Learn More
In this paper, we show that a key encapsulation mechanism (KEM) does not have to be IND-CCA secure in the construction of hybrid encryption schemes, as was previously believed. That is, we present a more efficient hybrid encryption scheme than Shoup [12] by using a KEM which is not necessarily IND-CCA secure. Nevertheless, our scheme is secure in the sense(More)
The k-error linear complexity of a periodic sequence of period N is deened as the smallest linear complexity that can be obtained by changing k or fewer bits of the sequence per period. This paper shows a relationship between the linear complexity and the minimum value k for which the k-error linear complexity is strictly less than the linear complexity.
This paper shows that nonperfect secret sharing schemes (NSS) have matroid structures and presents a direct link between the secret sharing matroids and entropy for both perfect and nonperfect schemes. We deene natural classes of NSS and derive a lower bound of jVij for those classes. \Ideal" nonperfect schemes are deened based on this lower bound. We prove(More)
We rst show that a Feistel type block cipher is broken if the round function is approximated by a low degree vectorial Boolean function. The proposed attack is a generalization of the higher order diierential attack to a probabilistic one. We next introduce a notion of higher order bent functions in order to prevent our attack. We then show their explicit(More)
A Boolean function f satisses PC(l) of order k if f(x) f(x) is balanced for any such that 1 W () l even if any k input bits are kept constant, where W () denotes the Hamming weight of. This paper shows the rst design method of such functions which provides deg(f) 3. More than that, we show how to design \balanced" such functions. High nonlinearity and large(More)
Tompa and Woll considered a problem of cheaters in (k; n) threshold secret sharing schemes. We rst derive a tight lower bound on the size of shares jVij for this problem: jVij (jSj 0 1)= + 1, where Vi denotes the set of shares of participant Pi, S denotes the set of secrets, and denotes the cheating probability. We next present an optimum scheme which meets(More)