Lecture Notes in Computer Science 1560 Editedby G.Goos,J. Hartmanisand J.van Leeuwen 3 Berlin Heidelberg NewYork Barcelona HongKong London Milan Paris Singapore Tokyo Hideki Imai Yuliang Zheng (Eds.) Public Key Cryptography Second International Workshop on Practice and Theory in Public Key Cryptography, PKC’99 Kamakura, Japan, March 1-3, 1999 Proceedings 1 3 SeriesEditors GerhardGoos,KarlsruheUniversity,Germany JurisHartmanis,CornellUniversity,NY,USA JanvanLeeuwen,UtrechtUniversity,TheNetherlands VolumeEditors HidekiImai TheThirdDepartment,InstituteofIndustrialScience UniversityofTokyo 7-22-1,Roppongi,Minato-ku,Tokyo,106-8558,Japan E-mail:[email protected] YuliangZheng SchoolofComputingandInformationTechnology MonashUniversity McMahonsRoad,Frankston,Melbourne,VIC3199,Australia E-mail:[email protected] Cataloging-in-Publicationdataappliedfor DieDeutscheBibliothek-CIP-Einheitsaufnahme Publickeycryptography:proceedings/SecondInternational WorkshoponPracticeandTheoryinPublicKeyCryptography,PKC ’99,Kamakura,Japan,March1-3,1999.HidekiImai;Yuliang Zheng(ed.).-Berlin;Heidelberg;NewYork;Barcelona;Hong Kong;London;Milan;Paris;Singapore;Tokyo:Springer,1999 (Lecturenotesincomputerscience;Vol.1560) ISBN3-540-65644-8 CRSubjectClassification(1998):E.3,G.2.1,D.4.6,K.6.5,F.2.1-2,C.2,J.1 ISSN0302-9743 ISBN3-540-65644-8Springer-VerlagBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer-Verlag.Violationsare liableforprosecutionundertheGermanCopyrightLaw. (cid:1)c Springer-VerlagBerlinHeidelberg1999 PrintedinGermany Typesetting:Camera-readybyauthor SPIN10702882 06/3142–543210 Printedonacid-freepaper Preface ThePKC’99conference,heldintheancientcapitalofKamakura,Japan,March 1-3, 1999, represents the second conference in the international workshop series dedicated to the practice and theory in public key cryptography. Theprogramcommitteeoftheconferencereceived61submissionsfrom12coun- triesandregions(Australia,Canada,Finland,France,Japan,SaudiArabia,Sin- gapore,Spain,Taiwan,UK,USA,andYugoslavia),ofwhich25wereselectedfor presentation. All submissions were reviewed by experts in the relevant areas. The program committee consisted of Chin-Chen Chang of the National Chung ChengUniversity,Taiwan,YvoDesmedtoftheUniversityofWisconsin-Milwaukee, USA,HidekiImai(Co-Chair)oftheUniversityofTokyo,Japan,MarkusJakob- sson of Bell Labs, USA, Kwangjo Kim of Information and Communications University, Korea, Arjen Lenstra of Citibank, USA, Tsutomu Matsumoto of YokohamaNationalUniversity,Japan,EijiOkamotoofJAIST,Japan,Tatsuaki Okamoto of NTT, Japan, Nigel Smart of HP Labs Bristol, UK, and Yuliang Zheng (Co-Chair) of Monash University, Australia. Members of the committee spent numerous hours in reviewing the submissions and providing advice and comments on the selection of papers. We would like to take this opportunity to thankallthemembersfortheirinvaluablehelpinproducingsuchahighquality technical program. Theprogramcommitteealsoaskedexpertadviceofmanyoftheircolleagues,in- cluding:MasayukiAbe,KazumaroAoki,DanielBleichenbacher,AtsushiFujioka, Eiichiro Fujisaki, Chandana Gamage, Brian King, Kunio Kobayashi, Tetsutaro Kobayashi, Phil MacKenzie, Hidemi Moribatake, Kazuo Ohta, Amin Shokrol- lahi, Shigenori Uchiyama, and Yongge Wang. We thank them all for their help. The conference would not have been successful without the skillful assistance of the members of the organizing committee. Our special thanks go to Takashi Mano of IPA, Japan, Kanta Matsuura and Hidenori Shida, both of University of Tokyo, Japan. Last, but not least, we would like to thank all the people who submitted their paperstotheconference(includingthosewhosesubmissionswerenotsuccessful), as well as the workshop participants from around the world, for their support which made this conference possible. March 1999 University of Tokyo, Japan Hideki Imai Monash University, Melbourne, Australia Yuliang Zheng PKC’99 1999 International Workshop on Practice and Theory in Public Key Cryptography Kamakura Prince Hotel, Kamakura, Japan March 1-3, 1999 In cooperation with The Technical Group on Information Security, the Institute of Electronics, Information and Communication Engineers (IEICE) Organizing Committee Hideki Imai, Chair (University of Tokyo, Japan) Takashi Mano (IPA, Japan) Kanta Matsuura (University of Tokyo, Japan) Hidenori Shida (University of Tokyo, Japan) Yuliang Zheng (Monash University, Australia) Program Committee Hideki Imai, Co-Chair (University of Tokyo, Japan) Yuliang Zheng, Co-Chair (Monash University, Australia) Chin-Chen Chang (National Chung Cheng University, Taiwan) Yvo Desmedt (University of Wisconsin-Milwaukee, USA) Kwangjo Kim (Information and Communications University, Korea) Markus Jakobsson (Bell Labs, USA) Arjen Lenstra (Citibank, USA) Tsutomu Matsumoto (Yokohama National University, Japan) Eiji Okamoto (JAIST, Japan) Tatsuaki Okamoto (NTT, Japan) Nigel Smart (HP Labs Bristol, UK) Contents A New Type of \Magic Ink" Signatures | Towards Transcript-Irrelevant Anonymity Revocation ................................1 Feng Bao and Robert H. Deng (Kent Ridge Digital Labs, Singapore) A New Aspect of Dual Basis for E(cid:14)cient Field Arithmetic .................12 Chang-Hyi Lee (SAIT, Korea) Jong-In Lim (Korea Uni) On the Security of Random Sources ........................................29 Jean-S(cid:19)ebastien Coron (ENS and Gemplus, France) Anonymous Fingerprinting Based on Committed Oblivious Transfer .........................................................43 Josep Domingo-Ferrer (Uni Rovira i Virgili, Spain) How to Enhance the Security of Public-Key Encryption at Minimum Cost ..............................................53 Eiichiro Fujisaki and Tatsuaki Okamoto (NTT, Japan) Encrypted Message Authentication by Firewalls ............................69 Chandana Gamage, Jussipekka Leiwo and Yuliang Zheng (Monash Uni, Australia) A Relationship between One-Wayness and Correlation Intractability ..................................................82 Satoshi Hada and Toshiaki Tanaka (KDD, Japan) Message Recovery Fair Blind Signature ....................................97 Hyung-Woo Lee and Tai-Yun Kim (Korea Uni) On Quorum Controlled Asymmetric Proxy Re-encryption .................112 Markus Jakobsson (Bell Labs, USA) Mini-Cash: A Minimalistic Approach to E-Commerce .....................122 Markus Jakobsson (Bell Labs, USA) Preserving Privacy in Distributed Delegation with Fast Certi(cid:12)cates .....................................................136 Pekka Nikander (Ericsson, Finland) Yki Kortesniemi and Jonna Partanen (Helsinki Uni of Tech, Finland) Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol ....154 Simon Blake-Wilson (Certicom, Canada) Alfred Menezes (Uni of Waterloo, Canada) Toward Fair International Key Escrow { An Attempt by Distributed Trusted Third Agencies with Threshold Cryptography { ..................171 Shingo Miyazaki (Kyushu Univ, Japan) Ikuko Kuroda (NTT, Japan) Kouichi Sakurai (Kyushu Univ, Japan) How to Copyright a Function ? ...........................................188 David Naccache (Gemplus, France) Adi Shamir (Weizmann Inst of Sci, Israel) Julien P. Stern (UCL, Belgium, and Uni de Paris-Sud, France) On the Security of RSA Screening ........................................197 Jean-S(cid:19)ebastien Coron (ENS and Gemplus, France) David Naccache (Gemplus, France) The E(cid:11)ectiveness of Lattice Attacks Against Low-Exponent RSA .........204 Christophe Coup(cid:19)e (ENS de Lyon, France) Phong Nguyen and Jacques Stern (ENS Paris, France) A Trapdoor Permutation Equivalent to Factoring .........................219 Pascal Paillier (Gemplus and ENST, France) Low-Cost Double-Size Modular Exponentiation or How to Stretch Your Cryptoprocessor ..................................223 Pascal Paillier (Gemplus and ENST, France) Evaluating Di(cid:11)erential Fault Analysis of Unknown Cryptosystems ........235 Pascal Paillier (Gemplus and ENST, France) Removing Interoperability Barriers Between the X.509 and EDIFACT Public Key Infrastructures: The DEDICA Project .............245 Montse Rubia, Juan Carlos Cruellas and Manel Medina (Polytech Uni of Catalonia, Spain) Hash Functions and the MAC Using All-or-Nothing Property .............263 Sang Uk Shin and Kyung Hyune Rhee (PuKyong Nat Uni, Korea) Jae Woo Yoon (ETRI, Korea) Decision Oracles are Equivalent to Matching Oracles ......................276 Helena Handschuh (Gemplus and ENST, France) Yiannis Tsiounis (GTE Labs, USA) Moti Yung (CertCo, USA) Shared Generation of Random Number with Timestamp: How to Cope with the Leakage of the CA’s Secret ........................290 Yuji Watanabe and Hideki Imai (Uni of Tokyo, Japan) Auto-Recoverable Cryptosystems with Faster Initialization and the Escrow Hierarchy ................................................306 Adam Young (Columbia Uni, USA) Moti Yung (CertCo, USA) A Secure Pay-per-View Scheme for Web-Based Video Service .............315 Jianying Zhou (Kent Ridge Digital Labs, Singapore) Kwok-Yan Lam (Nat Uni of Singapore) Author Index ....................................................327