IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E103.A 巻, 10 号

Recent Advances in Practical Secure Multi-Party Computation

Secure multi-party computation (MPC) allows a set of parties to compute a function jointly while keeping their inputs private. MPC has been actively studied, and there are many research results both in the theoretical and practical research fields. In this paper, we introduce the basic matters on MPC and show recent practical advances. We first explain the settings, security notions, and cryptographic building blocks of MPC. Then, we show and discuss current situations on higher-level secure protocols, privacy-preserving data analysis, and frameworks/compilers for implementing MPC applications with low-cost.

Password-Based Authenticated Key Exchange without Centralized Trusted Setup

Almost all existing password-based authenticated key exchange (PAKE) schemes achieve concurrent security in the standard model by relying on the common reference string (CRS) model. A drawback of the CRS model is to require a centralized trusted authority in the setup phase; thus, passwords of parties may be revealed if the authority ill-uses trapdoor information of the CRS. There are a few secure PAKE schemes in the plain model, but, these are not achievable in a constant round (i.e., containing a linear number of rounds). In this paper, we discuss how to relax the setup assumption for (constant round) PAKE schemes. We focus on the multi-string (MS) model that allows a number of authorities (including malicious one) to provide some reference strings independently. The MS model is a more relaxed setup assumption than the CRS model because we do not trust any single authority (i.e., just assuming that a majority of authorities honestly generate their reference strings). Though the MS model is slightly restrictive than the plain model, it is very reasonable assumption because it is very easy to implement. We construct a (concurrently secure) three-move PAKE scheme in the MS model (justly without random oracles) based on the Groce-Katz PAKE scheme. The main ingredient of our scheme is the multi-string simulation-extractable non-interactive zero-knowledge proof that provides both the simulation-extractability and the extraction zero-knowledge property even if minority authorities are malicious. This work can be seen as a milestone toward constant round PAKE schemes in the plain model.

CCA-Secure Leakage-Resilient Identity-Based Encryption without q-Type Assumptions

In this paper, we propose a new leakage-resilient identity-based encryption (IBE) scheme that is secure against chosen-ciphertext attacks (CCA) in the bounded memory leakage model. The security of our scheme is based on the external k-Linear assumption. It is the first CCA-secure leakage-resilient IBE scheme which does not depend on q-type assumptions. The leakage rate 1/10 is achieved under the XDLIN assumption (k=2).

A Coin-Free Oracle-Based Augmented Black Box Framework (Full Paper)

After the work of Impagliazzo and Rudich (STOC, 1989), the black box framework has become one of the main research domain of cryptography. However black box techniques say nothing about non-black box techniques such as making use of zero-knowledge proofs. Brakerski et al. introduced a new black box framework named augmented black box framework, in which they gave a zero-knowledge proof oracle in addition to a base primitive oracle (TCC, 2011). They showed a construction of a non-interactive zero knowledge proof system based on a witness indistinguishable proof system oracle. They presented augmented black box construction of chosen ciphertext secure public key encryption scheme based on chosen plaintext secure public key encryption scheme and augmented black box separation between one-way function and key agreement. In this paper we simplify the work of Brakerski et al. by introducing a proof system oracle without witness indistinguishability, named coin-free proof system oracle, that aims to give the same construction and separation results of previous work. As a result, the augmented black box framework becomes easier to handle. Since our oracle is not witness indistinguishable, our result encompasses the result of previous work.

A Constant-Time Algorithm of CSIDH Keeping Two Points

At ASIACRYPT 2018, Castryck, Lange, Martindale, Panny and Renes proposed CSIDH, which is a key-exchange protocol based on isogenies between elliptic curves, and a candidate for post-quantum cryptography. However, the implementation by Castryck et al. is not constant-time. Specifically, a part of the secret key could be recovered by the side-channel attacks. Recently, Meyer, Campos, and Reith proposed a constant-time implementation of CSIDH by introducing dummy isogenies and taking secret exponents only from intervals of non-negative integers. Their non-negative intervals make the calculation cost of their implementation of CSIDH twice that of the worst case of the standard (variable-time) implementation of CSIDH. In this paper, we propose a more efficient constant-time algorithm that takes secret exponents from intervals symmetric with respect to the zero. For using these intervals, we need to keep two torsion points on an elliptic curve and calculation for these points. We evaluate the costs of our implementation and that of Meyer et al. in terms of the number of operations on a finite prime field. Our evaluation shows that our constant-time implementation of CSIDH reduces the calculation cost by 28% compared with the implementation by Mayer et al. We also implemented our algorithm by extending the implementation in C of Meyer et al. (originally from Castryck et al.). Then our implementation achieved 152 million clock cycles, which is about 29% faster than that of Meyer et al. and confirms the above reduction ratio in our cost evaluation.

Computational Complexity of Nurimisaki and Sashigane

Nurimisaki and Sashigane are Nikoli's pencil puzzles. We study the computational complexity of Nurimisaki and Sashigane puzzles. It is shown that deciding whether a given instance of each puzzle has a solution is NP-complete.

Complexity of the Maximum k-Path Vertex Cover Problem

This paper introduces the maximization version of the k-path vertex cover problem, called the Maximum K-Path Vertex Cover problem (MaxP_kVC for short): A path consisting of k vertices, i.e., a path of length k-1 is called a k-path. If a k-path P_k includes a vertex v in a vertex set S, then we say that v or S covers P_k. Given a graph G=(V, E) and an integer s, the goal of MaxP_kVC is to find a vertex subset S⊆V of at most s vertices such that the number of k-paths covered by S is maximized. The problem MaxP_kVC is generally NP-hard. In this paper we consider the tractability/intractability of MaxP_kVC on subclasses of graphs. We prove that MaxP₃VC remains NP-hard even for split graphs. Furthermore, if the input graph is restricted to graphs with constant bounded treewidth, then MaxP₃VC can be solved in polynomial time.

A New Polynomial-Time Solvable Graph Class for the Minimum Biclique Edge Cover Problem

The minimum biclique edge cover problem (MBECP) is NP-hard for general graphs. It is known that if we restrict an input graph to the bipartite domino-free class, MBECP can be solved within polynomial-time of input graph size. We show a new polynomial-time solvable graph class for MBECP that is characterized by three forbidden graphs, a domino, a gem and K₄. This graph class allows that an input graph is non-bipartite, and includes the bipartite domino-free graph class properly.

Efficient Algorithms for the Partial Sum Dispersion Problem

The dispersion problem is a variant of the facility location problem. Given a set P of n points and an integer k, we intend to find a subset S of P with |S|=k such that the cost min_p∈S{cost(p)} is maximized, where cost(p) is the sum of the distances from p to the nearest c points in S. We call the problem the dispersion problem with partial c sum cost, or the PcS-dispersion problem. In this paper we present two algorithms to solve the P2S-dispersion problem(c=2) if all points of P are on a line. The running times of the algorithms are O(kn² log n) and O(n log n), respectively. We also present an algorithm to solve the PcS-dispersion problem if all points of P are on a line. The running time of the algorithm is O(kn^c+1).

On Dimensionally Orthogonal Diagonal Hypercubes

In this paper, we propose a notion for high-dimensional generalizations of mutually orthogonal Latin squares (MOLS) and mutually orthogonal diagonal Latin squares (MODLS), called mutually dimensionally orthogonal d-cubes (MOC) and mutually dimensionally orthogonal diagonal d-cubes (MODC). Systematic constructions for MOC and MODC by using polynomials over finite fields are investigated. In particular, for 3-dimensional cubes, the results for the maximum possible number of MODC are improved by adopting the proposed construction.

Complex Orthogonal Variable Spreading Factor Codes Based on Polyphase Sequences

The direct sequence code division multiple access (DS-CDMA) technique is widely used in various communication systems. When adopting orthogonal variable spreading factor (OVSF) codes, DS-CDMA is particularly suitable for supporting multi-user/multi-rate data transmission services. A useful property of OVSF codes is that no two code sequences assigned to different users will ever interfere with each other, even if their spreading factors are different. Conventional OVSF codes are constructed based on binary orthogonal codes, called Walsh codes, and OVSF code sequences are binary sequences. In this paper, we propose new OVSF codes that are constructed based on polyphase orthogonal codes and consist of complex sequences in which each symbol is represented as a complex number. Construction of the proposed codes is based on a tree structure that is similar to conventional OVSF codes. Since the proposed codes are generalized versions of conventional OVSF codes, any conventional OVSF code can be presented as a special case of the proposed codes. Herein, we show the method used to construct the proposed OVSF codes, after which the orthogonality of the codes, including conventional OVSF codes, is investigated. Among the advantages of our proposed OVSF codes is that the spreading factor can be designed more flexibly in each layer than is possible with conventional OVSF codes. Furthermore, combination of the proposed code and a non-binary phase modulation is well suited to DS-CDMA systems where the level fluctuation of signal envelope is required to be suppressed.

Codeword Set Selection for the Error-Correcting 4b/10b Line Code with Maximum Clique Enumeration

This paper addresses the problem of finding, evaluating, and selecting the best set of codewords for the 4b/10b line code, a dependable line code with forward error correction (FEC) designed for real-time communication. Based on the results of our scheme [1], we formulate codeword search as an instance of the maximum clique problem, and enumerate all candidate codeword sets via maximum clique enumeration as proposed by Eblen et al. [2]. We then measure each set in terms of resistance to bit errors caused by noise and present a canonical set of codewords for the 4b/10b line code. Additionally, we show that maximum clique enumeration is #P-hard.

Non-Closure Properties of Multi-Inkdot Nondeterministic Turing Machines with Sublogarithmic Space

This paper investigates the closure properties of multi-inkdot nondeterministic Turing machines with sublogarithmic space. We show that the class of sets accepted by the Turing machines is not closed under concatenation with regular set, Kleene closure, length-preserving homomorphism, and intersection.

Design and Construction of Irregular LDPC Codes for Channels with Synchronization Errors: New Aspect of Degree Profiles

Over the past two decades, irregular low-density parity-check (LDPC) codes have not been able to decode information corrupted by insertion and deletion (ID) errors without markers. In this paper, we bring to light the existence of irregular LDPC codes that approach the symmetric information rates (SIR) of the channel with ID errors, even without markers. These codes have peculiar shapes in their check-node degree distributions. Specifically, the check-node degrees are scattered and there are degree-2 check nodes. We propose a code construction method based on the progressive edge-growth algorithm tailored for the scattered check-node degree distributions, which enables the SIR-approaching codes to progress in the finite-length regime. Moreover, the SIR-approaching codes demonstrate asymptotic and finite-length performance that outperform the existing counterparts, namely, concatenated coding of irregular LDPC codes with markers and spatially coupled LDPC codes.

4th Order Moment-Based Linear Prediction for Estimating Ringing Sound of Impulsive Noise in Speech Enhancement

Speech enhancement has been proposed to reduce the impulsive noise whose frequency characteristic is wideband. On the other hand, it is challenging to reduce the ringing sound, which is narrowband in impulsive noise. Therefore, we propose the modeling of the ringing sound and its estimation by a linear predictor (LP). However, it is difficult to estimate the ringing sound only in noisy speech due to the auto-correlation property of speech. The proposed system adopts the 4th order moment-based adaptive algorithm by noticing the difference between the 4th order statistics of speech and impulsive noise. The brief analysis and simulation results show that the proposed system has the potential to reduce ringing sound while keeping the quality of enhanced speech.