The primitive called public key encryption with non-interactive opening (PKENO) is a class of public key encryption (PKE) with additional functionality. By using this, a receiver of a ciphertext can prove that the ciphertext is an encryption of a specified message in a publicly verifiable manner. In some situation that a receiver needs to claim that a ciphertext is NOT decrypted to a specified message, if he/she proves the fact by using PKENO straightforwardly, the real message of the ciphertext is revealed and a verifier checks that it is different from the specified message about which the receiver wants to prove. However, this naive solution is problematic in terms of privacy. Inspired by this problem, we propose the notion of disavowable public key encryption with non-interactive opening (disavowable PKENO) where, with respect to a ciphertext and a message, the receiver of the ciphertext can issue a proof that the plaintext of the ciphertext is NOT the message. Also, we give a concrete construction. Specifically, a disavowal proof in our scheme consists of 61 group elements. The proposed disavowable PKENO scheme is provably secure in the standard model under the decisional linear assumption and strong unforgeability of the underlying one-time signature scheme.

At EUROCRYPT 2012, Libert, Peters and Yung (LPY) proposed the first scalable revocable group signature (R-GS) scheme in the standard model which achieves constant signing/verification costs and other costs regarding signers are at most logarithmic in N, where N is the maximum number of group members. However, although the LPY R-GS scheme is asymptotically quite efficient, this scheme is not sufficiently efficient in practice. For example, the signature size of the LPY scheme is roughly 10 times larger than that of an RSA signature (for 160-bit security). In this paper, we propose a compact R-GS scheme secure in the random oracle model that is efficient not only in the asymptotic sense but also in practical parameter settings. We achieve the same efficiency as the LPY scheme in an asymptotic sense, and the signature size is nearly equal to that of an RSA signature (for 160-bit security). It is particularly worth noting that our R-GS scheme has the smallest signature size compared to those of previous R-GS schemes which enable constant signing/verification costs. Our technique, which we call parallel Boneh-Boyen-Shacham group signature technique, helps to construct an R-GS scheme without following the technique used in LPY, i.e., we directly apply the Naor-Naor-Lotspiech framework without using any identity-based encryption.

Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of a signature. In this paper, we propose the notion of deniable group signatures, where the authority can issue a proof showing that the specified user is NOT the signer of a signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.

Wireless medical telemetry service (WMTS) is an important wireless communication system in healthcare facilities. Recently, the potential for electromagnetic interference by noise emitted by switching regulators installed in light-emitting diode (LED) lamps has been a serious problem. In this study, we evaluated the characteristics of the electromagnetic noise emitted from LED lamps and its effect on WMTS. Switching regulators generally emit wide band impulsive noise whose bandwidth reaches 400MHz in some instances owing to the switching operation, but this impulsive nature is difficult to identify in the reception of WMTS because the bandwidth of WMTS is much narrower than that of electromagnetic noise. Gaussian approximation (GA) can be adopted for band-limited electromagnetic noise whose characteristics have no repetitive variation. On the other hand, GA with the impulsive correction factor (ICF) can be adopted for band-limited electromagnetic noise that has repetitive variation. We investigate the minimum receiver sensitivity of WMTS for it to be affected by electromagnetic noise emitted from LED lamps. The required carrier-to-noise power ratio (CNR) of Gaussian noise and electromagnetic noise for which GA can be adopted was approximately 15dB, but the electromagnetic noise for which GA with the ICF can be adopted was 3 to 4dB worse. Moreover, the spatial distribution of electromagnetic noise surrounding an LED lamp installation was measured. Finally, we roughly estimated the offset distance between the receiving antenna of WMTS and LED lamps when a WMTS signal of a certain level was added in a clinical setting using our experimental result for the required CNR.