 1059-1064, 2010, Peer-reviwed, To obtain a better trade-off between cost and security, practical DPA countermeasures are not likely to deploy full masking that uses one distinct mask bit for each signal. A common approach is to use the same mask on several instances of an algorithm. This paper proposes a novel power analysis method called Power Variance Analysis (PVA) to reveal the danger of such implementations. PVA uses the fact that the side-channel leakage of parallel circuits has a big variance when they are given the same but random inputs. This paper introduces the basic principle of PVA and a series of PVA experiments including a successful PVA attack against a prototype RSL-AES implemented on SASEBO-R.
International conference proceedings, English

Prototyping platform for performance evaluation of SHA-3 candidates
Kazuyuki Kobayashi; Jun Ikegami; Miroslav Kneževíc; Eric Xu Guo; Shin'ichiro Matsuo; Sinan Huang; Leyla Nazhandali; Ünal Kocabaş; Junfeng Fan; Akashi Satoh; Ingrid Verbauwhede; Kazuo Sakiyama; Kazuo Ohta
Proceedings of the 2010 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2010, 60-63, 2010, Peer-reviwed, The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board. ©2010 IEEE.
International conference proceedings, English

Security Evaluation of a DPA-resistant S-box Based on the Fourier Transform
Yang Li; Kazuo Sakiyama; Shinichi Kawamura; Yuichi Komano; Kazuo Ohta
International Conference on Information and Communications Security (ICICS'09), LNCS 5297, 3-16, Dec. 2009, Peer-reviwed
International conference proceedings, English

Bit-free Collision: Application to APOP Attack
Lei Wang; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
International Workshop on Security 2009 (IWSEC'09), LNCS 5824, 3-14, Oct. 2009, Peer-reviwed
International conference proceedings, English

Leaky Random Oracle
Kazuki Yoneyama; Satoshi Miyagawa; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E92A, 8, 1795-1807, Aug. 2009, This work focuses on a vulnerability of hash functions due to sloppy usages or implementations in the real world. If our cryptographic research community succeeded in the development of a perfectly secure random function as the random oracle, it might be broken in some sense by invalid uses. In this paper, we propose a new variant of the random oracle model in order to analyze the security of cryptographic protocols under the situation of an invalid use of hash functions. Our model allows adversaries to obtain contents of the hash list of input and output pairs arbitrarily. Also, we analyze the security of several prevailing protocols (FDH, OAEP, Cramer-Shoup cryptosystem, Kurosawa-Desmedt cryptosystem, NAXOS) in our model. As the result of analyses, we clarify that FDH and Cramer-Shoup cryptosystem are still secure but others are insecure in our model. This result Shows the separation between our model and the standard model.
Scientific journal, English

Secret Handshake: Strong Anonymity Definition and Construction,
Yutaka Kawai; Kazuki Yoneyama; Kazuo Ohta
ISPEC 2009, ?, Apr. 2009
International conference proceedings, English

Fault Analysis Attack against an AES Prototype Chip using RSL
Kazuo Sakiyama; Tatsuya Yagi; Kazuo Ohta
Proc.RSA Conference 2009, LNCS, 5473, 429-443, Apr. 2009
International conference proceedings, English

Fault Analysis Attack against an AES Prototype Chip using RSL
Kazuo Sakiyama; Tatsuya Yagi; Kazuo Ohta
RSA Conference 2009, Cryptographer's Track (CT-RSA'09), LNCS 5473, 429-443, Apr. 2009, Peer-reviwed
International conference proceedings, English

Attribute-Based Encryption with Partially Hidden Ciphertext Policies
Takashi Nishide; Kazuki Yoneyama; Kazuo Ohta
IEICE Trans. on Fundamentals, E92.A, 1, 22-32, Jan. 2009
Scientific journal, English

A New 'On the Fly' Identification Scheme: A Trade-off of Asymptoticity between ZK and Correctness,
Bagus Santoso; Kazuo Ohta
IEICE TRANSACTIONS, E92-A, 1, 122-136, Jan. 2009
Scientific journal, English

Near-Collision Attacks on MD4: Applied to MD4-Based Protocols
Lei Wang; Kazuo Ohta; Noboru Kunihiro
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E92A, 1, 76-86, Jan. 2009, The most widely used hash functions from MD4 family have been broken, which lead to a public competition on designing new hash functions held by NIST. This paper focuses on one concept called near-collision resistance: computationally difficult to find a pair of messages with hash values differing in only few bits, which new hash functions should satisfy. In this paper, we will give a model of near-collisions on MD4, and apply it to attack protocols including HMAC/NMAC-MD4 and MD4(Password parallel to Challenge). Our new outer-key recovery attacks on HMAC/NMAC-MD4 has a complexity of 2(72) online queries and 2(77) MD4 computations, while previous result was 2(88) online queries and 2(95) MD4 computations. Our attack on MD4(Password parallel to Challenge) can recover 16 password characters with a complexity of 2(37) online queries and 22, MD4 computations, which is the first approach to attack such protocols. key words: near-collision, MD4, HMAC/NMAC, challenge and response, Hash(Password parallel to Challenge)
Scientific journal, English

A New Approach for Implementing the MPL Method toward Higher SPA Resistance
Masami Izumi; Kazuo Sakiyama; Kazuo Ohta
2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2, IEEE, 181-186, 2009, Peer-reviwed, Recent years, the information security is emphasized with a development of Internet systems. In. the measures as securing digital information, there are cryptosystems that protect secrecy of digital documents and digital signature scheme that ensure validity of digital documents. In. the case of reality, i.e. hardware devices are used in cryptosystems, there is a possibility, that secret information leaks via side-channel. Simple Power Analysis (SPA) attacks are one of the side-channel attacks. To prevent a SPA, one of the side-channel attacks, the Montgomery Powering Ladder (MPL) method has been considered as one of the countermeasures. In this paper we show that a naive implementation of the MPL method is vulnerable for SPA attacks by observing the power consumption of the controller block of the RSA hardware. Furthermore, in order to avoid such information leakage, we propose a new hardware architecture for RSA using the MPL method to enhance SPA resistance.
International conference proceedings, English

Extended Password Recovery Attacks against APOP, SIP, and Digest Authenticaiton
Yu Sasaki; Lei Wang; Kazuo Ohta; Noboru Kunihiro
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E92-A, 1, 96-104, 2009
Scientific journal, English

Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition under DDH Assumption
Shotaro Tanno; Kazuki Yoneyama; Yutaka Kawai; Noboru Kunihiro; Kazuo Ohta
TriSAI 2008, 181-186, Oct. 2008
International conference proceedings, English

Leaky Random Oracle
Kazuki Yoneyama; Satoshi Miyagawa; Kazuo Ohta
ProvSec2008, LNCS5324, 226-240, Oct. 2008
International conference proceedings, English

Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition
Yutaka Kawai; Shotaro Tanno; Takahiro Kondo; Kazuki Yoneyama; Noboru Kunihiro; Kazuo Ohta
WISA2008, ?, Sep. 2008
International conference proceedings, English

Task-Structured PIOAフレームワークを用いた適応的攻撃者に対するDiffie-Hellman鍵交換の安全性解析
米山 一樹; 國分 雄一; 太田 和夫
情報通信学会論文誌D分冊, The Institute of Electronics, Information and Communication Engineers, J91-D, 4, 859-872, Apr. 2008, Task-structured確率的入出力オートマトン(task-PIOA)フレームワークは,確率的,かつ非決定的な振舞いを含む暗号プリミティブを計算量的モデルで解析することができるフォーマルアプローチの一つである.しかしながら,実際に解析が行われたプリミティブは紛失通信しかない.また,既存の解析では参加者の非適応的な支配しか行えない攻撃者しかモデル化しておらず,プロトコル中で適応的に参加者の支配を行うような攻撃者を定式化する方法はいまだ知られていない.本論文では,task-PIOAフレームワークを用いてDiffie-Hellman ee交換プロトコルの適応的攻撃者に対する安全性解析を行う.まず,計算量的仮定の一つであるDDH仮定をtask-PIOAに合わせた形に再定式化し,既存のDDH仮定との等価性を示す.次に,task-PIOAフレームワークにおける鍵交換の理想的機能を汎用結合可能性安全フレームワークにおける定義に基づいて定義する.最後に,現実のDiffie-Hellman鍵交換システムと理想のシステムを構成し,適応的攻撃者に対して現実システムが理想システムを安全に実現できることを示す.
Scientific journal, Japanese

New Key Recovery Attack on HMAC/NMAC-MD4 and NMAC-MD5
Lei Wang; Kazuo Ohta; Noboru Kunihiro
Eurocrypt2008, LNCS, 4965, 27-253, Apr. 2008
International conference proceedings, English

Password Recovery Attack on Authentication Protocol MD4(Password||Challenge)
Lei Wang; Kazuo Ohta; Noboru Kunihiro
ASIACCS2008, ?, Mar. 2008, Peer-reviwed
International conference proceedings, English

A Strict Evaluation Method on the Number of Conditions for the SHA-1 Collision Search
Jun Yajima; Terutoshi Iwasaki; Yusuke Naito; Yu Sasaki; Takeshi Shimoyama; Noboru Kunihiro; Kazuo Ohta
ASIACCS2008, ?, Mar. 2008, Peer-reviwed
International conference proceedings, English

Provably Secure Multisignatures in Formal Security Model and Their Optimality
Yuichi Komano; Kazuo Ohta; Atsushi Shimbo; Shinichi Kawamura
IEICE Transactions, E91-A, 1, 107-118, Jan. 2008, Peer-reviwed
Scientific journal, English

Improved Collision Search for Hash Functions:New Advanced Message Modification
Yusuke Naito; Kazuo Ohta; Noboru Kunihiro
IEICE Transactions, E91-A, 1, 46-54, Jan. 2008, Peer-reviwed
Scientific journal, English

New Message Differences for Collision Attacks on MD4 and MD5
Yu Sasaki; Lei Wang; Noboru Kunihiro; Kazuo Ohta
IEICE Transactions, E91-A, 1, 55-63, Jan. 2008, Peer-reviwed
Scientific journal, English

Factorization of Square-Free Integers with High Bits Known
Bagus Santoso; Noboru Kunihiro; Naoki Kanayama; Kazuo Ohta
IEICE Transactions, E91-A, 1, 306-315, Jan. 2008, Peer-reviwed
Scientific journal, English

Does The Montgomery Powering Ladder Method Really Offer SPA Resistance?
Masami Izumi; Kazuo Ohta; Kazuo Sakiyama
TriSAI 2008, 328-333, 2008
International conference proceedings, English

Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack
Yu Sasaki; Lei Wang; Kazuo Ohta; Noboru Kunihiro
CT-RSA2008, 4964, 1-18, 2008
International conference proceedings, English

Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures
Takashi Nishide; Kazuki Yoneyama; Kazuo Ohta
ACNS2008, LNCS, 5023, 290-307, 2008
International conference proceedings, English

Modeling Agreement Problems in the Universal Composability Framework
Masayuki Terada; Kazuki Yoneyama; Sadayuki Hongo; Kazuo Ohta
ICICS2007, LNCS 4861, 350-361, Dec. 2007, Peer-reviwed
International conference proceedings, English

Secure Cross-Realm Client-to-Client Password-based Key Exchange against Undetectable On-line Dictionary Attacks
Kazuki Yoneyama; Haruki Ota; Kazuo Ohta
LNCS4851, 257-266, Dec. 2007, Peer-reviwed
International conference proceedings, English

The Quantum Fourier Transform on a Linear Nearest Neighbor Architecture
Yasuhiro Takahashi; Noboru Kunihiro; Kazuo Ohta
Proc. of AQIS2007, ?, Sep. 2007, Peer-reviwed
International conference proceedings, English

Yet Another Sanitizable Signature from Bilinear Maps
Tetsuya Izu; Noboru Kunihiro; Kazuo Ohta; Makoto Sano; Masahiko Takenaka
Proc. of JWIS2007, 457-468, Aug. 2007, Peer-reviwed
International conference proceedings, English

A New Strategy for Finding a Differential Path of SHA-1
Jun Yajima; Yu Sasaki; Yusuke Naito; Terutoshi Iwasaki; Takeshi Shimoyama; Noboru Kunihiro; Kazuo Ohta
Proc. of ACISP 2007, LNCS4586, 45-58, Jul. 2007, Peer-reviwed
International conference proceedings, English

A Security Analysis on Diffie-Hellman Key Exchange against Adaptive Adversaries using Task-Structured PIOA
Kazuki Yoneyama; Yuichi Kokubun; Kazuo Ohta
FCS-ARSPA2007, 131-148, Jul. 2007, Peer-reviwed
International conference proceedings, English

Provably Secure Untraceable Electronic Cash against Insider Attacks
Yoshikazu Hanatani; Yuichi Komano; Kazuo Ohta; Noboru Kunihiro
IEICE Transactions, E90-A, 5, 980-991, May 2007, Peer-reviwed
Scientific journal, English

Constant-Round Multipary Computation for Interva Test,Equality Test,and Comparison
Takashi Nishide; Kazuo Ohta
IEICE Transactions, E90-A, 5, 960-968, May 2007, Peer-reviwed
Scientific journal, English

The quantum Fourier transform on a linear nearest neighbor architecture
Yasuhiro Takahashi; Noboru Kunihiro; Kazuo Ohta
QUANTUM INFORMATION & COMPUTATION, RINTON PRESS, INC, 7, 4, 383-391, May 2007, Peer-reviwed, We show how to construct an efficient quantum circuit for computing a good approximation of the quantum Fourier transform on a linear nearest neighbor architecture. The constructed circuit uses no ancillary qubits and its depth and size are O(n) and O(n log n), respectively, where n is the length of the input. The circuit is useful for decreasing the size of Fowler et al.'s quantum circuit for Shor's factoring algorithm on a linear nearest neighbor architecture.
Scientific journal, English

Multiparty Computation for Interval, Equality, and Comparison without Bit-Decomposition Protocol
Takashi Nishide; Kazuo Ohta
Proc. of PKC2007, LNCS4450, 343-360, Apr. 2007, Peer-reviwed
International conference proceedings, English

Improved Collision Attacks on MD4 and MD5
Yu Sasaki; Yusuke Naito; Noboru Kunihiro; Kazuo Ohta
IEICE Transactons, E90-A/1, 36-47, Jan. 2007, Peer-reviwed
Scientific journal, English

Toward the Fair Anonymous Signatures:Deniable Ring Signatures
Yuichi Komano; Kazuo Ohta; Atsushi Shimbo; Shinichi Kawamura
IEICE Transactions, E90-A/1, 55-64, Jan. 2007, Peer-reviwed
Scientific journal, English

Unversally Composable Hierarchical Hybrid Authenticated Key Excange
Haruki Ota; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
IEICE Transactions, E90-A/1, 139-151, Jan. 2007, Peer-reviwed
Scientific journal, English

The quantum Fourier transform on a linear nearest neighbor architecture
Yasuhiro Takahashi; Noboru Kunihiro; Kazuo Ohta
QIP 2007, ?, Jan. 2007
International conference proceedings, English

Ring signatures: Universally composable definitions and constructions
Kazuki Yoneyama; Kazuo Ohta
Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07, 374-376, 2007, Peer-reviwed, Though anonymity of ring signature schemes has been studied in many literatures for a long time, these papers showed different definitions and there is no consensus. Recently, Bender et al. proposed two new anonymity definitions of ring signature which is stronger than the traditional definition, that are called anonymity against attribution attacks/full key exposure. Also, ring signature schemes have two levels of unforgeability definitions, i.e., existential un-forgeability (eUF) and strong existential unforgeability (sUF). In this paper, we will redefine anonymity and unforgeability definitions from the standpoint of universally composable (UC) security framework. First, we will formulate new ideal functionalities of ring signature schemes for each security levels separately. Next, we will show relations between cryptographic security definitions and our UC definitions. Finally, we will give another proof of the Bender et al.'s ring signature scheme following the UC secure definition by constructing a simulator to an adversary of sUF, which can be adaptable to the case of sUF under the assumption of a standard single sUF signature scheme. Copyright 2007 ACM.
International conference proceedings, English

New Message Difference for MD4
Yu Sasaki; Lei Wang; Kazuo Ohta; Noboru Kunihiro
Proc.of FSE2007, 340-359, 2007, Peer-reviwed
International conference proceedings, English

Ring Signatures: Universally Composable Definitions and Constructions
Kazuki Yoneyama; Kazuo Ohta
情報処理学会論文誌, 48, 9, 2976-2989, 2007, Peer-reviwed
Scientific journal, English

Universally Composable Client-to-Client General Authenticated Key Exchange
Haruki Ota; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
情報処理学会論文誌, 48, 9, 3073-3088, 2007, Peer-reviwed
Scientific journal, English

A Sanitizable Signature Scheme with Aggregation
Tetsuya Izu; Noboru Kunihiro; Kazuo Ohta; Masahiko Takenaka; Takashi Yoshioka
Proc. of ISPEC2007, LNCS4464, 51-64, 2007, Peer-reviwed
International conference proceedings, English

Improved Collision Search for SHA-0
Yusuke Naito; Yu Sasaki; Takeshi Shimoyama; Jun Yajima; Noboru Kunihiro; Kazuo Ohta
Proc.of Asiacrypt2006, LNCS, 4284, 21-36, Dec. 2006, Peer-reviwed
International conference proceedings, English

Probabilistic Metering Scheme
Kazuki Yoneyama; Noboru Kunihiro; Kazuo Ohta
IEEE Mexican Conference on Informatics Security MCIS2006, MCIS2006, 23, Nov. 2006, Peer-reviwed
International conference proceedings, English

A Practical Authentication Scheme Revisited
Bagus Santoso; Noboru Kunihiro; Kazuo Ohta
IEEE Mexican Conference on Informatics Security MCIS2006, MCIS2006, 10, Nov. 2006, Peer-reviwed
International conference proceedings

How to Construct Sufficient Conditions for Hash Functions
Yu Sasaki; Yusuke Naito; Jun Yajima; Takeshi Shimoyama; Noboru Kunihiro; Kazuo Ohta
Proc.of Vietcrypt2006, LNCS, 4341, 115-130, Sep. 2006, Peer-reviwed
International conference proceedings, English

Factoring Square-free Composite Integer by solving Multivariate Integer polynomial Equations
Bagus Santos; Noboru kunihiro; Naoki Kanayama; Kazuo Ohta
Proc.ov Vietcrypt2006, LNCS, 4341, 243-259, Sep. 2006, Peer-reviwed
International conference proceedings, English

An Evaluation of the Sieving Device YASD for 1024-bit Integers (Extended Abstract)
Naoyuki Hirota; Tetsuya Izu; Noboru Kunihiro; Kazuo Ohta
JWIS 2006, 535-548, Sep. 2006, Peer-reviwed
International conference proceedings, English

An efficient quantum circuit for addition in GF(p) and Shor's algorithm
Yasuhiro Takahashi; Noboru Kunihiro; Kazuo Ohta
Proc. of AQIS2006, 109-110, Sep. 2006, Peer-reviwed
International conference proceedings, English

双線形写像を用いた墨塗り署名方式の安全性について
伊豆 哲也; 國廣 昇; 太田 和夫; 武仲 正彦
情報処理学会論文誌, 47, 8, 2409-2415, Aug. 2006, Peer-reviwed
Scientific journal, Japanese

Taxonomical Security Consideration of OAEP Variants
Yuichi Komano; Kazuo Ohta
IEICE Transactions, E89-A, 5, 1233-1245, May 2006, Peer-reviwed
Scientific journal, English

Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares
Mitsugu Iwamoto; Lei Wang; Kazuki Yoneyama; Noboru Kunihiro; Kazuo Ohta
IEICE Transactons, E89-A, 5, 1382-1395, May 2006, Peer-reviwed
Scientific journal, English

Maurer-Yacobi ID-Based Key Distribution Revisited
Noboru Kunihiro; Wataru Abe; kazuo Ohta
IEICE Transactions, E89-A, 5, 1421-1424, May 2006, Peer-reviwed
Scientific journal, English

An Evaluation of the Sieving Device YASD for 1024-bit Integers
N. Hirota; T. Izu; N. Kunihiro; K. Ohta
2nd Workshop for Special-purpose Hardware for Attacking Cryptographic Systems (SHARCS 2006), 145-158, Apr. 2006, Peer-reviwed
International conference proceedings, English

Provably secure Electronic Cash based on Blind Multisignature Schemes
Yoshikazu Hanatani; Yuichi Komano; Kazuo Ohta; Noboru Kunihiro
Financial Cryptography 2006, LNCS, 4107, 198-212, Feb. 2006, Peer-reviwed
International conference proceedings, English

Problems on the MR Micropayment Schemes
Masahiro Mambo; Moises Rosales Salinas,Kazuo Ohta; Noboru Kunihiro
ASIACCS2006, 363-363, 2006
International conference proceedings, English

Toward the Fair Anonymous Signatures:Deniable Ring Signatures
Yuichi Komano; Kazuo Ohta; Atsushi Shimbo; Shinichi Kawamura
CT-RSA, LNCS, 3860, 174-191, 2006, Peer-reviwed
International conference proceedings, English

Formal Security Model of Multisignatures
Yuichi komano; Kazuo Ohta; Atsushi Shimbo; Shinichi Kawamura
Proc.of ISC2006, LNCS, 4176, 146-160, 2006, Peer-reviwed
International conference proceedings, English

Universally Composable Ring Signature
Kazuki Yoneyama; Yoshikazu Hanatani; Santoso Bagus; Kazuo Ohta
Proc. of IWSEC2006, 99-110, 2006, Peer-reviwed
International conference proceedings, English

Improved Collision Attack on MD4 with Probability Almost 1
Yusuke Naito; Yu Sasaki; Noboru Kunihiro; Kazuo Ohta
ICICS2005, LNCS, 3935, 129-145, Jul. 2005, Peer-reviwed
International conference proceedings, English

物理的実現可能性に優れたNMR量子探索アルゴリズム
大久保 誠也; 西野 哲朗; 太田 和夫; 國廣 昇
情報処理学会論文誌, Information Processing Society of Japan (IPSJ), 46, 6, 1416-1425, Jun. 2005, Peer-reviwed, In this paper, we propose a new quantum search algorithm on NMR (Nuclear Magnetic Resonance) quantum computers (NMRQCs for short) with the measurement accuracy ε<1. That is, we propose a new NMR quantum search algorithm to solve search problems which have multiple solutions. Our algorithm can search one solution with certainty using εN+min{n, log1/ε} oracle calls, where N is the cardinality of the search space. Since, it is known that the ordinary quantum computer requires N oracle calls to solve the search problem with certainty, our NMR quantum search algorithm solves the problem more efficiently. Then, we show that our algorithm can be executed with small number of qubits for the problems where the quantum oracle can be reconstructed. Since, our algorithm requires short entanglement time, we can conclude that our algorithm is highly physically realizable.
Research society, Japanese

Solutions to Security Problems of Rivest and Shamir's Pay Word Scheme
Norio Adachi; Satoshi Aoki; Yuichi Komano; Kazuo Ohta
IEICE Transactions, E88-A, 1, 195-202, Jan. 2005, Peer-reviwed
Scientific journal, English

On the Security of Probabilistic Multisignature Schemes and Their Optimality
Yuichi Komano; Kazuo Ohta; Atsushi Shimbo; Shinichi Kawamura
Proceedings of MyCrypt2005, LNCS, 3715, 132-150, 2005, Peer-reviwed
International conference proceedings, English

Quantum Algorithms for Solving The Exact Shortest Vector Problem
Naoki Kanayama; Masanari Kida; Noboru Kunihiro; Tetsuro Nishino Kazuo Ohta; Seiya Okubo
EQIS, 179-180, 2005, Peer-reviwed
International conference proceedings, English

Analysis on the Clockwise Transposition Routing for Dedicatede Factoring Devices
Tetsuya Izu; Noboru Kunihiro; Kazuo Ohta; Takeshi Shimoyama
WISA2005, LNCS, 3786, 232-242, 2005, Peer-reviwed
International conference proceedings, English

Bulk量子計算モデル上におけるGroverのアルゴリズムの繰り返し回数について
大久保 誠也; 西野 哲朗; 太田 和夫; 國廣 昇
情報処理学会論文誌：数理モデル化と応用, 46, SIG17(TOM13), 10-19, 2005, Peer-reviwed
Scientific journal, Japanese

Probabilistic Multi-Signature Schemes using a One-Way Trapdoor Permutation
K. Kawauchi; Y. Komano; K. Ohta; M. Tada
IEICE Transactions on Fundamentals, E87-A, 5, May 2004, Peer-reviwed
Scientific journal, English

OAEP-ES ―Methodology of Universal Padding―
Yuichi Komano; Kazuo Ohta
IEICE TRANSACTIONS, 87, 1, 110-119, Jan. 2004, Peer-reviwed
Scientific journal, English

Taxonomic Consideration to OAEP Variants and Their Sicurity
Yuichi Komano; Kazuo Ohta
Proc.of ICICS2004, LNCS, 3269, 105-117, 2004, Peer-reviwed
International conference proceedings, English

Non-linear Function Ramp Scheme
Kazuki Yoneyama; Noboru Kunihiro; Bagus Santoso; Kazuo Ohta
ISITA, ISITA, ?, 2004, Peer-reviwed
International conference proceedings, English

A Quantum Algorithm for Finding the Minimum on NMR Quantum Computers
Seiya Okubo; Tetsuro Nishino; Kazuo Ohta; Noboru Kunihiro
ERATO Workshop on Quantum Information Science 2004, ?, 2004, Peer-reviwed
International conference proceedings, English

Efficient Unversal Padding Techniques for Multiplicative Trapdoor One-way Permutation
Yuichi Komano; Kazuo Ohta
Crypto '03, Lecture Notes in Computer Science, Springer Verlag, LNCS, 2729, 365-381, Aug. 2003, Peer-reviwed
International conference proceedings, English

The security problems of Rivest and Shamir's PayWord scheme
N Adachi; S Aoki; Y Komano; K Ohta
IEEE INTERNATIONAL CONFERENCE ON E-COMMERCE, IEEE COMPUTER SOC, 20-23, 2003, Peer-reviwed, The PayWord Scheme was proposed by Rivest and Shamir for micropayments. This paper points out that it has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer's credit which the bank has guaranteed by issuing the certificate. In general, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer's purchases; and Position 2: the bank doesn't redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs.
In the Pay Word Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank.
International conference proceedings, English

A quantum algorithm using NMR computers to break secret-key cryptosystems
K Ohta; T Nishino; S Okubo; N Kunihiro
NEW GENERATION COMPUTING, SPRINGER-VERLAG, 21, 4, 347-361, 2003, Peer-reviwed, In this paper, we discuss quantum algorithms that, for a given plaintext m(O) and a given ciphertext c(O), will find a secret key, k(O), satisfying c(O) = E(k(O), m(O)), where an encryption algorithm, E, is publicly available. We propose a new algorithm suitable for an NMR (Nuclear Magnetic Resonance) computer based on the technique used to solve the counting problem. The complexity of our algorithm decreases as the measurement accuracy of the NMR computer increases. We discuss the possibility that the proposed algorithm is superior to Grover's algorithm based on initial experimental results.
Scientific journal, English

Two Efficient Quantum Search Algorithms on NMR Quantum Computers
Seiya Okubo; Tetsuro Nishino; Kazuo Ohta; Noboru Kunihiro
ERATO Workshop on Quantum Information Science 2003, EQIS2003, 2003, Peer-reviwed
International conference proceedings, English

The study on quantum algorithm using NMR computers for code breaking of secret key cryptosystems
Kazuo Ohta; Tetsuro Nishino; Seiya Okubo
ERATO Workshop on Quantum Information Science 2002, 54-55, Sep. 2002, Peer-reviwed
International conference proceedings, English

Security of RSA Public Key Cryptosystems
Santos Bagus; Kazuo Ohta
Proc. of International Workshop on Modern Science and Technology 2002, 1-8, Sep. 2002, Peer-reviwed
International conference proceedings, English

Accountable-Subgroup Multisignatures
Micali,S; Ohta,K; Reyzin,L
CCS'01 (Proceedings of the 8th ACM Conference on Computer and Communication Security) (ISBN 1-58113-385-5), ACM Press, 245-254, 06 Nov. 2001, Peer-reviwed
International conference proceedings, English

ＳＰＮ構造における線形変換層の一設計法
Kanda, M; Moriai, S; Aoki, K; Ueda, H; Takashima, Y; underline{Ohta,K; Matsumoto, T
情報処理, 21世紀のコンピュータセキュリティ技術特集号,, 42, 8, 2087--2097, Aug. 2001, Peer-reviwed
Scientific journal, Japanese

Another Exhaustive Key Search of Common-Key Cryptosystems
Ohta,K; Nishino,T
ERATO Workshop on Quantum Information Science 2001, pp.35, Aug. 2001, Peer-reviwed
International conference proceedings, English

Cryptographic Works of Dr.Kenji Koyama:In Memoria
Noboru KUNIHIRO; Kazuo OHTA; Tatsuaki OKAMOTO; Routo TERADA; Yukio TSURUOKA
IEICE TRABS.FUNDAMENTALS, Vol.E84-A, Jan. 2001
Scientific journal, English

E2 - A new 128-bit block cipher
M Kanda; S Moriai; K Aoki; H Ueda; Y Takashima; K Ohta; T Matsumoto
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E83A, 1, 48-59, Jan. 2000, Peer-reviwed, This paper describes the design principles, the specification, and evaluations of a new 128-bit block cipher E2**, which was proposed to the AES (Advanced Encryption Standard) candidates. This algorithm supports 128-bit, 192-bit, and 256-bit secret keys. The design philosophy of E2 is highly conservative; the structure uses 12-round Feistel as its main function whose round function is constructed with 2-round SPN structure. and initial/final transformational functions. E2 has practical security against differential attack, linear attack, cryptanalysis with impossible differential, truncated differential attack, and so on. Furthermore, E2 can be implemented efficiently and flexibly on various platforms because the primitive operations involve byte length processing.
Scientific journal, English

Triple DES を巡る最近の標準化動向について
谷口 文一; 太田 和夫; 大久保 美也子
日本銀行金融研究所 金融研究, 日本銀行金融研究所, 18, 別冊1, 29-49, Sep. 1999, Peer-reviwed, Invited
Research institution, Japanese

A strategy for constructing fast round functions with practical security against differential and linear cryptanalysis
M Kanda; Y Takashima; T Matsumoto; K Aoki; K Ohta
SELECTED AREAS IN CRYPTOGRAPHY, SPRINGER-VERLAG BERLIN, 1556, 264-279, 1999, Peer-reviwed, In this paper, we study a strategy for constructing fast and practically secure round functions that yield sufficiently small values of the maximum differential and linear probabilities p, q. We consider mn-bit round functions with 2-round SPN structure for Feistel ciphers.
In this strategy; we regard a linear transformation layer as an n x n matrix P over {0,1}. We describe the relationship between the matrix representation and the actual construction of the linear transformation layer. We propose a search algorithm for constructing the optimal linear transformation layer by using the matrix representation in order to minimize probabilities p, q as much possible. Furthermore, by this algorithm, we determine the optimal linear transformation layer that provides p less than or equal to p(s)(5), q less than or equal to q(s)(5) in the case of n = 8, where p(s), q(5) denote the maximum differential and linear probabilities of s-box.
Scientific journal, English

Multi-signature schemes secure against active insider attacks
K Ohta; T Okamoto
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E82A, 1, 21-31, Jan. 1999, Peer-reviwed, This paper proposes the first provably secure multi-signature schemes under the random oracle model. The security of our schemes can be proven in the sense of concrete security in Ref. [13]. The proposed schemes are efficient if the random oracle is replaced by practical hash functions. The essential techniques in our proof of security are the optimal reduction from breaking the corresponding identification to breaking signatures (ID Reduction Technique), and the hierarchical heavy row lemmas used in the concrete reduction from solving the primitive problem to breaking the identification scheme.
Scientific journal, English

Remarks on transformable digital signatures
K Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E81A, 5, 814-817, May 1998, Peer-reviwed, This paper describes two attacks against blind decryption (decode) based on the commutative random-self reducibility and RSA systems utilizing the transformability of digital signatures proposed in [2]. The transformable digital signature was introduced in [2],[8] for defeating an oracle attack, where the decrypter could be abused as an oracle to release useful information for an attacker acting as a requester of blind decryption. It was believed in [2], [8] that the correctness of a query to an oracle was ensured by the transformable signature derived from an original signature issued by the decrypter in advance, and a malicious query to an oracle could be detected before the blind decryption by the decrypter or would lead to release no useful information to an attacker. The first attack can decrypt all encrypted data with one access to an oracle. The second one generates a valid signature for an arbitrary message selected by an attacker abusing the validation check procedure.
Scientific journal, English

Security of the Extended Fiat-Shamir Scheme
Ohta,K; Okamoto,T
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science Special Section on Cryptography and Information Security, E81-A, 1, 65-71, Jan. 1998, Peer-reviwed
Scientific journal, English

One-time Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash
Okamoto,T; Ohta,K
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science，Special Section on Cryptography and Information Security, E81-A, 1, 2-10, Jan. 1998, Peer-reviwed
Scientific journal, English

Linear cryptanalysis of FEAL
K Aoki; K Ohta; S Moriai; M Matsui
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E81A, 1, 88-97, Jan. 1998, Peer-reviwed, This paper applies linear cryptanalysis to FEAL and describes the experimental results of attacking FEAL-8 by linear cryptanalysis. The following points are important in linear cryptanalysis to reduce the processing amount and memory size in the attack: 1) to find linear expressions with as high a deviation as possible, and 2) to reduce the number of effective key bits and effective text bits. We have succeeded in attacking FEAL-8 in about 1 hour on a low-end workstation (SPARCstation 10 Model 30). We have confirmed that the entire set of subkeys of FEAL-8 can be derived from 2(25) known plaintexts with a success rate of over 70%, and From 2(26) known plaintexts with a success rate of almost 100%.
Scientific journal, English

Collision search of a hash function by using random mapping
H Morita; H Odagi; K Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E81A, 1, 35-40, Jan. 1998, Peer-reviwed, This paper proposes to apply random mapping methods of a pseudo random function to find collisions of a hash Function. We test a hash function including a block cipher (see ISO/IEC 10118-2[6]) with computers, where users can select its initial vector. In particular, the paper shows that a hash function with multiple stages generates a lot of collision hash values, so our probabilistic consideration of a small model for the hash function well explains the computational results. We show that it's feasible to find collisions between the selected messages in advance for 64-bit-size hash Functions with WSs linked via an ordinary LAN (Local Area Network). Thus, it is dangerous to use the hash function - single block mode - defined in [6] and [7].
Scientific journal, English

On Concrete Security Treatment of Signatures Derived from Identification
Ohta,K; Okamoto,T
Crypto'98, Lecture Notes in Computer Science，Springer Verlag, 1462, 354-369, 1998, Peer-reviwed
International conference proceedings, English

Remarks on Blind Decryption.
Kazuo Ohta
Information Security, First International Workshop, ISW '97, . Lecture Notes in Computer Science, Springer (ISBN 3-540-64382-6), 1319, 109-115, 1998, Peer-reviwed
International conference proceedings, English

On strict estimation method of provable security against differential and linear cryptanalysis.
Yasuyoshi Kaneko; Shiho Moriai; Kazuo Ohta
Information and Communication Security, First International Conference, ICICS'97, Lecture Notes in Computer Science, Springer (ISBN 3-540-63696-X), 1334, 258-268, 1998, Peer-reviwed
International conference proceedings, English

Strict evaluation of the maximum average of differential probability and the maximum average of linear probability
K Aoki; K Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E80A, 1, 2-8, Jan. 1997, Peer-reviwed, Nyberg and Knudsen proved that the maximum average of differential probability (ADP(max)) and the maximum average of linear probability (ALP(max)) of Feistel cipher with over 4 rounds can be evaluated as ADP(max) less than or equal to 2DCP(max)(2) and ALP(max) less than or equal to 2LCP(max)(2) using the maximum of differential characteristic probability (DCPmax) and the maximum of linear characteristic probability (LCP(max)) per round. This paper shows ADP(max) less than or equal to DCPmax2 and ALP(max) less than or equal to LCP(max)(2) if the F function is a bijection and the Feistel cipher has more than 3 rounds. The results prove that Feistel ciphers are stronger against differential and linear cryptanalyses than previously thought. Combining this result with that of Luby and Rackoff, the implication is that the 3-round Feistel cipher could be used as a building block cipher for the construction of provable secure block cipher algorithm.
Scientific journal, English

Key-dependency of linear probability of RC5
S Moriai; K Aoki; K Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E80A, 1, 9-18, Jan. 1997, Peer-reviwed, In estimating the vulnerability of a block cipher to differential cryptanalysis and linear cryptanalysis, we must consider the fact that the differential probability and the linear probability vary with the key. In the case of cryptosystems where the round key is XORed to the input data of each round, the difference in both types of probability with different keys is regarded as negligible. However, this is not the case with RC5. This paper makes a primary analysis of the key-dependency of linear probability of RC5. Throughout this paper we study ''precise'' linear probability. We find some linear approximations that have higher deviation (bias) for some keys than the ''best linear approximation'' claimed by Kaliski and Yin in CRYPTO'95. Using one linear approximation, we find 10 weak keys of RC5-4/2/2 with linear probability 2(-1), 2 weak keys of RC5-4/5/16 with linear probability 2(-2) and a weak key of RC5-16/5/16 with linear probability 2(-15.4), while Kaliski-Yin's ''best biases'' are 2(-3), 2(-9), and 2(-17), respectively.
Scientific journal, English

The best linear expression search of FEAL
S Moriai; K Aoki; K Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E79A, 1, 2-11, Jan. 1996, Peer-reviwed, It is important to find the best linear expression to estimate the vulnerability of cryptosystems to Linear Cryptanalysis. This paper shows the results of the best linear expressions search of FEAL-N (N less than or equal to 32) and discusses the security of FEAL against Linear Cryptanalysis. We improve Matsui's search algorithm which determines the best linear expressions, and apply it to FEAL. The improved search algorithm finds all the best linear expression of FEAL-N (N less than or similar to 32) much faster than the original; the required time is decreased from over three months to about two and a half days. We find the best linear expressions of FEAL-7, FEAL-15, and FEAL-31 with deviations of 1.15 x 2(-8), 1.48 x 2(-20), and 1.99 x 2(-41), respectively. These linear expressions have higher deviations than those derived from Biham's 4-round iterative linear approximations. Using these data we calculated the number of known plaintexts required to attack FEAL-8, FEAL-16, and FEAL-32. It is proved that FEAL-32 is secure against Linear Cryptanalysis.
Scientific journal, English

Differential-linear cryptanalysis of FEAL-8
K Aoki; K Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E79A, 1, 20-27, Jan. 1996, Peer-reviwed, In CRYPTO'94, Langford and Hellman attacked DES reduced to 8-round in the chosen plaintext scenario by their ''differential-linear cryptanalysis,'' which is a combination of differential cryptanalysis and linear cryptanalysis. In this paper, a historical review of differential-linear cryptanalysis, our formalization of differential-linear cryptanalysis, and the application of differential-linear cryptanalysis to FEAL-8 are presented. As a result, though the previous best method (differential cryptanalysis) required 128 chosen plaintexts, only 12 chosen plaintexts are sufficient, in computer experimentations, to attack FEAL-8.
Scientific journal, English

Improving the Search Algorithm for the Best Linear Expression.
Kazuo Ohta; Shiho Moriai; Kazumaro Aoki
CRYPTO '95 Lecture Notes in Computer Science (ISBN 3-540-60221-6), No.963, 157-170, 1995, Peer-reviwed
International conference proceedings, English

Message Authentication Codes and Differential Attacks
Ohta,K; Matsui,M
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science, E77-A, No,1, 8-14, Jan. 1994, Peer-reviwed
Scientific journal, English

New Proposal and Comparison of Closure Tests --- More EÆcient than the CRYPTO'92 Test for DES --
Morita, H; Ohta,K
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E77-A, No.1, 15-19, Jan. 1994, Peer-reviwed
Scientific journal, English

Linear Cryptoanalysis of the Fast Data Encipherment Algorithm
Ohta, K; Aoki,K
Crypto'94 Lecture Notes in Computer Science (ISBN 3-540-58333-5), No.839, 12-16, 1994, Peer-reviwed
International conference proceedings, English

Differential Attack on Message Authentication Codes.
Kazuo Ohta; Mitsuru Matsui
CRYPTO '93 Lecture Notes in Computer Science (ISBN 3-540-57766-1), No.773, 200-211, 1994, Peer-reviwed
International conference proceedings, English

理想的電子現金方式の一方法
岡本 龍明; 太田 和夫
電子情報通信学会論文誌D-1, J76-DI, No.6, 315-323, Jun. 1993, Peer-reviwed
Scientific journal, Japanese

A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme.
Kazuo Ohta; Tatsuaki Okamoto
ASIACRYPT '91, Lecture Notes in Computer Science (ISBN 3-540-57332-1), Springer-Verlag, No.739, 139-148, 1993, Peer-reviwed
International conference proceedings, English

Results of Switching-Closure-Test on FEAL (Extended Abstract).
Hikaru Morita; Kazuo Ohta; Shoji Miyaguchi
ASIACRYPT '91, Lecture Notes in Computer Science (ISBN 3-540-57332-1), No.739, 247-252, 1993, Peer-reviwed
International conference proceedings, English

Secure bit commitment function against divertibility
Kazuo Ohta; Tatsuaki Okamoto; Atsushi Fujioka
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, 658, 324-340, 1993, Peer-reviwed, Some zero-knowledge interactive proofs (ZKIPs) have divertibility, that is, evidence of proof issued by a genuine prover, A, can be transferred to plural verifiers, B and then C, where the intermediate verifier, B, acts as A, with A’s help, to confound the other verifier C without revealing the relation between the A-B interaction and the B-C interaction. This property is a serious problem in practice, e.g. the mafia fraud attack on identification scheme and the multi-verifier attack against undeniable signatures. This paper proposes a new concept, security against divertibility, and proves that Naor’s bit commitment function based on pseudo-random generators is secure against divertibility under the reasonable assumption. Usage of this bit commitment in ZKIP can convert a divertible ZKIP to a divertible-free-ZKIP which is secure against the mafia fraud attack and the multi-verifier attack.
International conference proceedings, English

A Practical Secret Voting Scheme for Large Scale Elections.
Atsushi Fujioka; Tatsuaki Okamoto; Kazuo Ohta
AUSCRYPT '92, Lecture Notes in Computer Science (ISBN 3-540-57220-1), No.718, 244-251, 1993, Peer-reviwed
International conference proceedings, English

A SWITCHING CLOSURE TEST TO ANALYZE CRYPTOSYSTEMS
H MORITA; K OHTA
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E75A, 4, 498-503, Apr. 1992, Peer-reviwed, A closure test MCT (meet-in-the-middle closure test) has been introduced to analyze the algebraic properties of cryptosystems (3). Since MCT needs a large amount of memory, it is hard to implement with an ordinary meet-in-the-middle method. As a feasible version of MCT, this paper presents a switching closure test SCT based on a new memoryless meet-in-the-middle method. To achieve the memoryless method, appropriate techniques, such as expansion of cycling detection methods for one function into a method for two functions and an efficient intersection search method that uses only a small amount of memory, are effectively used.
Scientific journal, English

Interactive Bi-Proof Systems and Undeniable Signature Schemes
Fujioka,A; Okamoto,T; Ohta,K
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E75-D, No.1, 102-109, Jan. 1992, Peer-reviwed
Scientific journal, English

Universal Electronic Cash.
Okamoto,T; Ohta,K
Crypt'91, Lecture Notes in Computer Science (ISBN 3-540-55188-3), No.576, 324-337, 1992, Peer-reviwed
International conference proceedings, English

A Switching Closure Test to Analyze Cryptosystems.
Hikaru Morita; Kazuo Ohta; Shoji Miyaguchi
Crypt'91, Lecture Notes in Computer Science (ISBN 3-540-55188-3), No.576, 183-193, 1992, Peer-reviwed
International conference proceedings, English

ABUSES OF UNDENIABLE SIGNATURES AND THEIR COUNTERMEASURES
K OHTA; T OKAMOTO; A FUJIOKA
IEICE TRANSACTIONS ON COMMUNICATIONS ELECTRONICS INFORMATION AND SYSTEMS, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, 74, 8, 2109-2113, Aug. 1991, Peer-reviwed, This paper describes an attack that allows plural verifiers to check the validity of a signature simultaneously in Chaum's zero knowledge undeniable signature scheme, where if a malicious person takes part in the attack procedure as one verifier, the non-transitivity of a signature is suspect, and also proposes countermeasures to the attack.
Scientific journal, English

MEMBERSHIP AUTHENTICATION FOR HIERARCHICAL MULTIGROUPS USING THE EXTENDED FIAT-SHAMIR SCHEME
K OHTA; T OKAMOTO; K KOYAMA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER VERLAG, 473, 446-457, 1991, Peer-reviwed, We propose two membership authentication schemes that allow an authorized user to construct one master secret key for accessing the set of hierachically ordered groups defined by the user, without releasing any private user information. The key allows the user to prove his membership of his true groups and all lower groups, without revealing his name or true groups. The user can calculate the secret member information needed to access a group from his master secret key, and can convince a verifier using the extended Fiat-Shamir scheme. Each of two proposed schemes can generate the master secret key. To ensure the user's privacy, one uses the blind signature and pseudonym encryption techniques, and the other uses Euclid's algorithm. Because each user stores only one master secret key, memory usage is very efficient. Moreover, verifiers can check membership validity using public information independent of the number of users in an off-line environment. Therefore, our schemes are suitable for smart card applications.
Scientific journal, English

CONFIRMATION THAT SOME HASH FUNCTIONS ARE NOT COLLISION-FREE
S MIYAGUCHI; K OHTA; M IWATA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 473, 326-343, 1991, Peer-reviwed, Hash functions are used to compress messages into digital signatures. A hash function has to be collision free; i.e., it must be computationally infeasible to construct different messages which output the same hash-value. This paper shows that five hash functions are not collision free, including the assumptions that an attacker can modify an initial value of the hash function. These hash functions are analyzed from the standpoints of their structure, the complementation property and the weak keys of the block ciphers used in them. As a result, it is clear that many pairs of messages can be created to generate the same hash-values. Therefore, users desiring to use these hash functions should be notified of their weakness.
Scientific journal, English

HOW TO UTILIZE THE RANDOMNESS OF ZERO-KNOWLEDGE PROOFS
T OKAMOTO; K OHTA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 537, 456-475, 1991, Peer-reviwed, In zero-knowledge interactive proofs, a lot of randomized information is exchanged between the prover and the verifier, and the randomness of the prover is used in satisfying the zero-knowledge condition. In this paper, we show a new methodology that utilizes the randomness of the prover in a zero-knowledge proof for some positive objectives as well as for zero-knowledge condition. Based on this idea, we propose two types of applications; key distribution, and digital signature. We propose identity-based key distribution schemes that are provably secure against strong active attacks (chosen-message-known-key active attacks) assuming the difficulty of factoring a composite number. In addition, we show that non-transitive digital signature schemes can be constructed if and only if a one-way function exists. We also show some practical non-transitive digital signature schemes. A new general method of constructing identity-based cryptographic schemes is presented as an application of the identity-based non-transitive digital signature schemes. We also propose a new digital signature scheme based on the (extended) Fiat-Shamir identification scheme.
Scientific journal, English

INTERACTIVE BI-PROOF SYSTEMS AND UNDENIABLE SIGNATURE SCHEMES
A FUJIOKA; T OKAMOTO; K OHTA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 547, 243-256, 1991, Peer-reviwed, This paper proposes a new construction of the minimum knowledge undeniable signature scheme which solves a problem inherent in Chaum's scheme. We formulate a new proof system, the minimum knowledge interactive bi-proof system, and a pair of languages, the common witness problem, based on the random self-reducible problem. And we show that any common witness problem has the minimum knowledge interactive biproof system. A practical construction for undeniable signature schemes is proposed based on such a proof system. These schemes assure signature confirmation and disavowal with the same protocol (or at the same time).
Scientific journal, English

Direct Zero Knowledge Proofs of Computational Power in Five Rounds.
Tatsuaki Okamoto; David Chaum; Kazuo Ohta
EUROCRYPT '91, Lecture Notes in Computer Science (ISBN 3-540-54620-0), No.547, 96-105, 1991, Peer-reviwed
International conference proceedings, English

Membership Authentication for Hierarchical Multi groups Using a Master Secret Key
Ohta,K; Okamoto,T
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E73, No.7, 1107-1110, Jul. 1990, Peer-reviwed
Scientific journal, English

The Construction of Collision Messages for Hash Functions
Iwata,M; Ohta,K; Miyaguchi,S
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E73, No.7, 1100-1106, Jul. 1990, Peer-reviwed
Scientific journal, English

Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducible
Okamoto,T; Ohta,K
Eurocrypt'89,Lecture Notes in Computer Science (ISBN 3-540-53433-4), No.434, 134-149, 1990, Peer-reviwed
International conference proceedings, English

A MODIFICATION OF THE FIAT-SHAMIR SCHEME
K OHTA; T OKAMOTO
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 403, 232-243, 1990, Peer-reviwed
Scientific journal, English

DISPOSABLE ZERO-KNOWLEDGE AUTHENTICATIONS AND THEIR APPLICATIONS TO UNTRACEABLE ELECTRONIC CASH
T OKAMOTO; K OHTA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 435, 481-496, 1990, Peer-reviwed
Scientific journal, English

MEET-IN-THE-MIDDLE ATTACK ON DIGITAL SIGNATURE SCHEMES
K OHTA; K KOYAMA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 453, 140-154, 1990, Peer-reviwed
Scientific journal, English

RSA暗号系を利用した個人識別情報に基づく認証方式
太田 和夫
電子情報通信学会論文誌D-1, J72-D-1, No.8, 612-620, Aug. 1989, Peer-reviwed
Scientific journal, Japanese

個人識別情報に基づき2者以上で共通鍵を生成する方式
小山 謙二; 太田 和夫
電子情報通信学会論文誌D-1, J72-D-1, No.1, 50-56, Jan. 1989, Peer-reviwed
Scientific journal, Japanese

IDENTITY-BASED CONFERENCE KEY DISTRIBUTION-SYSTEMS
K KOYAMA; K OHTA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 293, 175-184, 1988, Peer-reviwed
Scientific journal, English

SECURITY OF IMPROVED IDENTITY-BASED CONFERENCE KEY DISTRIBUTION-SYSTEMS
K KOYAMA; K OHTA
LECTURE NOTES IN COMPUTER SCIENCE, SPRINGER, 330, 11-19, 1988, Peer-reviwed
Scientific journal, English

暗号通信における3階層複合形鍵配送方式
小林 哲二; 太田 和夫
電子情報通信学会論文誌D, J70-D, No.12, 2722-2729, Dec. 1987, Peer-reviwed
Scientific journal, Japanese

公開マスタ鍵を用いた安全かつ効率のよい同報暗号方式
太田 和夫
電子情報通信学会論文誌D, J70-D, No.8, 1616-1624, Aug. 1987, Peer-reviwed
Scientific journal, Japanese

混合型ディジタル署名に対する中間一致攻撃
太田 和夫; 小山 謙二
電子情報通信学会論文誌D, J70-D, No.2, 415-422, Feb. 1987, Peer-reviwed
Scientific journal, Japanese

共通鍵暗号による秘匿検索暗号のセキュリティ
太田 和夫
Mar. 2017, 日本銀行金融研究所 ディスカッション・ペーパー・シリーズ, 2017-J-5, Japanese, Peer-reviwed, Invited, Introduction other

暗号における理論と実装のギャップ ---置き換えアプローチの二面性---,
太田 和夫; 國廣 昇; Bagus Santoso
Dec. 2008, 応用数理学会誌, 18, 4, 62-73, Japanese, Introduction other

暗号への脅威「サイドチャネル攻撃」とその対策
﨑山 一男; 太田 和夫
Oct. 2008, 「科学」報告・解説, ?, Japanese, Introduction other

暗号への脅威「サイドチャネル攻撃」とその対策
﨑山 一男; 太田 和夫
Oct. 2008, Science Journal KAGAKU, 78, 10, 1080-1083, Japanese, Introduction other

暗号学における双対性 ---ゴールとシナリオの間には---
太田 和夫; 國廣 昇
Jun. 2008, 応用数理学会誌, 18, 2, 71-78, Japanese, Introduction other

RSA 暗号に対する格子理論に基づく攻撃
國廣 昇; 太田 和夫
The Japan Society for Industrial and Applied Mathematics, Mar. 2008, 応用数理学会誌, 18, 1, 23-29, Japanese, Introduction other, 0917-2270, 110006633782, AN10288886

RSA暗号に対する格子理論に基づく攻撃（その２）
國廣昇; 太田和夫
2008, 応用数理学会誌, 18, 3, 44-51, Japanese, Introduction other

APOP が破られた
國廣 昇; 太田 和夫
2008, 電子情報通信学会誌, 91, 9, 822-825, Japanese, Introduction other

安全性を証明可能なハッシュ関数の設計論
太田 和夫; 國廣 昇; 王 磊
2008, 電子情報通信学会誌, 91, 3, 218-223, Japanese, Peer-reviwed, Introduction other

証明可能安全性理論に向けて
太田 和夫
Jun. 2007, 電子情報通信学会誌, 90, 6, 426-430, Japanese, Peer-reviwed, Introduction other

暗号の米政府標準方式が危機に
國廣 昇; 太田 和夫
Nov. 2005, Sceince Journal 科学 別冊（岩波書店）, 75, 11, 1235-1237, Japanese, Introduction other

電子オークションプロトコルの技術動向 -- 第一価格秘密入札方式について --
太田 和夫; 今井 識; 森田 光
2003, 電子情報通信学会東京支部学生会学生会報, 8, 7-13, Japanese, Invited, Introduction other

セキュリティシステム技術
太田 和夫
Aug. 1999, セキュリティシステム技術調査専門委員会，電気学会技術報告，3.3 章を担当, 738, 31-35, Japanese, Introduction other

電子マネーを構成する情報セキュリティ技術と安全性評価
中山 靖司; 松本 勉; 太田 和夫
Apr. 1999, 日本銀行金融研究所 金融研究, 18, 2, 57-114, Japanese, Peer-reviwed, Introduction other

共通鍵暗号を取り巻く現状と課題 --- DES から AES へ ---
宇根 正志; 太田 和夫
Apr. 1999, 日本銀行金融研究所 金融研究, 18, 2, 115-193, Japanese, Peer-reviwed, Introduction other

暗号解読法の進歩と次期米国標準暗号(AES)制定の動き
太田 和夫
Jul. 1998, Computer Today, ネットワークシステムと暗号, 86, 10-17, Japanese, Introduction other

電子マネーの技術的側面
太田 和夫
Jan. 1997, 特許庁 庁内機関紙 特技懇, 190, 19-30, Japanese, Introduction other

暗号の攻撃・解読法：差分攻撃法
太田 和夫; 青木 和麻呂
Jun. 1996, 情報処理, 37, 6, 521-525, Japanese, Peer-reviwed, Introduction other

セキュリティ応用--ディジタルキャッシュ--
太田 和夫
Feb. 1996, 電子情報通信学会, 79, 2, 131-140, Japanese, Peer-reviwed, Introduction other

クラスNPの新しい特徴づけ--確率的検査可能証明と近似問題--
太田 和夫; 岡本 龍明
Jan. 1994, 情報処理, 35, 1, 55-68, Japanese, Peer-reviwed, Introduction other

ゼロ知識証明の応用
太田 和夫; 藤岡 淳
Jun. 1991, 情報処理, 32, 6, 654-662, Japanese, Peer-reviwed, Introduction other

PRACTICAL EXTENSION OF FIAT-SHAMIR SCHEME
K OHTA; T OKAMOTO
INST ENGINEERING TECHNOLOGY-IET, Jul. 1988, ELECTRONICS LETTERS, 24, 15, 955-956, English, Peer-reviwed, Report scientific journal, 0013-5194, 1350-911X, WOS:A1988P581300033

EFFICIENT IDENTIFICATION AND SIGNATURE SCHEMES
K OHTA
INST ENGINEERING TECHNOLOGY-IET, Jan. 1988, ELECTRONICS LETTERS, 24, 2, 115-116, English, Peer-reviwed, Report scientific journal, 0013-5194, 1350-911X, WOS:A1988M171400027

情報セキュリティの標準化の動向について
太田 和夫
Mar. 1980, 電子情報通信学会, 72, 3, 297-305, Japanese, Peer-reviwed, Introduction other

「数学ゲーム必勝法」, Elwyn R. Berlekamp, John H. Conway, Richard K. Guy, “Winning Ways for Your Mathematical Plays,” (A K Peters/CRC Press, 2001) の訳本
小林欣吾; 佐藤創; 監
Japanese, Joint translation, 第4章 除去と分割, 共立出版, 25 Dec. 2016

Fault Analysis in Cryptography
Junko Takahashi; Toshinori Fukunaga; Shigeto Gomisawa; Yang Li; Kazuo Sakiyama; Kazuo Ohta
English, Joint work, Fault Injection and Key Retrieval Experiments on an Evaluation Board, Springer, 2012

ゲーム列による安全性証明の基礎
花谷 嘉一; 太田 和夫
Japanese, Joint work, 第3章 数理的技法による情報セキュリティ（シリーズ応用数理）, 共立出版, Jul. 2010

タスク構造確率I/O オートマトンを用いた安全性証明
米山 一樹; 太田 和夫
Japanese, Joint work, 第5章 数理的技法による情報セキュリティ（シリーズ応用数理）, 共立出版, Jul. 2010

計算理論の基礎, Michael Sipser Introduction to the Theory of Computation Second Edition，(Thomson Course Technology) の訳本 1.オートマトンと言語
太田 和夫; 田中 圭介
Japanese, Supervisor, 共立出版, 15 May 2008

計算理論の基礎, Michael Sipser Introduction to the Theory of Computation Second Edition，(Thomson Course Technology) の訳本 2.計算可能性の理論
太田 和夫; 田中 圭介
Japanese, Supervisor, 5章 帰着可能性, 共立出版, 15 May 2008

計算理論の基礎, Michael Sipser Introduction to the Theory of Computation Second Edition，(Thomson Course Technology) の訳本 3.複雑さの理論
太田 和夫; 田中 圭介
Japanese, Supervisor, 共立出版, 15 May 2008

ほんとうに安全？現代の暗号
太田 和夫; 國廣 昇
Japanese, Joint work, 岩波書店, May 2005

公開鍵暗号の安全性評価
太田 和夫
Japanese, Joint work, 情報セキュリティハンドブック・オーム社, Nov. 2004

暗号理論
太田 和夫; 國廣 昇
Japanese, Joint work, 岩波書店, Mar. 2004

情報セキュリティ
菊池 浩明; 宮地 充子
Japanese, Joint work, オーム社, Oct. 2003

情報セキュリティ事典，第20章：電子商取引の「電子マネー」を分担執筆
土居範久
Japanese, Joint work, 共立出版, Jul. 2003

情報セキュリティ事典，第9章：デジタル署名技術の「デジタル署名技術の基礎」
土居範久
Japanese, Joint work, 共立出版, Jul. 2003

現代暗号とマジックプロトコル 「暗号解読法の進歩と次期米国標準暗号(AES)制定の動き」
今井 秀樹; 編
Japanese, Joint work, 臨時別冊・数理科学 サイエンス社, Sep. 2000

計算理論の基礎, Michael Sipser Introduction to the Theory of Computation，(PWS Publishing Company) の訳本
渡辺 治; 太田 和夫
Scholarly book, Japanese, Supervisor, 共立出版, Apr. 2000

暗号と認証
太田 和夫; 岡本 龍明
Textbook, Japanese, Joint work, 第4章 ゼロ知識証明と電子現金プロトコル, 培風館, Dec. 1996

暗号・ゼロ知識証明・数論
太田 和夫
Japanese, Editor, 第2章ゼロ知識証明の応用 pp.37-52， 第5章確率的検査可能証明と近似問題 pp.92-115, 共立出版, Jun. 1995

情報セキュリティの科学－マジックプロトコルへの招待
太田 和夫; 黒澤 馨; 渡辺 治
Japanese, Joint work, ブルーバックス，講談社, Feb. 1995

初期文字列が29 文字の4 入力多数決Private PEZプロトコル
安部 芳紀; 山本 翔太; 岩本 貢; 太田 和夫
Oral presentation, Japanese, IT・ISEC・WBS合同研究会, ISEC, 7pages,
08 Mar. 2019

現代暗号研究の事始め ～ 1つのケーススタディ ～
太田 和夫
Invited oral presentation, Japanese, 電子情報通信学会 情報理論・情報セキュリティ・ワイドバンドシステム合同研究会, Invited, 電子情報通信学会, Domestic conference
08 Mar. 2019

効率的でフォワード安全な動的検索可能暗号
渡邉 洋平; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2019（SCIS2019）
24 Jan. 2019

Another Look at One-More Discrete Logarithm Problem in Generic Model
Bagus Santoso; Kazuo Ohta
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2019（SCIS2019）
24 Jan. 2019

不正検知可能な3入力多数決カードプロトコル
安部 芳紀; 山本 翔太; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2019（SCIS2019）
24 Jan. 2019

4入力多数決を計算する効率的なPrivate PEZプロトコル
山本 翔太; 安部 芳紀; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2019（SCIS2019）
24 Jan. 2019

共通鍵型マルチユーザ検索可能暗号の検索機能拡張
平野 貴人; 川合 豊; 小関 義博; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2019（SCIS2019）
24 Jan. 2019

Three‐Party Private Set Operation Protocols Using Polynomials and OPPRF
Wenjia Wang; Yoshiki Abe; Mitsugu Iwamoto; Kazuo Ohta
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2019（SCIS2019）
23 Jan. 2019

現実的な結託者のもとで最もシェア長の短いロバスト秘密 分散法,
渡邉洋平; 大原一真; 岩本貢; 太田和夫
Oral presentation, Japanese, ISEC,
25 Jul. 2018

3枚のカードで実現可能な3入力多数決プロトコル
黒木慶久; 古賀優太; 渡邉洋平; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2018（SCIS2018）
25 Jan. 2018

カードを用いた複数人でのマッチングプロトコル
古賀 優太; 鈴木 慎之介; 渡邉 洋平; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2018（SCIS2018）
25 Jan. 2018

マルチユーザで利用可能な共通鍵型秘匿検索に向けて
早坂 健一郎; 川合 豊; 小関 義博; 平野 貴人; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2018（SCIS2018）
25 Jan. 2018

ダミーエントリの作成方法に着目した共通鍵検索可能暗号CGKO方式の改良
野島 拓也; 渡邉 洋平; 岩本 貢; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2018（SCIS2018）
25 Jan. 2018

PUF応用に向けた新たな物理仮定と端末認証方式への応用
駒野 雄一; 岩本 貢; 太田 和夫; 崎山 一男
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2018（SCIS2018）
24 Jan. 2018

ロバスト秘密分散法CFOR方式における精密な安全性解析
鈴木慎之介; 渡邉洋平; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2018（SCIS2018）
24 Jan. 2018

検索可能暗号における最小漏洩情報に関する考察
中井雄士; 野島拓也; 岩本貢; 太田和夫
Oral presentation, Japanese, IT・ISEC・WBS合同研究会, ISEC (5), 7pages,
Mar. 2017

秘匿操作を用いた効率的なカードベース論理演算プロトコル
城内聡志; 中井雄士; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2017（SCIS2017）
24 Jan. 2017

カードを用いた複数人での金持ち比べプロトコル
徳重佑樹; 中井雄士; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2017（SCIS2017）
24 Jan. 2017

電子決済方式 MicroMint の潜在的な偽造脅威に対する安全性評価
鴨志田優一; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2017（SCIS2017）
24 Jan. 2017

検索クエリからの漏洩情報を削減した効率的な共通鍵型検索可能暗号
早坂健一郎; 川合豊; 小関義博; 平野貴人; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2017（SCIS2017）
24 Jan. 2017

リクエストベース比較可能暗号におけるシミュレーションベースの安全性
平野貴人; 小関義博; 川合豊; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2017（SCIS2017）
24 Jan. 2017

秘匿操作を用いた効率的なカードベース金持ち比べプロトコル
中井雄士; 三澤裕人; 徳重佑樹; 岩本貢; 太田和夫
Invited oral presentation, Japanese, 第39回情報理論とその応用シンポジウムワークショップ「カードを用いた暗号プロトコル」(SITA 2016), Invited, Domestic conference
Dec. 2016

長期間にわたって安全な地域医療連携システムの構築を目指して
小美濃つかさ; 駒野雄一; 岩本貢; 太田和夫
Oral presentation, Japanese, 第36 回医療情報学連合大会, （ポスターセッション）, Domestic conference
Nov. 2016

複数の暗号化索引を持つ共通鍵ベース秘匿検索の効率的なトラップドア生成
平野貴人; 岩本貢; 太田和夫
Oral presentation, Japanese, コンピュータセキュリティシンポジウム2016 (CSS2016), Domestic conference
12 Oct. 2016

人間向け暗号/認証プロトコルの統一的安全性評価
三澤裕人; 徳重佑樹; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2016（SCIS2016）
21 Jan. 2016

Joux-Lucksのマルチコリジョン探索アルゴリズムのMicroMintへの応用
鴨志田優一; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2016（SCIS2016）
21 Jan. 2016

共通鍵暗号型の秘匿部分一致検索（その１）
平野貴人; 川合豊; 太田和夫; 岩本貢
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2016（SCIS2016）
20 Jan. 2016

共通鍵暗号型の秘匿部分一致検索（その２）
平野貴人; 川合豊; 太田和夫; 岩本貢
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2016（SCIS2016）
20 Jan. 2016

グループ認証付鍵交換プロトコルの weak-SK-secure 性の形式検証
徳重佑樹; 花谷嘉一; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2016（SCIS2016）
19 Jan. 2016

ブロックサインの安全性に対するコードブックの影響
三澤裕人; 徳重佑樹; 岩本貢; 太田和夫
Oral presentation, Japanese, コンピュータセキュリティシンポジウム2015 (CSS2015), Domestic conference
Oct. 2015

物理的復元が容易な音響秘密分散法
徳重佑樹; 三澤裕人; 吉田文晶; 上床昌也; 岩本貢; 太田和夫
Oral presentation, Japanese, 電子情報通信学会マルチメディア情報ハイディング・エンリッチメント研究会 (EMM), Domestic conference
May 2015

正規言語を用いた鍵更新可能暗号の安全性解析
大宮翔児; 徳重佑樹; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

あるCKA2安全な検索可能暗号方式のトラップドアサイズを削減するための安全な分割手法
平野貴人; 川合豊; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

Joux-Lucks の3-collisions 探索アルゴリズムに対する改良および計算量の詳細な検討
鴨志田優一; 徳重佑樹; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

Corrupt耐性を持つセッションキー安全な秘密鍵失効機能付きSecret Handshake方
土屋喬文; 花谷嘉一; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

カードを用いた効率的な金持ち比べプロトコル
中井雄士; 徳重佑樹; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

カードベース暗号プロトコルにおける安全な選択処理
徳重佑樹; 中井雄士; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

簡易なブロックサインに対する暗号理論的安全性解析
三澤裕人; 徳重佑樹; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2015（SCIS2015）
Jan. 2015

同時実行攻撃に耐性を持つシンプルなSecret Handshake
土屋喬文; 徳重佑樹; 坂井祐介; 岩本貢; 太田和夫
Invited oral presentation, Japanese, 2014年暗号理論ワークショップ, Invited, Domestic conference
Mar. 2014

非対話開示機能付き公開鍵暗号からの頑健な閾値暗号の一般的構成
坂井祐介; 江村恵太; Jacob C; N. Schuldt; 花岡悟一郎; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

マルチステージゲームでのランダムオラクルとの置き換えの再考
内藤祐介; 米山一樹; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

暗号化索引追加後のSearchable Symmetric Encryptionの安全性の関係
平野貴人; 伊藤隆; 川合豊; 服部充洋; 松田規; 太田和夫; 坂井祐介
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

Cheating on Visual Secret Sharing Schemes in Practical Setting
P. Lumyong; M. Iwamoto; K. Ohta
Oral presentation, English, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

情報理論的に安全なクライアント・サーバ暗号通信方式の応用に関する考察
小美濃つかさ; 岩本貢; 駒野雄一; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

Optimal Non-Perfectly Secure Client-Server Communications in a Symmetric Key Setting
Mitsugu. Iwamoto; Tsukasa. Omino; Yuichi. Komano; Kazuo. Ohta
Oral presentation, English, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

自動タイブレークの仕組みを持つ第M+1 価格暗号オークション方式
西出隆志; 岩本貢; 岩崎敦; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

同時実行攻撃に耐性を持つシンプルなSecret Handshake,
土屋喬文; 徳重佑樹; 坂井祐介; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

Improved Rebound Attack 手順の自動探索手法の提案と評価,
徳重佑樹; 佐々木悠; 王磊; 岩本貢; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

署名長の短い削除機能付きグループ署名
大原一真; 坂井祐介; 江村恵太; 花岡悟一郎; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2014（SCIS2014）
Jan. 2014

AES暗号回路における信号遷移回数を用いたサイドチャネル情報に関する考察
松原有沙; 蒯云峰; 李陽; 中曽根俊貴; 太田和夫; 崎山一男
Oral presentation, Japanese, ISEC2013-45,ISEC
Jul. 2013

PUFを用いる鍵生成方法とその安全性
駒野雄一; 太田和夫; 崎山一男; 岩本貢
Public symposium, Japanese, Hot Channel Workshop 2013, Hot Channel Workshop, 東京
Apr. 2013

NU-FVAに基づく新たな鍵復元攻撃について
松原有沙; 李陽; 太田和夫; 崎山一男
Public symposium, Japanese, Hot Channel Workshop 2013, Hot Channel Workshop, 東京
Apr. 2013

Toward Flexible Privacy Protection for RFID Tags Using Privacy-Mode Switching
Yang Li; Hikaru Sakamoto; Iwamasa Nishikado; Takafumi Saito; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, IEICE,IEICE2013年総合大会
Mar. 2013

故障混入時のAES暗号ハードウェアの脆弱性について
松原有沙; 李 陽; 太田和夫; 崎山一男
Oral presentation, Japanese, IEICE,IEICE2013年総合大会（学生ポスターセッション）
Mar. 2013

t人結託耐性を有する第一価格オークションプロトコルに対する情報理論的解析
岩本 貢; 大原 一真; 坂井 祐介; 太田 和夫
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS2013)
Jan. 2013

ある弱いモデルの上でロバストな閾値暗号の一般的構成
坂井 祐介; 江村 恵太; Jacob Schuldt; 花岡 悟一郎; 太田和夫
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS2013)
Jan. 2013

マルチパーティ計算による定数ラウンドかつほぼ線形な通信量のビット加算プロトコル
大原一真; 鈴木幸太郎; 米山一樹; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム2013（SCIS2013）
Jan. 2013

An t-Resilient Unconditionally Secure First-Price Auction Protocol,
Kazuma Ohara; Yusuke Sakai; Mitsugu Iwamoto; Kazuo Ohta
Oral presentation, English, IWSEC 2012
Nov. 2012

Sensitive-Data Dependency of Faulty Behavior and Its Application
李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

クロック間衝突を利用した電磁波解析
中曽根俊貴; 中津大介; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム概要集,2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

IRドロップを利用した故障感度解析と高温環境下における影響
小池彩歌; 李陽; 中津大介; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム概要集,2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

情報理論的に安全なFirst-Price オークションプロトコル
大原一真; 坂井祐介; 岩本貢; 太田和夫
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム概要集,2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

テンプレートを利用した時系列電力解析
中津大介; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム概要集,2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

54ステップのSHA-0への原像攻撃
小松原航; 王磊; 佐々木悠; 崎山一男; 太田和夫
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム概要集,2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

PUFを用いる証明可能安全なパターン照合鍵生成方法,
駒野雄一; 太田和夫; 崎山一男; 岩本貢
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム概要集,2012年 暗号と情報セキュリティシンポジウム
Feb. 2012

情報理論的に安全な2つのオークション方式について
大原一真; 坂井祐介; 岩本貢; 太田和夫
Oral presentation, Japanese, Compview暗号理論ワークショップ2012,Compview暗号理論ワークショップ2012
Feb. 2012

［招待講演］Uniquness Enhancement of PUF Responces Based on the Locations of Random Outputting RS Latches
山本大; 崎山一男; 岩本貢; 太田和夫; 落合隆夫; 武仲正彦; 伊藤孝一
Oral presentation, English, ISEC2011-68
Dec. 2011

［招待講演］マスク対策AESに対する誤り暗号文を用いた故障感度解析～CHES2011での発表のレビュー～
李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, ISEC2011-66,
Dec. 2011

クロック間衝突を用いた楕円曲線暗号実装に対する故障感度解析
阪本光; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, ISEC2011-49
Nov. 2011

Rebound Attack on 3D Block Cipher
Takuma Koyama; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2011 (TriSAI 2011)
Aug. 2011

Variations of Information Theoretic Security Notions
M.iwamoto; K.ohta
Oral presentation, English, 7-th Asia-Europe Workshop on information Theory
Jul. 2011

共通鍵暗号方式における情報理論的安全性と計算量的安全性の関係,
岩本貢; 太田和夫
Oral presentation, Japanese, 電子情報通信学会研究会研究報告
May 2011

鍵を固定した際の暗号方式の安全性証明に関する限界について
川合豊; 花岡悟一郎; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

ラッチの乱数出力位置を利用したPUFによるID生成／認証システムの信頼性向上手法
山本大; 崎山一男; 岩本貢; 太田和夫; 落合隆夫; 武仲正彦; 伊藤孝一
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

故障感度解析を利用したPUFの実現について
岩井祐樹; 太田和夫; 崎山一男
Oral presentation, English, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

7 及び8 ラウンド既知鍵AES識別機の実装
高柳真如; 佐々木悠; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

電磁波解析における局所性と放射磁界方向について
落合隆夫; 山本大; 伊藤孝一; 武仲正彦; 鳥居直哉; 内田大輔; 永井利明; 若菜伸一; 岩本貢; 太田和夫; 崎山一男
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

PUFとFuzzy Extractorを用いるFeistel暗号の再考
駒野雄一; 太田和夫; 花谷嘉一; 新保淳
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

Self-Template Fault Sensitivity Analysis
李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

楕円曲線暗号実装に対するFault Sensitivity Analysis
阪本光; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

HMAC-MD5へのフォールト解析攻撃
五味澤重友; 王磊; 太田和夫; 山口和彦; 崎山一男
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジム概要州集,SCIS2011
Jan. 2011

再暗号化鍵匿名性を満たすIDベースプロキシ再暗号化方式
松田和也; 川合豊; 崎山一男; 太田 和夫
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

AES-128 に対する複数ラウンドCPA
中津大介; 太田和夫; 崎山一男
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

158stepの5-pass HAVALと1-Block 3-pass HAVALへの原像攻撃
酒井靖英; 佐々木悠; 王磊; 崎山一男; 太田和夫
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジム概要集,SCIS2011
Jan. 2011

RIPEMD，RIPEMD-128に対する新しいLocal collisionを用いた 中間一致型(第二)原像攻撃
小松原航; 王磊; 佐々木悠; 太田和夫
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

Joux-Lucksの3-collisions探索アルゴリズムに関する計算量の詳細な検討
名渕大樹; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集,SCIS2011
Jan. 2011

FDH署名の安全性証明の再考
坂井祐介; 岩本貢; 駒野雄一; 太田和夫
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジム概要集,SCIS2011
Jan. 2011

Searchable Public-Key Encryption for Hierarchical Systems with Adaptive Join/Leave of Members
服部充洋; 平野貴人; 伊藤隆; 松田規; 森拓海; 坂井祐介; 太田和夫
Oral presentation, Japanese, 2011年暗号と情報セキュリティシンポジウム概要集
Jan. 2011

Effective Verification for Known-Key Distinguisher by Using Extended Differential Path
Naoyuki Takayanagi; Yang Li; Kazuo Sakiyama; Kazuo Ota
Oral presentation, English, Triangle Symposium on Advanced ICT 2010 (TriSAI 2010)
Oct. 2010

Another Differential Fault Analysis on Trivium
Qi Li; Kazuo Sakiyama; Lei Wang; Kazuo Ota
Oral presentation, English, Triangle Symposium on Advanced ICT 2010 (TriSAI 2010)
Oct. 2010

CryptoVerifを用いたRFID向け相互認証プロトコルの安全性証明の検討
花谷 嘉一; 学; 株; 東芝 研究開発セン; 大久保; 美也子; I; 松尾 真一郎; 太田 和夫; 崎山 一男
Oral presentation, Japanese, 日本応用数理学会2010年度年会, 「数理的技法による情報セキュリティ」(FAIS), 明治大学 駿河台キャンパス
06 Sep. 2010

A general construction of visual secret sharing scheme with share rotations
Mitsugu Iwamoto; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, ISEC2010-49,ISEC2010-49
Sep. 2010

How Can We Conduct Fair and Consistent Hardware Evaluation for SHA-3 Candidate?
Shin'ichiro Matsuo; Miroslav Knežević; Patrick Schaumont; Ingrid Verbauwhede; Akashi Satoh; Kazuo Sakiyama; Kazuo Ota
Oral presentation, English, The second SHA-3 candidate conference
Aug. 2010

Physically Unclonable Functionを用いたLuby-Rackoff型暗号の再考
川合豊; 駒野雄一; 太田和夫
Oral presentation, Japanese, ISEC2010
Jul. 2010

SASEBO-GIIを用いたSHA-3候補のハードウェア性能評価
小林 和幸; 池上 淳; 松尾 真一郎; 崎山 一男; 太田 和夫
Oral presentation, English, 第15回共同研究成果報告会
Jun. 2010

骨伝導技術を用いたカラオケシステムの提案
川村一輝; 及川俊; 荒川淳平; 太田 和夫
Oral presentation, Japanese, 情報処理学会創立50周年記念（第72回）全国大会, 情報処理学会, 東京, Domestic conference
10 Mar. 2010

強識別不可能性理論とSHA-3プロジェクト～ハッシュ関数設計のための理論研究と実装研究の現状
太田 和夫
Invited oral presentation, Japanese, 情報セキュリティ研究会（ISEC）2009年度, 電子情報通信学会
Mar. 2010

Multiple Designated Verifiers Signatures Reconsidered
Mebae Ushida; Tetsuya Izu; Masahiko Takenaka; Kazuo Ohta
Oral presentation, English
Feb. 2010

Cryptanalysis of HB-MAC Authentication Protocol
Tomotaka Hanawa; Yutaka Kawai; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

検証者指定署名が満たすべき安全性要件の再考
牛田 芽生恵; 米山 一樹; 川合 豊; 太田 和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジム概要集,SCIS2010
Jan. 2010

AES暗号実装へのフォールト解析攻撃における適用範囲の拡大と解析効率の向上
五味澤重友; 泉雅巳; 李陽; 高橋順子; 福永利徳; 佐々木悠; 崎山 一男
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

An Information Theoretic Perspective on the Differential Fault Analysis against AES
Yang Li; Shigeto Gomisawa; Kazuo Sakiyama; Kazuo ohta
Oral presentation, English, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

DPA耐性のあるソフトウェア実装のための安全なCPU - Secure CPU for Resistant Software Implementations
中津 大介; 李 陽; 崎山 一男; 太田 和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

公開鍵暗号の SPA/DPA 耐性向上に向けた対策アルゴリズムの再考
泉 雅巳; 崎山一男; 太田和夫; 佐藤 証
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

Katz らの Leakage Resilient t-time 署名の解析
松田 和也; 坂井 祐介; 太田 和夫; 崎山 一男
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

鍵を固定したデジタル署名法の証明不可能性
川合 豊; 太田 和夫; 花岡 悟一郎; 國廣昇
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

PUF-HB認証プロトコルに対する能動的な攻撃
長井 大地; 塙 知剛; 岩本 貢; 崎山 一男; 太田 和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

情報を漏洩するランダムオラクルモデルにおける半自動証明
花谷嘉一; 太田和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

追跡可能な委任リング署名方式の提案
丹野 翔太郎; 太田 和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

Anonymous HIBE With Wildcards and Its Application to Secure Keyword Search for Group-Oriented Multi-User System
Mitsuhiro Hattori; Takumi Mori; Takashi Ito; Nori Matsuda; Takeshi Yoneda; Kazuo Ohta
Oral presentation, English, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

Reproducible KEMの暗号文長を削減するランダムオラクルモデルにおける一般的な変換方式
坂井祐介; 花岡悟一郎; 黒澤馨; 太田和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

SASEBO-GIIを用いたSHA-3候補のハードウェア性能評価 - Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII - ,
池上 淳; 小林 和幸; 崎山 一男; 太田 和夫
Oral presentation, Japanese, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

New Analysis of Davies-Meyer Merkle-Damgard
Yusuke Naito; Lei Wang; Kauki Yoneyama; Kazuo Ohta
Oral presentation, English, 2010年暗号と情報セキュリティシンポジウム概要集,SCIS2010
Jan. 2010

Visual Secret Sharing Schemes Allowing Arbitrary Rotation Angles of Shares
Yang Li; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI'09)
Oct. 2009

Cryptoanalysis of Duc-Kim Key Exchange Protocol Proposed at TriSAI'08
Tomotaka Hanawa; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI'09)
Oct. 2009

Comparison of Masked S-boxes in Hardware Implementation
Daisuke Nakatsu; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI'09)
Oct. 2009

An Extension of Differential Fault Analysis Attack of AES
Shigeto Gomisawa; Masami Izumi; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI'09)
Oct. 2009

Improving Efficiency of an 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
Oral presentation, English, ISEC2009-30
Jul. 2009

A Novel Construction Method for Visual Secret Sharing Schemes Allowing Rotation of Shares
Yang Li; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, ISEC2009-5
May 2009

Cryptographic Applications of Indifferentiability via Leaking Random Oracle Models
太田 和夫
Invited oral presentation, Japanese, 暗号の計算論的・記号的安全性証明に関するスプリングスクール＆ワークショップ, 独立行政法人 産業技術総合研究所 情報セキュリティ研究センター, International conference
Apr. 2009

暗号系の安全性証明不可能性の統一的アプローチを目指して－－設計ゴール，攻撃シナリオ，数論仮定のトレードオフ－－
太田 和夫; 川合 豊
Invited oral presentation, Japanese, 第3回公開鍵暗号の安全な構成とその応用ワークショップ, 東京, Domestic conference
Mar. 2009

Visual Secret Sharing Schemes for Multiple Secret Images Allowing the 90-degree Rotation of Shares
Yang Li; Mengyu Zhu; Wang Lei; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

A faster attack on MD5-based challenge and response protocols
Lei Wang; Yu Sasaki; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

高周波クロックによるRSL技術を用いたAESへのフォールト攻撃実験
八木達哉; 崎山一男; 太田和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

フォールト混入時におけるRSL 技術による暗号回路モデルを用いた安全性解析
泉 雅巳; 崎山一男; 太田和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

より効率的な秘匿情報検索
北原 恵介; 坂井 祐介; 太田 和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

Merkle-Damgard構造の強識別不可能性(Indifferentiability)の再考
内藤 祐介; 太田 和夫; 王 磊; 米山 一樹
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

Authentication Condition Hidingを満たす複数グループ用Secret Handshakeの提案
丹野 翔太郎; 米山 一樹; 太田 和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

ブルームフィルタの設計論とそのAPOPパスワード復元攻撃検知への応用
坂井 祐介; バグス サントソ; 奥秋 清次; 太田 和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

APOP攻撃検知法の提案とシミュレーションによる検証：目には目を，歯には歯を
奥秋 清次; 坂井 祐介; 太田 和夫; 國廣 昇
Oral presentation, Japanese, SCIS2009
Jan. 2009

計算量仮定を考慮した一般的なメタ帰着の構成
川合 豊; 太田 和夫
Oral presentation, Japanese, SCIS2009
Jan. 2009

Improvement of a Lattice Based Cryptosystem Using Polynomial Ring
Tomotaka Hanawa; Noboru Kunihiro; Kazuo Ohta
Oral presentation, Japanese, SCIS2009
Jan. 2009

CryptoVerifを用いたFDH署名の緊密な安全性証明の検討
花谷 嘉一; 太田 和夫; 米山 一樹; 角野 陽輔
Oral presentation, Japanese, SCIS2009
Jan. 2009

安全性検証ツールCryptoVerifの改良：異常終了に対する一対策
角野 陽輔; 花谷 嘉一; 米山 一樹; 太田 和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

委託可能検証者指定署名の改良
牛田 芽生恵; 川合 豊; 米山 一樹; 太田 和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

証明可能安全なアルゴリズム的耐タンパ認証装置 (その2)
駒野 雄一; 太田 和夫; 三宅 秀享; 保
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

Public-key Encryption with Fuzzy Keyword Search
服部充洋; 伊藤隆; 三菱電機株式会社; 松田規; 三菱電機株式会社; 米田健; 三菱電; 太田和夫
Oral presentation, Japanese, 2009年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

MD5チャレンジ・レスポンスプロトコルへの速い攻撃
Lei Wang; Yu Sasaki; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, ２００９年暗号と情報セキュリティシンポジム概要集,SCIS2009
Jan. 2009

On the Fly" Identification Scheme: Reducing Memory Cost by Improving Zero-Knowledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, ２００９年暗号と情報セキュリティシンポジウム概要集,SCIS2009
Jan. 2009

証明可能安全なアルゴリズム的対タンパ認証装置
駒野 雄一; 太田 和夫; 三宅 秀亭; 新保 淳
Oral presentation, Japanese, CSS 2008
Oct. 2008

安全性証明ツールCryptoVerif の証明能力に関する一考察
花谷 嘉一; 米山 一樹; 角野 陽輔; 太田 和夫
Oral presentation, Japanese, CSS 2008
Oct. 2008

グループ管理者に対する匿名性を考慮したSecret Handshake
川合 豊; 米山一樹; 太田和夫
Oral presentation, Japanese, CSS 2008
Oct. 2008

委託可能検証者指定署名の再考
牛田 芽生恵; 川合 豊; 米山 一樹; 太田 和夫; 國廣 昇
Oral presentation, Japanese, CSS 2008
Oct. 2008

eTCR性とTCR性の間の定義の考察
内藤祐介; 太田和夫
Oral presentation, Japanese, CSS 2008
Oct. 2008

Does The Montgomery Powering Ladder Method Really Offer SPA Resistance?
Masami Izumi; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2008 (TriSAI'08)
Oct. 2008

複数の計算量仮定を組み込んだメタ帰着技法による安全性解析 ～ ElGamal暗号の場合 ～
川合 豊; 太田和夫
Oral presentation, Japanese, 電子情報通信学会,ISEC2008-70
Sep. 2008

PINを用いるアルゴリズム的耐タンパ認証装置の再考 (その2)
駒野 雄一; 太田 和夫; 三宅 秀享; 保
Oral presentation, Japanese, 電子情報通信学会,ISEC
May 2008

Provably Secure Authenticated Group Key Exchange without PKI
Haruki Ota; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

多項式環を用いた格子暗号の改良
塙 知剛; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

Subset Difference Methodのメッセージ長の評価
奥秋 清次; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

暗号学における双対性～ディジタル署名の場合～
川合 豊; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

On the (Im)possibility of Security for Password-based Authenticated Key Exchange
Kazuki Yoneyama; Kazuo Ohta
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

PINを用いるアルゴリズム的耐タンパ認証装置の再考
駒野 雄一; 三宅 秀享; 新保 淳; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

A New 'On the Fly' Identification Scheme: A Trade-off of Asymptoticity between ZK and Correctness
Bagus Santoso; Kazuo Ohta
Oral presentation, English, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

複数グループ用 Secret Handshake の拡張方式の提案
丹野 翔太郎; 米山 一樹; 川合 豊; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

MD5チャレンジ・レスポンス方式の安全性について： APOPパスワード復元攻撃の拡張
佐々木悠; 王磊; 太田和夫; 國廣昇
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

実環境におけるAPOP攻撃実験
佐藤 玲; サントソ バグス; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

Password Recovery Attack on Authentication Protocol MD4(Password || Challenge)
Lei Wang; Kazuo Ohta; Noboru Kunihiro
Oral presentation, English, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

Generalizing Micropayment System based on Probabilistic Polling
Bagus Santoso; Yang Li; Kazuo Ohta
Oral presentation, English, 2008年暗号と情報セキュリティシンポジム概要集,SCIS2008
Jan. 2008

Attribute-Based Encryption with Hidden Encryptor-Specified Policies
Takashi Nishide; Kazuki Yoneyama; Kazuo Ohta
Oral presentation, English, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

BlanchetのフレームワークにおけるCDH仮定の取り扱い
花谷 嘉一; 太田 和夫; 村谷 博文
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

委託可能検証者指定署名
牛田 芽生恵; 川合 豊; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2008年暗号と情報セキュリティシンポジウム概要集,SCIS2008
Jan. 2008

PINを用いるアルゴリズム的耐タンパ認証装置の安全性について
駒野 雄一; 太田 和夫; 三宅 秀享; 新保 淳
Oral presentation, Japanese, 電子情報通信学会,2008年ソサエティ大会
2008

MD4を用いたチャレンジ&レスポンス認証に対する現実的な攻撃
佐々木悠; 王磊; 太田和夫; 青木和麻呂; 國廣昇
Oral presentation, Japanese, 電子情報通信学会,IEICEソサイエティ大会
2008

受信者の条件を秘匿したAttribute-Based Encryption
西出 隆志; 米山 一樹; 太田 和夫
Oral presentation, Japanese, 信学技報
Dec. 2007

暗号学における双対性について-- デジタル署名を例として--
太田和夫
Invited oral presentation, Japanese, 計算世界観ワークショップ「暗号理論」, 東京工業大学
Dec. 2007

ドメイン横断型C2C-PAKEにおける強い安全性モデルと構成法
米山 一樹; 太田 和夫
Public symposium, Japanese, コンピュータセキュリティシンポジウム CSS2007, コンピュータセキュリティシンポジウム CSS2007
Nov. 2007

研究グループが脆弱性を発見した場合にとるべき行動についての法的考察
猪股佑介; 太田和夫; 國廣昇
Oral presentation, Japanese, 電子情報通信学会信学技報，技術と社会･倫理研究会（SITE）,技術と社会･倫理研究会（SITE）
Nov. 2007

公開鍵暗号系における双対性へのアプローチ
太田和夫; 駒野雄一; 川合 豊; 川村信一
Oral presentation, Japanese, 信学技報
Sep. 2007

FCS-ARSPA'07 参加報告
米山 一樹; 太田 和夫
Oral presentation, Japanese, 日本応用数理学会2007年度年会,日本応用数理学会2007年度年会
Sep. 2007

task-PIOAフレームワークとBlanchetのフレームワークの証明能力に関する一考察
花谷 嘉一; 米山 一樹; 國分 雄一; 太田 和夫
Oral presentation, Japanese, 日本応用数理学会2007年度年会,日本応用数理学会2007年度年会
Sep. 2007

墨塗り・削除署名の拡張
泉雅巳; 伊豆哲也; 國廣昇; 太田和夫
Oral presentation, Japanese, 信学技報
Jul. 2007

Paillierの観点から見たディジタル署名の安全性の再考
川合 豊; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 信学技報
May 2007

2n+O(1)個の量子ビットを用いた位数発見量子回路に対するリソースの評価
小関 恵梨; 國廣 昇; 高橋 康博; 太田 和夫
Oral presentation, Japanese, 第16回量子情報技術研究会,第16回量子情報技術研究会
May 2007

ナップザック暗号における密度の再考
國廣 昇; 北原 恵介; 太田 和夫
Oral presentation, Japanese, 信学技報
Mar. 2007

使い捨てIDを用いた処理負荷の少ない相手認証方式の提案
伏見 和男; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 信学技報
Mar. 2007

Secret Handshake の安全性について
米山 一樹; 川合 豊; 近藤 崇裕; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 信学技報
Mar. 2007

Revisiting Zero-Knowledgeness of an On the Fly Authentication Scheme
Bagus Santoso; Kazuo Ohta
Oral presentation, English, 電子情報通信学会2007年総合大会,電子情報通信学会2007年総合大会
Mar. 2007

Security Analyses on Key Exchange Protocols using Task-structured PIOA Framework
米山一樹; 國分 雄一; 國廣 昇; 太田 和夫
Oral presentation, English, 応用数理学会平成19年 研究部会 連合発表会,応用数理学会平成19年 研究部会 連合発表会
Mar. 2007

ハッシュ関数のコリジョン探索の改良 －新たなAdvanced Message Modificationの提案－
内藤 祐介; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Differential Path Search Algorithm for First Round of MD4
Wang Lei; Sasaki Yu; Ohta Kazuo; Kunihiro Noboru
Oral presentation, English, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Strategy for Selecting Disturbance Vector for SHA-1
岩崎 輝星; 内藤 祐介; 矢嶋 純; 佐々木 悠; 下山 武司; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

SHA-1 Differential Path Construction Algorithm
佐々木 悠; 内藤 祐介; 矢嶋 純; 岩崎 輝星; 下山 武司; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

An Automatic Generator of SHA-1 Differential Path
矢嶋 純; 佐々木 悠; 岩崎 輝星; 内藤 祐介; 下山 武司; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Strong Detector Resistance and Unlinkable Secret Handshake
川合 豊; 米山 一樹; 近藤 崇裕; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Strict Evaluations of Quantum Circuits for Order-finding using 2n＋α qubits
小関 恵梨; 國廣 昇; 高橋 康博; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

An Analysis on Diffie-Hellman Key Exchange using Task-Structured PIOA Framework
Yuichi Kokubun; Kazuki Yoneyama; Kazuo Ohta; Noboru Kunihiro
Oral presentation, English, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Concurrently Secure Password-based Authenticated Key Exchange without Random Oracles or Setup Assumptions
Kazuki Yoneyama; Kazuo Ohta
Oral presentation, English, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Universally Composable Password-Based Authenticated Key Exchange with Password Manager
Haruki Ota; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
Oral presentation, English, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

On Sanitizable and Deletable Signature Schemes
佐野 誠; 伊豆 哲也; 國廣 昇; 太田 和夫; 武仲 正彦
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Sanitizable Signature Schemes based on Aggregate Signature
伊豆 哲也; 佐野 誠; 國廣 昇; 太田 和夫; 武仲 正彦
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Robust and Fair Network Applications using Threshold-Cryptosystem
稗圃 泰彦; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

On the Security of Secret handshake with Multiple Groups
近藤 崇裕; 米山 一樹; 川合 豊; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Cryptanalysis of Low-Weight Knapsack Cryptosystems
北原 恵介; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Analysis of a message length for Complete Subtree Method
奥秋 清次; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Anonymous English Auction Scheme from Deniable Ring Signatures
駒野 雄一; 太田 和夫; 新保 淳; 川村 信一
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Return Message-Receivable Anonymous Routing Scheme without Reveal of Sender ID
鳥山 浩; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Comparison of Two Linear Cryptanlyses Using Multiple Linear Approximations
指田 岳彦; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Non-Malleability for KEM and Tag-KEM Reconsidered
Satoshi Miyagawa; Kazuki Yoneyama; Kazuo Ohta; Noboru Kunihiro
Oral presentation, English, 2007年暗号と情報セキュリティシンポジウム概要集,SCIS2007
Jan. 2007

Collision Attack on MD4: Revisited
Kazuo Ohta; Yu Sasaki
Invited oral presentation, English, La Tecnica al servicio de la patria, IPN, La Tecnica al servicio de la patria, International conference
Nov. 2006

A Bridge between Standard and Strong Existential Unforgeabilities
Bagus Santoso; Kazuo Ohta
Oral presentation, English, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

Tag-KEM/DEM ハイブリッド暗号の安全性証明におけるRandom,Oracle Instantiationの一考察
宮川 聡; 米山 一樹; サントソ バグス; 太田 和夫
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

How to Compare Two Polynomially Shared Secrets Privately
Takashi Nishide; Kazuo Ohta
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

Bubart Tree Encryption を用いた同報通信暗号
奥秋 清次; 清武 康平; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

ルーティングを用いた素因数分解ハードウェアの1024-bit 合成数分解に対する性能評価
廣田 直之; 國廣 昇; 伊豆 哲也; 太田 和夫
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

落とし戸付き一方向性置換を利用する多重署名方式の最適性の再評価
駒野 雄一; 太田 和夫; 新保 淳; 川村 信一
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウ概要集,SCIS2006
Jan. 2006

Universally Composable Anonymous Message Authentication using Ring Signature
Kazuki Yoneyama; Kazuo Ohta
Oral presentation, English, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

オフライン検証性を満たす追跡不可能な量子現金について
江崎 裕一郎; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

P2Pマルチキャストのための頑健な動的グループ鍵構成法
稗圃 泰彦; 米山 一樹; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

Unversally Composable Hierachical Hybrid Authenticated Key Wxchange
Haruki Ohta; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
Oral presentation, English, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

墨塗り署名方式の安全性について
伊豆 哲也; 國廣 昇; 太田 和夫; 武仲 正彦
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

MD5のコリジョン探索における差分パスの構築法について-Wangの差分パスは最適か-
矢嶋 純; 下山 武司; 佐々木 悠; 内藤 祐介; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

SHA-0に対するMessage Modification の考察
内藤 祐介; 佐々木 悠; 下山 武司; 矢嶋 純; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2006年暗号と情報セキュリティシンポジウム概要集,SCIS2006
Jan. 2006

Untraceable Off-Line Verifiable Quantum cash
Yuichiro Esaki; Noboru Kunihiro; Kazuo Ohta
Public symposium, English, TQC
2006

UCフレームワークにおける合意問題のモデル化
寺田 雅之; 米山一樹; 森 謙作; 本郷 節之; 太田 和夫
Public symposium, Japanese, DICOMO2006
2006

UCフレームワークにおけるC2C-HAKE
太田 陽基; 米山 一樹; 清本 晋作; 田中 俊昭; 太田 和夫
Public symposium, Japanese, CSS 2006, 情報処理学会
2006

Randomized Partial Checking Mix の一考察
花谷 嘉一; 稗圃 泰彦; Bagus Santoso; 國廣 昇; 太田 和夫
Oral presentation, Japanese, ISEC2004
Mar. 2005

Maurer-Yacobi型ID暗号方式の再考察
阿部 航; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集
Jan. 2005

落し戸付き一方向性置換を用いたSD法の一考察
奥秋 清次; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集
Jan. 2005

最小ベクトルの係数の存在範囲に関する考察
金山 直樹; 木田 雅成; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集
Jan. 2005

画像の回転に関して複数画像が復号可能な視覚復号型秘密分散法
清田 耕一郎; 王 磊; 岩本 貢; 米山 一樹; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集
Jan. 2005

否認機能を持つリング署名方式の再考
駒野 雄一; 太田 和夫; 新保 淳; 川村 信一
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集
Jan. 2005

暗号回路の耐タンパー性評価手法の構築
佐々木 明彦; 阿部 公輝; 太田 和夫
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

Hierarchiccal Generic Construction of a Password-Based Authenticated Key Exchange protocol
Haruki Ota; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
Oral presentation, English, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

量子加算に基づくShorのアルゴリズムの評価
鈴木 博一; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

Toyocryptへの故障利用攻撃
内藤 祐介; 指田 岳彦; 根岸 大宙; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

Concrete Argument on the Optimal Security Proof for PFDH
Bagus Santoso; Kazuo Ohta
Oral presentation, English, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

Universally Composable 1-out-of-n 署名に関する一考察
花谷 嘉一; 米山 一樹; Bagus Santoso; 太田 和夫
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

AES型の秘密鍵暗号に対するXSLの見積もり評価
樋口 敬士; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2005年暗号と情報セキュリティシンポジウム予稿集,SCIS2005
Jan. 2005

An Extension of UC Digital Signature to sUF-ACMA
Kazuki Yoneyama; Bagus Santoso; Kazuo Ohta
Oral presentation, English, 2005年暗号と情報セキュリティシンポジウム予稿集
Jan. 2005

MD5に対するコリジョンアタックの改良
佐々木 悠; 内藤 祐介; 國廣 昇; 太田 和夫
Oral presentation, English, 信学技報
2005

否認機能を持つリング署名方式の再考（その２）署名者の匿名性を強化したグループ署名方式
駒野 雄一; 太田 和夫; 新保 淳; 川村 信一
Oral presentation, Japanese, 信学技報
2005

Analysis on the Clockwise Transposition Routing for Dedicated Factoring Devices
伊豆 哲也; 國廣 昇; 太田 和夫; 下山 武司
Oral presentation, English, 信学技報
2005

MD4に対するコリジョンアタックの改良
内藤 祐介; 佐々木 悠; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 信学技報
2005

双線形写像を用いた墨塗り署名方式について
伊豆 哲也; 國廣 昇; 太田 和夫; 武仲 正彦
Public symposium, Japanese, CSS2005
2005

回転を許す視覚復号型秘密分散法
岩本貢; 王磊; 米山一樹; 國廣昇; 太田和夫
Public symposium, Japanese, SITA2005, SITA2005
2005

利用者のプライバシ保護を強化したブラインド署名方式
駒野 雄一; 太田 和夫; 新保 淳; 川村 信一
Oral presentation, Japanese, 電子情報通信学会,電子情報通信学会 総合大会
2005

Seller-Auctioneer 間の事前価格交渉を伴うインターネットオークションモデル
桜井 大路; 今井 識; 國廣 昇; 太田 和夫
Public symposium, Japanese, 社会情報システム学会, 社会情報システム学シンポジウム
2005

Universal Optimal Security Proof for PFDH under Strong Existential Unforgeability
Bagus Santoso; Kazuo Ohta
Invited oral presentation, English, Luminy Workshop on Cryptography, Centre International de Recontres Mathematiques (CIRM), Luminy, France, International conference
Nov. 2004

Optimal Security Proof for PFDH under Strong Existential Unforgeability
Bagus Santoso; Kazuo Ohta; Noboru Kunihiro
Oral presentation, English, ISEC2004
Jul. 2004

離散対数問題に基づく多重署名を用いた追跡不可能な電子現金方式
花谷 嘉一; サントソ バグス; 太田 和夫; 國廣 昇
Oral presentation, Japanese, ISEC2004
May 2004

Subset-Cover Revocation法の性能に関する理論解析
奥秋 清次; 國廣 昇; サントソバグス; 太田 和夫
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

ハッシュ連鎖つきコリジョンを用いた小額決済方式におけるパラメータ
宮永 望; 太田 和夫; 森田 光
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

ハッシュ連鎖つきコリジョンを用いた小額決済方式の改良と実装
本間 祐介; 太田 和夫; 國廣 昇; 森田 光
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

Cut & Choose法＋コイン使用における安全なパラメータの正当性証明
青木 聡; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

多重署名を用いた追跡不可能な電子現金方式について
花谷 嘉一; 太田 和夫; 國廣 昇
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

連鎖する複数業者との個人取引でのプライバシー保護方法（その１）
菅野 哲; 森田 光; 太田 和夫
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

On the Inversion Problem of One-way Functions using NMR Quantum Computers
Seiya Okubo; Tetsuro Nishino; Noboru Kunihiro; kazuo Ohta
Oral presentation, English, 2004年暗号と情報セキュリティシンポジウム予稿集,SCIS2004
Jan. 2004

RSA-PFDHデジタル署名の安全性についての再評価
太田 和夫; 國廣 昇; バグスサントソ; 清武 康平
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

署名長増加を抑えた多重署名方式の構成
駒野 雄一; 太田 和夫; 川村 信一; 新保 淳
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

落し戸付一方向性置換向けの署名順番可変な多重署名方式
駒野 雄一; 河内 恵; 太田 和夫; 多田 充
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

非線形ランプ型秘密分散法の構成法
米山 一樹; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 2004年暗号と情報セキュリティシンポジウム予稿集
Jan. 2004

確率的多重署名方式に用いる乱数成分の最適長評価
駒野 雄一; 太田 和夫; 新保 淳; 川村 信一
Oral presentation, Japanese, 電子情報通信学会,電子情報通信学会 ソサイエティ大会
2004

実用的"on the fly"認証 の安全性について
Bagus Santoso; 太田 和夫; 國廣 昇
Oral presentation, English, 信学技報
2004

連鎖する複数業者との個人取り引きにおけるプライバシー保護方法（その２）
管野 哲; 森田 光; 太田 和夫
Oral presentation, Japanese, 信学技報
2004

NMR量子計算機を用いた効率的探索アルゴリズムの設計について
大久保 誠也; 西野 哲朗; 國廣 昇; 太田 和夫
Oral presentation, Japanese, 信学技報
2004

確率的メータリング法
米山 一樹; 國廣 昇; Bagus Santoso; 太田 和夫
Oral presentation, Japanese, 信学技報
2004

Subset-Cover Revocation法の性能比較
奥秋 清次; サントソ バグス; 太田 和夫
Oral presentation, Japanese, 信学技報ISEC2002,2003
Mar. 2003

ハッシュ連鎖つきコリジョンを用いた小額決済方式
青木 聡; 駒野 雄一; 宮永 望; 本間 裕介; 森田 光; 太田 和夫
Oral presentation, Japanese, 信学技報ISEC2002，2003
Mar. 2003

XOAEPX-**－OAEPの変形可能性について
駒野 雄一; 山崎 太郎; 太田 和夫
Oral presentation, Japanese, 信学技報ISEC2002，2003
Mar. 2003

REACT-ES&OAEP++-ES
駒野 雄一; 太田 和夫
Oral presentation, Japanese, 信学技報ISEC2002,2003
Mar. 2003

NMR量子計算機を用いた探索アルゴリズムについて
大久保 誠也; 西野 哲朗; 太田 和夫
Oral presentation, Japanese, 信学技報 COMP2002-82
Mar. 2003

複数サーバを用いた第二価格秘密入札方式
今井 識; 國廣 昇; 森田 光; 太田 和夫
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

乱数連鎖を用いた入札方式
森田 光; 千田 浩司; 太田 和夫; 今井 識
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

Cut&Choose法の安全評価
青木 聡; 太田 和夫
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

Problems on MR Micropayment schemes
Satoru Kanno; Moises Salinas Rosales; Kazuo Ohta; Masahiro Mambo
Oral presentation, English, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

Cpmplete Subtree MethodとSubset Difference Method 融合したHybrid System の提案
奥秋 清次; サントソ バグス; 太田 和夫
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

指紋画像からの人工指作成（その３）：デジタルカメラを用いた場合
青山 奈保子; 遠藤 由紀子; 平林 昌志; 太田 和夫; 松本 勉
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

Pubilic-Key Traitor Tracing Scheme Revisited
Bagus Santose; Noboru Kunihiro; Kazuo Ohta
Oral presentation, English, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

OAEP-**－OAEPの変形可能性について（一方向性関数の場合）
駒野 雄一; 山崎 太郎; 太田 和夫
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

OAEP-ES－落し戸付き乗法的一方向性関数に有効な効率的万能Padding方式－
駒野 雄一; 太田 和夫
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

On the Inversion Problem of One-way Permutations using NMR Computers
Kazuo Ohta; Seiya Okubo; Noboru Kunihiro; Tetsuro Nishino
Oral presentation, English, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

k-way collisionの探索法の提案 ～コイン造幣局の構築に向けて～
福島 順子; 太田 和夫; 森田 光
Oral presentation, Japanese, 2003年暗号と情報セキュリティシンポジウム予稿集
Jan. 2003

シミュレーションによるSubset-Cover Revocation法の性能比較
奥秋 清次; 宮沢 松子; 斎藤 宗一郎; サントソ バグス; 太田 和夫
Oral presentation, Japanese, 信学技報
2003

OAEP暗号系の再評価＋
駒野 雄一; 太田 和夫
Oral presentation, Japanese, 信学技報ISEC2002-74
Sep. 2002

Micro Mint方式におけるCollision生成法の解析
青木 聡; 太田 和夫; 福島 順子
Oral presentation, Japanese, 信学技報 ISEC2002
Sep. 2002

The Security of Common Key Cryptosystems against Quantum Algorithms
Ohta,K; Nishino,T; Aoki,K
Oral presentation, English, 2002年暗号と情報セキュリティシンポジム予稿集
Jan. 2002

量子アルゴリズムに対する共通鍵暗号の安全性
太田 和夫; 西野 哲朗; 青木 和麻呂
Oral presentation, Japanese, 信学技報 電子情報通信学会コンピュータ研究資料(COMP)
Jan. 2002

Pay Word方式の問題点とその改良
太田 和夫; 青木 聡; 駒野 雄一
Oral presentation, Japanese, 2002年暗号と情報セキュリティシンポジウム予稿集,SCIS2002
Jan. 2002

署名の安全性証明技法の比較
駒野 雄一; 太田 和夫
Oral presentation, Japanese, 2002年暗号と情報セキュリティシンポジム予稿集,SCIS2002
Jan. 2002

DESの厳密な最良差分特性の探索
兵藤 貴史; 太田 和夫; 青木 和麻呂
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1998（SCIS1998）
29 Jan. 1998

電子マネーの安全性評価について
中山靖司; 太田和夫; 松本勉
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1998（SCIS1998）
29 Jan. 1998

契約文書交換プロトコルと分割検証可能ゼロ知識プロトコル
太田和夫; 藤岡淳; 植田広樹
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1998（SCIS1998）, 浜名湖
29 Jan. 1998

1997 Korea-Japan Joint Workshop on Information Security and Cryptology ランプセッション 国際会議報告
松浦幹太; 太田和夫
Invited oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1998（SCIS1998）, 浜名湖
29 Jan. 1998

ランダムマップを使うハッシュ関数のコリジョンサーチ
小田木 秀樹; 森田 光; 太田 和夫
Oral presentation, Japanese, 情報セキュリティ研究会（ISEC）信学技報, 電子情報通信学会, 電気通信大学
18 Mar. 1997

もう一つの暗号解読法 -- ランダムマップを使う効率的な方法
森田 光; 小田木 秀樹; 太田 和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1997（SCIS1997）
29 Jan. 1997

ソフトウェアによるF_{2^n}上の乗算法
青木和麻呂; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1997（SCIS1997）, 海の中道＠福岡
29 Jan. 1997

多重署名の安全性について
太田和夫; 岡本龍明
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1997（SCIS1997）, 海の中道＠福岡
29 Jan. 1997

分割検証可能な効率的署名方式について
植田広樹; 藤岡淳; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1996（SCIS1996）, 小室
29 Jan. 1996

最大平均差分確率および最大平均線形確率のより厳密な評価
青木和麻呂; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1996（SCIS1996）, 小室＠埼玉
29 Jan. 1996

物理的に安全な装置を用いた電子現金プロトコルの安全性について
森畠秀実; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1996（SCIS1996）, 小室＠埼玉
29 Jan. 1996

RC5の線形確率について
盛合志保; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1996（SCIS1996）, 小室＠埼玉
29 Jan. 1996

電子決済方式 ---デジタルキャッシュを中心として----
太田和夫
Invited oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1996（SCIS1996）, 小室＠埼玉
29 Jan. 1996

FEAL-8の差分線形解読
青木和麻呂; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1995（SCIS1995）, 犬山
24 Jan. 1995

線形解読法におけるFEALの最良表現探索
荒木志保; 青木和麻呂; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1995（SCIS1995）, 犬山
24 Jan. 1995

秘密連鎖零知識証明モデル
Tony Eng; 岡本龍明; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1994（SCIS1994）, 琵琶湖
27 Jan. 1994

秘密連鎖零知識証明システムに基づくオブザーバ通信システム
岡本龍明; 太田和夫; 藤崎英一郎
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1994（SCIS1994）, 琵琶湖
27 Jan. 1994

トラップドア関数を用いた指名確認者署名
岡本龍明; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1994（SCIS1994）, 琵琶湖
27 Jan. 1994

べき乗剰余計算における累乗テーブル法の利用についての考察
藤崎英一郎; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1993（SCIS1993）, 修善寺
28 Jan. 1993

メッセージ認証コードと差分攻撃について
太田和夫; 松井充
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1993（SCIS1993）, 修善寺
28 Jan. 1993

代数的閉性テスト法の比較
森田光; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1993（SCIS1993）, 修善寺
28 Jan. 1993

転用攻撃を防ぐ安全なビットコミットメント関数
太田和夫; 岡本龍明; 藤岡淳
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1993（SCIS1993）, 修善寺
28 Jan. 1993

海外留学体験談 Laboratory for Computer Science, MIT
太田和夫
Invited oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1993（SCIS1993）, 修善寺
28 Jan. 1993

記名通信路を用いた実用的電子無記名投票方式
岡本龍明; 藤岡淳; 太田和夫
Oral presentation, Japanese, 暗号と情報セキュリティシンポジウム1993（SCIS1993）, 修善寺
28 Jan. 1993

DESは代数的に閉じているか？
森田光; 太田和夫
Oral presentation, Japanese, 電子情報通信学会情報セキュリティ専門員会（ISEC）, 電子情報通信学会, Domestic conference
Oct. 1992

Undeniable signature の不正使用について
太田和夫; 岡本龍明; 藤岡淳
Oral presentation, Japanese, 1991年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究専門委員会（ISEC研究会）, 富士吉田, Domestic conference
31 Jan. 1991

対話型双証明方式とUndeniable 署名法
藤岡淳; 岡本龍明; 太田和夫
Oral presentation, Japanese, 1991年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究専門委員会（ISEC研究会）, 富士吉田, Domestic conference
31 Jan. 1991

2n ビットハッシュ関数の安全性
岩田雅彦; 太田和夫; 宮口庄司
Oral presentation, Japanese, 1990年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究専門委員会（ISEC研究会）, 日本平, Domestic conference
31 Jan. 1990

マスタ秘密鍵を用いた階層的複数所属認証法
太田和夫; 岡本龍明
Oral presentation, Japanese, 1990年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究専門委員会（ISEC研究会）, 日本平, Domestic conference
31 Jan. 1990

AUSCRYPT’90報告
小山謙二; 太田和夫; 森田光; 静谷啓樹
Oral presentation, Japanese, 1990年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究専門委員会（ISEC研究会）, 日本平, Domestic conference
31 Jan. 1990

FEALの仕様拡張
宮口庄司; 岩田雅彦; 太田和夫
Oral presentation, Japanese, 1990年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究専門委員会（ISEC研究会）, 日本平, Domestic conference
31 Jan. 1990

ZKIP and Digital Money
Kazuo Ohta
Invited oral presentation, English, AUSCRYPT1990, International conference
Jan. 1990

Fiat-Shamir法に基づく多重署名法
太田和夫; 岡本龍明
Oral presentation, Japanese, 1989年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究会（CIS研究会）, 御殿場, Domestic conference
02 Feb. 1989

ブラックボックスを保持することを証明する零知識証明
岡本龍明; 太田和夫
Oral presentation, Japanese, 1989年暗号と情報セキュリティシンポジウム, 電子情報通信学会 情報セキュリティ研究会（CIS研究会）, 御殿場, Domestic conference
02 Feb. 1989

Fiat-Shamir法を用いた多重署名
太田和夫; 岡本龍明
Oral presentation, Japanese, 1989年電子情報通信学会春季全国大会, 電子情報通信学会, Domestic conference
1989

単一の選挙管理者を用いた電子投票方式
太田和夫
Oral presentation, Japanese, 昭和63年度電子情報通信学会春季全国大会, 電子s情報通信学会, Domestic conference
Mar. 1988

k乗根の計算の困難性を用いた効率のよい認証方式
太田和夫
Oral presentation, Japanese, 1988年暗号と情報セキュリティシンポジウム, 電子通信学会, 函南, Domestic conference
22 Feb. 1988

田中の鍵生成法の安全性について
太田和夫
Oral presentation, Japanese, 1988年暗号と情報セキュリティワークショップ, 電子通信学会, Domestic conference
1988

RSA暗号を利用した個人識別情報に基づく認証方式とその応用
太田和夫
Oral presentation, Japanese, 1988年情報理論とその応用シンポジウム, 情報理論とその応用学会, Domestic conference
1988

安全なコンピュータシステムを設計するためのセキュリティチェックリストの記述法の提案
太田和夫; 白石旭
Oral presentation, Japanese, 情報処理学会第34回全国大会, 情報処理学会, Domestic conference
Mar. 1987

公開マスター鍵を用いた効率の良い同報暗号通信方式
太田和夫
Oral presentation, Japanese, 1987年暗号と情報セキュリティシンポジウム, 電子通信学会, Domestic conference
1987

効率のよい同報暗号通信
太田和夫
Oral presentation, Japanese, 電子通信学会情報ネットワーク研究会, 電子通信学会, Domestic conference
1987

放送通信路によるID-Based 複数局間鍵配送方式
太田和夫; 小山謙二
Oral presentation, Japanese, 電子通信学会情報情報理論（IT)研究会, 電子通信学会, Domestic conference
1987

セキュリティチェックリストの記述法の提案
太田和夫; 白石旭
Oral presentation, Japanese, 1987年暗号と情報セキュリティワークショップ, 電子通信学会, Domestic conference
1987

RSAマスタ鍵による秘密情報の共有法
太田和夫
Oral presentation, Japanese, 昭和61年度電子通信学会情報システム部門全国大会, 電子通信学会, Domestic conference
Sep. 1986

Meet in the Middle Attack に対するディジタル署名の安全性について
太田和夫
Oral presentation, Japanese, 電子通信学会オートマトンと言語（AL）研究会, 電子通信学会, 九州大学, Domestic conference
19 Mar. 1986

RSAマスタ鍵による同報通信における安全性
太田和夫
Oral presentation, Japanese, 1986年暗号と情報セキュリティワークショップ, 電子通信学会, Domestic conference
1986

拡張RSA法を利用した多重署名法に対する一攻撃法
太田和夫
Oral presentation, Japanese, 1986年情報理論とその応用シンポジウム, 情報理論とその応用学会, Domestic conference
1986

Meet in the Middle Attack に対するディジタル署名の安全性の検討
太田和夫
Oral presentation, Japanese, 昭和60年度電子通信学会情報システム部門全国大会, 電子通信学会, Domestic conference
Sep. 1985

計算機網における暗号鍵の配送方法の検討
太田和夫
Oral presentation, Japanese, 昭和60年度電子通信学会総合全国大会, 電子通信学会, Domestic conference
Mar. 1985

Birthday Attack に対するディジタル署名の安全性について
太田和夫
Oral presentation, Japanese, 昭和59年度電子通信学会総合全国大会, 電子通信学会, 早稲田大学, Domestic conference
28 Mar. 1984

オートマトンモデルによるプロトコル変換の定式化
太田和夫
Oral presentation, Japanese, 電子通信学会オートマトンと言語（AL）研究会, 電子通信学会, 九州大学, Domestic conference
17 Nov. 1983

オートマトンモデルによるプロトコル変換の定式化
太田和夫
Oral presentation, Japanese, 昭和58年度電子通信学会情報システム部門全国大会, 電子通信学会, 慶応大学, Domestic conference
Sep. 1983

Birthday Attack に対する安全性についての一考察
太田和夫
Oral presentation, Japanese, 昭和59年度電子通信学会情報システム部門全国大会, 電子通信学会, Domestic conference
Sep. 1983

変換アルゴリズム設計法の一提案
太田和夫; 大原康博
Oral presentation, Japanese, 情報処理学会第25回（昭和57年後期）全国大会, 情報処理学会, 九州大学, Domestic conference
19 Oct. 1982

異なるプロトコルに従う有限状態マシンの通信可能性に関する一考察
太田和夫; 大原康博
Oral presentation, Japanese, 昭和57年度電子通信学会総合全国大会, 電子通信学会, 中央大学, Domestic conference
Mar. 1982

DCNAと他ネットワークアーキテクチャとの変換方式について
太田和夫; 大原康博
Oral presentation, Japanese, 昭和57年度電子通信学会総合全国大会, 電子通信学会, 中央大学, Domestic conference
Mar. 1982

GP実現方式の遅延特性に関する一考察
太田和夫
Oral presentation, Japanese, 昭和56年度電子通信学会情報システム部門全国大会, 電子通信学会, 金沢大学, Domestic conference
Sep. 1981

Current Topics in Emerging Multi-interdisciplinary Engineering A
The University of Electro-Communications

学域特別講義A（融合領域の最新動向A)
電気通信大学

Introduction to Theory of Computation
The University of Electro-Communications

Introduction to Theory of Computation
電気通信大学

暗号理論特論
The University of Electro-Communications

暗号情報セキュリティ
The University of Electro-Communications

暗号情報セキュリティ
電気通信大学

数論アルゴリズム
The University of Electro-Communications

数論アルゴリズム
電気通信大学

離散数学
The University of Electro-Communications

離散数学
電気通信大学

社会システム・セキュリティ論（後期）
The University of Electro-Communications

社会システム・セキュリティ論（後期）
電気通信大学

離散数学第一(後期）離散数学第一演習(後期）
The University of Electro-Communications

離散数学第一(後期）離散数学第一演習(後期）
電気通信大学

暗号理論（後期）
The University of Electro-Communications

暗号理論（後期）
電気通信大学

応用代数学基礎
The University of Electro-Communications

応用代数学基礎
電気通信大学

Introduction to The Theory of Computations
The University of Electro-Communications

Introduction to The Theory of Computations
電気通信大学

Advanced Topics on Cryptography
The University of Electro-Communications

暗号理論特論
電気通信大学

情報セキュリティシステム
The University of Electro-Communications

情報セキュリティシステム
電気通信大学

暗号理論
The University of Electro-Communications

暗号理論
電気通信大学

電子情報通信学会

情報処理学会

IACR

暗号技術によるIoTエコシステムのレジリエンス向上
崎山一男
11 Jun. 2018 - 31 Mar. 2023

長期間運用に耐えうる共通鍵暗号による秘匿検索暗号
01 Apr. 2018 - 31 Mar. 2022

New Paradigm to Construct Public Key Cryptographic Schemes for Lightweight Devices with Provable Security against Quantum Attackers
SANTOSO BAGUS
01 Apr. 2018 - 31 Mar. 2022

情報理論的暗号理論における統一的パラダイムの深化、発展とその応用
四方 順司
01 Apr. 2018 - 31 Mar. 2021

情報理論的暗号理論における統一的パラダイムの構築とその応用
四方 順司
01 Apr. 2015 - 31 Mar. 2017

情報理論的安全性をもつマルチキャスト通信の構築とその安全性解析
岩本 貢
01 Apr. 2014 - 31 Mar. 2017

サイドチャネル攻撃の限界追及と情報漏洩メカニズムの解明
崎山 一男
2010 - 2012

暗号プリミティブの安全性検証の自動化への展開
2007 - 2009

研究助成
株式会社日立製作所システム開発研究所, 研究助成
2009

マルチユーザ情報理論と暗号理論のネットワーク符号化への展開
小林 欣吾
2006 - 2008

研究助成
株式会社日立製作所システム開発研究所, 研究助成
2008

量子論理回路の最適化に関する研究
西野哲朗
2004 - 2007

最小ベクトル問題と格子アルゴリズムの公開鍵暗号への応用に関する研究
2004 - 2006

代数群の整数論の計算整数論への応用
木田 雅成
2004 - 2006

暗号学的ハッシュ関数の衝突攻撃に対する安全性評価
財団法人電気通信普及財団
2006

量子アルゴリズムに対する公開鍵暗号及び秘密鍵暗号の安全性評価
太田和夫
Principal investigator
2004 - 2005

量子アルゴリズムに対する公開鍵及び共通鍵暗号の安全性評価
太田和夫
Principal investigator
2003 - 2003

研究助成
株式会社キャンパスクリエイト, 研究助成
2003

研究助成
株式会社アルファシステムズ, 研究助成
2003

安全で効率的な小額電子決済手法の構成に関する研究
財団法人国際コミュニケーション基金, 研究助成
2003

量子アルゴリズムに対する共通鍵暗号の安全性評価
太田和夫
Principal investigator
2002 - 2002

研究助成
株式会社キャンパスクリエイト, 研究助成
2002

量子アルゴリズムに対する共通鍵暗号の安全性評価
太田和夫
Principal investigator
2001 - 2001

動的検索可能暗号処理システム及び動的検索可能暗号処理方法
Patent right, 渡邉洋平, 岩本貢, 太田和夫, 特願2019-3908, Date applied: 11 Jan. 2019, National Institute of Information and Communications Technology

個体別情報生成装置，暗号化装置，認証装置，及び個体別情 報生成方法
Patent right, 山本大, 竹仲正彦, 伊藤孝一, 落合隆夫, 崎山一男, 岩本貢, 太田和夫, 特願2011-279002, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学, 特開2013-131869, Date announced: 04 Jul. 2013

温度センサ，暗号化装置，暗号化方法，及び個体別情報生成装置
Patent right, 山本大, 落合隆夫, 武仲正彦, 伊藤孝一, 崎山一男, 岩本貢, 太田和夫, 特願2011-279001, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学, 特開2013-131868, Date announced: 04 Jul. 2013

温度センサ，暗号化装置，暗号化方法，及び個体別情報生成装置
Patent right, 山本大, 落合隆夫, 武仲正彦, 伊藤孝一, 崎山一男, 岩本貢, 太田和夫, 特願2011-279000, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学, 特開2013-130434, Date announced: 04 Jul. 2013

個体別情報生成装置及び個体別情報生成方法
Patent right, 山本大, 武仲正彦, 伊藤孝一, 落合隆夫, 岩本貢, 太田和夫, 崎山一男, 特願 2011-278999, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学, 特開2013-131867, Date announced: 04 Jul. 2013

暗号化鍵生成装置およびプログラム
Patent right, 駒野雄一, 太田和夫, 崎山一男, 特願2011-275637, Date applied: 16 Dec. 2011, 株式会社東芝, 特開2013-126221, Date announced: 24 Jun. 2013

回路故障検出装置、回路故障検出方法
Patent right, 佐々木悠, 崎山一男, 太田和夫, 特願 2010-275596, Date applied: 10 Dec. 2010, 東日本電信電話株式会社 、国立大学法人電気通信大学, 特開2012-122931, Date announced: 28 Jun. 2012

検索システム，検索システムの検索方法，情報処理装置，検索プログラム，対応キーワード管理装置および対応キーワード管理プログラム
Patent right, 伊藤隆, 服部充洋, 松田規, 太田和夫, 坂井祐介, 特願2011-035677, Date applied: 20 Feb. 2012, 三菱電機株式会社，国立大学法人電気通信大学

検索システム、検索システムの検索方法、情報処理装置、検索プログラム、対応キーワード管理装置および対応キーワード管理プログラム
Patent right, 伊藤隆, 服部充洋, 松田規, 太田和夫, 坂井祐介, PCT/JP2012/053948, Date applied: 20 Feb. 2012, 三菱電機株式会社，国立大学法人電気通信大学

電気錠システム
Patent right, 中谷浩茂, 梶山智史, 鍋嶋秀生, 太田和夫, 﨑山一男, 特願2010-168367, Date applied: 27 Jul. 2010, Panasonic Corporation, 特開2012-026225, Date announced: 09 Feb. 2012

個体別情報生成装置及び個体別情報生成方法
Patent right, 山本大, 武仲正彦, 伊藤孝一, 落合隆夫, 岩本貢, 太田和夫, 崎山一男, 特願2011-278999, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学

温度センサ，暗号化装置，暗号化方法，及び個体別情報生成装置
Patent right, 山本大, 落合隆夫, 武仲正彦, 伊藤孝一, 崎山一男, 岩本貢, 太田和夫, 特願2011-279000, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学

温度センサ，暗号化装置，暗号化方法，及び個体別情報生成装置
Patent right, 山本大, 落合隆夫, 武仲正彦, 伊藤孝一, 崎山一男, 岩本貢, 太田和夫, 特願2011-279001, Date applied: 20 Dec. 2011, 富士通株式会社

個体別情報生成装置，暗号化装置，認証装置，及び個体別情報生成方法
Patent right, 山本大, 武仲正彦, 伊藤孝一, 落合隆夫, 崎山一男, 岩本貢, 太田和夫, 特願2011-279002, Date applied: 20 Dec. 2011, 富士通株式会社，国立大学法人電気通信大学

暗号化鍵生成装置およびプログラム
Patent right, 駒野雄一, 太田和夫, 崎山一男, P2011-275637, Date applied: 16 Dec. 2011, 株式会社東芝

本人確認システム
Patent right, サントソバグス, 崎山一男, 太田和夫, 特願2008-289266, Date applied: 11 Nov. 2008, 国立大学法人電気通信大学, 特開 2010-118796, Date announced: 27 May 2010