Source author record

Mitsugu Iwamoto

Mitsugu Iwamoto appears in the imported research catalog. Authorship, coauthor and topic links are available while profile ownership is still unclaimed.

ResearcherUnclaimed source record

Cryptography and Security Information Theory math.IT

Catalog footprint

What is connected

5works

3topics

4close collaborators

Actions

Connect this record

Open graph Browse works

Inspect adjacent papers, topics, institutions and collaborators without losing the researcher page.

Building this map preview

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2014arXiv

Secret Sharing Schemes Based on Min-Entropies

Fundamental results on secret sharing schemes (SSSs) are discussed in the setting where security and share size are measured by (conditional) min-entropies. We first formalize a unified framework of SSSs based on (conditional) Rényi entropies, which includes SSSs based on Shannon and min entropies etc. as special cases. By deriving the lower bound of share sizes in terms of Rényi entropies based on the technique introduced by Iwamoto-Shikata, we obtain the lower bounds of share sizes measured by min entropies as well as by Shannon entropies in a unified manner. As the main contributions of this paper, we show two existential results of non-perfect SSSs based on min-entropies under several important settings. We first show that there exists a non-perfect SSS for arbitrary binary secret information and arbitrary monotone access structure. In addition, for every integers $k$ and $n$ ($k \le n$), we prove that the ideal non-perfect $(k,n)$-threshold scheme exists even if the distribution of the secret is not uniformly distributed.

preprint2014arXiv

Security Formalizations and Their Relationships for Encryption and Key Agreement in Information-Theoretic Cryptography

This paper revisits formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols which are very fundamental primitives in cryptography. In general, we can formalize information-theoretic security in various ways: some of them can be formalized as stand-alone security by extending (or relaxing) Shannon's perfect secrecy or by other ways such as semantic security; some of them can be done based on composable security. Then, a natural question about this is: what is the gap between the formalizations? To answer the question, we investigate relationships between several formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. Specifically, for symmetric-key encryption protocols in a general setting including the case where there exist decryption-errors, we deal with the following formalizations of security: formalizations extended (or relaxed) from Shannon's perfect secrecy by using mutual information and statistical distance; information-theoretic analogues of indistinguishability and semantic security by Goldwasser and Micali; and composable security by Maurer et al. and Canetti. Then, we explicitly show the equivalence and non-equivalence between those formalizations. Under the model, we also derive lower bounds on the adversary's (or distinguisher's) advantage and the size of secret-keys required under all of the above formalizations. Although some of them may be already known, we can explicitly derive them all at once through our relationships between the formalizations. In addition, we briefly observe impossibility results which easily follow from the lower bounds. The similar results are also shown for key agreement protocols in a general setting including the case where there exist agreement-errors in the protocols.

preprint2012arXiv

Coding Theorems for a (2,2)-Threshold Scheme with Detectability of Impersonation Attacks

In this paper, we discuss coding theorems on a $(2, 2)$--threshold scheme in the presence of an opponent who impersonates one of the two shareholders in an asymptotic setup. We consider a situation where $n$ secrets $S^n$ from a memoryless source is blockwisely encoded to two shares and the two shares are decoded to $S^n$ with permitting negligible decoding error. We introduce correlation level of the two shares and characterize the minimum attainable rates of the shares and a uniform random number for realizing a $(2, 2)$--threshold scheme that is secure against the impersonation attack by an opponent. It is shown that, if the correlation level between the two shares equals to an $\ell \ge 0$, the minimum attainable rates coincide with $H(S)+\ell$, where $H(S)$ denotes the entropy of the source, and the maximum attainable exponent of the success probability of the impersonation attack equals to $\ell$. We also give a simple construction of an encoder and a decoder using an ordinary $(2,2)$--threshold scheme where the two shares are correlated and attains all the bounds.

preprint2012arXiv

Security Notions for Information Theoretically Secure Encryptions

This paper is concerned with several security notions for information theoretically secure encryptions defined by the variational (statistical) distance. To ensure the perfect secrecy (PS), the mutual information is often used to evaluate the statistical independence between a message and a cryptogram. On the other hand, in order to recognize the information theoretically secure encryptions and computationally secure ones comprehensively, it is necessary to reconsider the notion of PS in terms of the variational distance. However, based on the variational distance, three kinds of definitions for PS are naturally introduced, but their relations are not known. In this paper, we clarify that one of three definitions for PS with the variational distance, which is a straightforward extension of Shannon's perfect secrecy, is stronger than the others, and the weaker two definitions of PS are essentially equivalent to the statistical versions of indistinguishability and semantic security.

preprint2005arXiv

Strongly secure ramp secret sharing schemes for general access structures

Ramp secret sharing (SS) schemes can be classified into strong ramp SS schemes and weak ramp SS schemes. The strong ramp SS schemes do not leak out any part of a secret explicitly even in the case where some information about the secret leaks from a non-qualified set of shares, and hence, they are more desirable than weak ramp SS schemes. However, it is not known how to construct the strong ramp SS schemes in the case of general access structures. In this paper, it is shown that a strong ramp SS scheme can always be constructed from a SS scheme with plural secrets for any feasible general access structure. As a byproduct, it is pointed out that threshold ramp SS schemes based on Shamir's polynomial interpolation method are {\em not} always strong.