Kaoru Kurosawa

Learn More
In this paper, we show that a key encapsulation mechanism (KEM) does not have to be IND-CCA secure in the construction of hybrid encryption schemes, as was previously believed. That is, we present a more efficient hybrid encryption scheme than Shoup [12] by using a KEM which is not necessarily IND-CCA secure. Nevertheless, our scheme is secure in the sense(More)
In this paper, we present One-key CBC MAC (OMAC) and prove its security for arbitrary length messages. OMAC takes only one key, K (k bits) of a block cipher E. Previously, XCBC requires three keys, (k + 2n) bits in total, and TMAC requires two keys, (k + n) bits in total, where n denotes the block length of E. The saving of the key length makes the security(More)
A MIX net takes a list of ciphertexts (c1, · · · , cN ) and outputs a permuted list of the plaintexts (m1, · · · ,mN ) without revealing the relationship between (c1, · · · , cN ) and (m1, · · · ,mN ). This paper first shows that the Jakobsson’s MIX net of Eurocrypt’98, which was believed to be resilient and very efficient, is broken. We next propose an(More)
In this paper, we introduce a notion of Oblivious Keyword Search (OKS). Let W be the set of possible keywords. In the commit phase, a database supplier T commits n data. In each transfer subphase, a user U can choose a keyword w ∈ W adaptively and find Search(w) without revealing w to T , where Search(w) is the set of all data which includes w as a keyword.(More)
A traceability scheme is a broadcast encryption scheme such that a data supplier T can trace malicious authorized users (traitors) who gave a decryption key to an unauthorized user (pirate). This paper rst derives lower bounds on the sizes of keys and ciphertexts. These bounds are all tight because an optimum one-time use scheme is also presented. We then(More)
Tompa and Woll considered a problem of cheaters in (k; n) threshold secret sharing schemes. We rst derive a tight lower bound on the size of shares jV i j for this problem: jV i j (jSj 1)= + 1, where V i denotes the set of shares of participant P i , S denotes the set of secrets, and denotes the cheating probability. We next present an optimum scheme which(More)