Fault-tolerant aggregate signature (FT-AS) is a special type of aggregate signature that is equipped with the functionality for tracing signers who generated invalid signatures in the case an ...aggregate signature is detected as invalid. In existing FT-AS schemes (whose tracing functionality requires multi-rounds), a verifier needs to send a feedback to an aggregator for efficiently tracing the invalid signer(s). However, in practice, if this feedback is not responded to the aggregator in a sufficiently fast and timely manner, the tracing process will fail. Therefore, it is important to estimate whether this feedback can be responded and received in time on a real system. In this work, we measure the total processing time required for the feedback by implementing an existing FT-AS scheme, and evaluate whether the scheme works without problems in real systems. Our experimental results show that the time required for the feedback is 605.3ms for a typical parameter setting, which indicates that if the acceptable feedback time is significantly larger than a few hundred ms, the existing FT-AS scheme would effectively work in such systems. However, there are situations where such feedback time is not acceptable, in which case the existing FT-AS scheme cannot be used. Therefore, we further propose a novel FT-AS scheme that does not require any feedback. We also implement our new scheme and show that a feedback in this scheme is completely eliminated but the size of its aggregate signature (affecting the communication cost from the aggregator to the verifier) is 144.9 times larger than that of the existing FT-AS scheme (with feedbacks) for a typical parameter setting, and thus has a trade-off between the feedback waiting time and the communication cost from the verifier to the aggregator with the existing FT-AS scheme.
In this paper, we present the first generic construction of a chosen-ciphertext (CCA) secure uni-directional proxy re-encryption (PRE) scheme. In particular, full CCA security (i.e., not relaxed CCA ...security such as replayable CCA security) of our proposed scheme is proven even against powerful adversaries that are given a more advantageous attack environment than in all previous works, and furthermore, random oracles are not required. To achieve such strong security, we establish a totally novel methodology for designing PRE based on a specific class of threshold encryption. Via our generic construction, we present the first construction that is CCA secure in the standard model.
A fault-tolerant aggregate signature (FT-AS) scheme is a variant of an aggregate signature scheme with the additional functionality to trace signers that create invalid signatures in case an ...aggregate signature is invalid. Several FT-AS schemes have been proposed so far, and some of them trace such rogue signers in multi-rounds, i.e., the setting where the signers repeatedly send their individual signatures. However, it has been overlooked that there exists a potential attack on the efficiency of bandwidth consumption in a multi-round FT-AS scheme. Since one of the merits of aggregate signature schemes is the efficiency of bandwidth consumption, such an attack might be critical for multi-round FT-AS schemes. In this paper, we propose a new multi-round FT-AS scheme that is tolerant of such an attack. We implement our scheme and experimentally show that it is more efficient than the existing multi-round FT-AS scheme if rogue signers randomly create invalid signatures with low probability, which for example captures spontaneous failures of devices in IoT systems.
Accidental transmission of hop stunt viroid (HSVd) from grapevine to hop has led to several epidemics of hop stunt disease with convergent evolution of HSVd-g(rape) into HSVd-h(op) containing five ...mutations. However, the biological function of these five mutations remains unknown. In this study, we compare the biological property of HSVd-g and HSVd-h by bioassay and analyze HSVd-specific small RNA (HSVd-sRNA) using high-throughput sequencing. The bioassay indicated an association of these five mutations with differences in infectivity, replication capacity, and pathogenicity between HSVd-g and HSVd-h, e.g., HSVd-g induced more severe symptoms than HSVd-h in cucumber. Site-directed mutagenesis of HSVd-g showed that the mutation at position 54 increased pathogenicity. HSVd-sRNA analysis of cucumber and hop plants infected with different HSVd variants showed that several sRNA species containing adaptive nucleotides were specifically down-regulated in plants infected with HSVd-h. Several HSVd-sRNAs containing adaptive mutations were predicted to target cucumber genes, but changes in the levels of these genes were not directly correlated with changes in symptom expression. Furthermore, expression levels of two other cucumber genes targeted by HSVd-RNAs, encoding ethylene-responsive transcription factor ERF011, and trihelix transcription factor GTL2, were altered by HSVd infection. The possible relationship between these two genes to HSVd pathogenicity is discussed.
Homomorphic encryption (HE) is useful to analyze encrypted data without decrypting it. However, by using ordinary HE, a user who can decrypt a ciphertext that is generated by executing homomorphic ...operations, can also decrypt ciphertexts on which homomorphic evaluations have not been performed, since homomorphic operations cannot be executed among ciphertexts which are encrypted under different public keys. To resolve the above problem, we introduce a new cryptographic primitive called Homomorphic Proxy Re-Encryption (HPRE) combining the “key-switching” property of Proxy Re-Encryption (PRE) and the homomorphic property of HE. In our HPRE, original ciphertexts (which have not been re-encrypted) guarantee CCA2 security (and in particular satisfy non-malleability). On the other hand, re-encrypted ciphertexts only guarantee CPA security, so that homomorphic operations can be performed on them. We define the functional/security requirements of HPRE, and then propose a specific construction supporting the group operation (over the target group in bilinear groups) based on the PRE scheme by Libert and Vergnaud (PKC 2008) and the CCA secure public key encryption scheme by Lai et al. (CT-RSA 2010), and prove its security in the standard model. Additionally, we show two extensions of our HPRE scheme for the group operation: an HPRE scheme for addition and an HPRE scheme for degree-2 polynomials (in which the number of degree-2 terms is constant), by using the technique of the recent work by Catalano and Fiore (ACMCCS 2015).
•A broad spectrum of phenotypes was produced by heavy-ion beam irradiation.•Lipid production fatty acid profiles and starch contents were altered.•Heavy-ion beam irradiation shows potential in the ...breeding of microalgae.
Heavy-ion mutagenesis is a technology used for effective production of genetic mutants. This study demonstrates that algal breeding using a unicellular alga, Parachlorella kessleri, by heavy-ion mutagenesis can improve lipid yield in laboratory experiments. The primary screening yielded 23 mutants among which a secondary screening yielded 7 strains, which were subjected to phenotypic assays. P. kessleri strains produced by heavy-ion radiation spanned a broad spectrum of phenotypes that differed in lipid content and fatty acid profiles. Starch grain morphology was distinctively altered in one of the mutants. The growth of strain PK4 was comparable to that of the wild type under stress-free culture conditions, and the mutant also produced large quantities of lipids, a combination of traits that may be of commercial interest. Thus, heavy-ion irradiation is an effective mutagenic agent for microalgae and may have potential in the production of strains with gain-of-function phenotypes.
The purpose of this study is to discuss epidemic communication for drones to share information in flight and to develop a wireless system for implementation. Various theoretical studies have been ...conducted on epidemic communication, but their applications are not clear, so a system that assumes practical use is developed. As the main evaluation items, we analyzed the effect of communication interference between drones on the amount of data transmission, and furthermore, proposed an optimal transmission method depending on the flight speed. In these analysis results, we designed functions to be implemented in drones, developed wireless devices, and confirmed their operation through demonstration tests using actual drones. Based on the results of this research, we succeeded in identifying issues to be addressed in order to implement the system on drones and in developing an epidemic communication system based on the results of demonstration experiments, thereby contributing to the realization of inter-drone communication in the future.
In the situation where there are one sender and multiple receivers and the sender transmits ciphertexts of correlated plaintexts, a receiver selective opening (RSO) attack for a public key encryption ...(PKE) scheme considers adversaries that can corrupt some of the receivers and get their secret keys and plaintexts. Security against RSO attacks for a PKE scheme ensures confidentiality of ciphertexts of uncorrupted receivers. Simulation-based RSO security against chosen ciphertext attacks (SIM-RSO-CCA) is the strongest security notion in all RSO attack scenarios. Jia, Lu, and Li (2016) 19 proposed the first SIM-RSO-CCA secure PKE scheme. However, their scheme used indistinguishability obfuscation, which is not known to be constructed from any standard computational assumption. In this paper, we give two contributions for constructing SIM-RSO-CCA secure PKE from standard computational assumptions. Firstly, we propose a generic construction of SIM-RSO-CCA secure PKE using an IND-CPA secure PKE scheme and a non-interactive zero-knowledge proof system satisfying one-time simulation soundness. Secondly, we propose an efficient and concrete construction of SIM-RSO-CCA secure PKE based on the decisional Diffie-Hellman (DDH) assumption. Moreover, we give a method for efficiently expanding the plaintext space of the DDH-based construction. By applying this method to the construction, we obtain the first DDH-based SIM-RSO-CCA secure PKE scheme supporting a super-polynomially large plaintext space with compact ciphertexts.
Aggregate signature schemes enable us to aggregate multiple signatures into a single short signature. One of its typical applications is sensor networks, where a large number of users and devices ...measure their environments, create signatures to ensure the integrity of the measurements, and transmit their signed data. However, if an invalid signature is mixed into aggregation, the aggregate signature becomes invalid, thus if an aggregate signature is invalid, it is necessary to identify the invalid signature. Furthermore, we need to deal with a situation where an invalid sensor generates invalid signatures probabilistically. In this paper, we introduce a model of aggregate signature schemes with interactive tracing functionality that captures such a situation, and define its functional and security requirements and propose aggregate signature schemes that can identify all rogue sensors. More concretely, based on the idea of Dynamic Traitor Tracing, we can trace rogue sensors dynamically and incrementally, and eventually identify all rogue sensors of generating invalid signatures even if the rogue sensors adaptively collude. In addition, the efficiency of our proposed method is also sufficiently practical.
PDF
