Miyaji Laboratory

<h3>Participants</h3>

<p>SAProof Chen Mou, AProof Okumura,Shishido,Kodera,Hector</p>

<h3>Appearance of the conference</h3>

<p>

• Kazuhiro Minami from the Institute of Statistical Mathematics presented "A First Step towards Statistical Disclosure Control on Multiple Linked Tables," in which they investigated some issues involved in controlling statistical disclosure of multiple tables. This is an interesting problem because private information can be revealed indirectly from intersections of multiple tables. Their approach is to construct a single consolidated high-dimensional table from multiple linked tables to represent the constraints of each input table in an integrated way. I think this is an important tool for protecting user privacy in big-data applications.
• 星野文学 from NTTセキュアプラットフォーム研究所 presented "ペアリング積等式の一括検証の最適化," in which he formulated the problem of finding the optimal strategy for pairing computation as an integer programming problem. This seems interesting to me, but unfortunately this is a preliminary work, in which the author just presented the problem formulation without giving any evaluation or experimental results.
• Dennis Kengo Oka from Synopsys presented "Open-Source Software in Your Car --- What Can Go Wrong?" In his presentation, he reported their results of practical evaluation based on software composition analysis of 14 automotive software packages with the focus on analyzing open-source software risks. They found that all 14 software contain open-source components with critical vulnerabilities. This seems a really bad news, as open-source is so widely used in industry, which presents a serious security challenge to the industry and academia.
• Ei Mon Cho from AIST presented "Security Analysis of DST40 Automobile Protocol," in which they analyzed the popular passive keyless entry and start system DST40 from TI. She then discussed how to break these systems using relay attacks or time-memory trade-off attacks, as well as presented some countermeasures.
• Bagus Santoso from University of Electro-Communications presented "Another Look at One-More Discrete Logarithm Problem in Generic Model," in which he provided a proof that the hardness of one-more discrete logarithm problem in the generic model can be guaranteed by the hardness of the regular discrete logarithm problem in the generic model, under a certain mild assumption. This is very interesting, and the talk was very easy to follow.
• 長沼健 from 日立製作所 and 東京大学 presented "PBIを用いたブロックチェーン向け鍵管理技術." The idea is to use biometrics in a public biometric infrastructure to generate the private keys to establish the ownership of cryptocurrencies on blockchains. This way we would not need any special hardware for storing the private keys, making the key management really easy. He also performed some live demo to show how the system works. It is a very impressive presentation, and the research work seems solid.
• Hyungrok Jo from the University of Tokyo presented "On the security of Cayley hash functions based on LPS-type Ramanujan graphs." This is a follow-up work to the work done by Charles, Goren, and Lauter in 2009. The idea is to build cryptographic hash functions based on the explicit Ramanujan graphs, and the author focused on Cayley hash functions based on similar but slightly generalized Ramanujan graphs. He also presented their analysis on their security of their proposal against a lifting attack for collision finding.
• Camille Gay from Synopsys presented "Fuzzing the filesystem layer of IoT devices over USB," in which he introduced how they developed a tool to fuzz filesystems over USB, and how they used it to uncover bugs in Windows, Android, and some Linux distributions at kernel level. In the worst case, such bugs could enable attackers to abuse USB/SD ports to run arbitrary code on IoT devices. As a result, he suggested that filesystem fuzzing should be part of the security evaluation of IoT devices.
• There is an entire session on isogeny-based cryptography.
• 松尾和人 from 神奈川大学 presented "ツイストを利用したSIDH." This is a very interesting idea: he proposed to consider using a quadratic twist of the same curve to do SIDH. That is, Alice and Bob in SIDH will be using two curves that are non-isomorphic over the defining field. This way we can have more freedom in selecting the parameters such as the defining field and hence might have a more efficient SIDH-like key exchange scheme.
• 相川勇輔 from 北海道大学 and 東京大学 presented "同種写像暗号CSIDHの計算量評価と高速化パラメータ," in which they analyzed the detailed cost of CSIDH computation and proposed to reduce the cost by having an uneven exponent range for different primes. The idea is quite interesting, and the result seems useful, achieving a 4% reduction in computational cost without affecting the security.
• 守谷共起 from 東京大学 presented "同種写像暗号のCSIDHを用いたグループ鍵共有方式とその応用," in which they constructed a group key exchange scheme based on CSIDH and proved the security of the construction via reduction to some isogeny-based hard problem.
• 高島克幸 from 三菱電機 presented "同種写像を用いた1ラウンド認証グループ鍵共有," which is a shortened version of his talk at ECC 2018.
• 寺田槙太郎 from 茨城大学 presented "CSIDHに基づくパスワードベース認証鍵交換," in which they constructed a password-based authenticated key exchange scheme based on CSIDH and provided a reductionist security proof.
• Maxim Jourenko from Tokyo Institute of Technology presented "Notes on Offchain Protocols," in which they revisited several existing off-chain channels, payment and state, payment networks and their respective network management algorithms for blockchains. The authors did a nice service to the research community by providing a comprehensive list of the state-of-art protocols available in the literature, outlining their respective approaches, advantages, and disadvantages.
• Kiraku Minami from Kyoto University presented "Trace Equivalence and Epistemic Logic to Express Security Properties," in which he provided an epistemic logic for the applied pi calculus and used it to show that trace equivalence is pertinent to capture security notions in the presence of a non-adaptive attacker. Their results seem to imply that trace equivalence is more suitable to express security notions than lebelled bisimilarity.</p>