In this paper, we propose a rational m-out-of-n secret sharing scheme, a dealer wishes to entrust a secret with a group of n players such that any subset of m or more players can reconstruct the secret, but a subset of less than m players cannot learn anything about the secret. The reconstruction protocol of our scheme is fair and stable in the rational settings, allowing all players to obtain the designated secret. Our scheme is based on RSA-OAEP with the distributed decryption. The security of our scheme relies on a computational assumption and uses the random oracles. The size of each share in our scheme is independent of the utility function and the computation cost of the reconstruction protocol is constant. Moreover, our scheme prevents the attacks with at most m-1 coalitions.

This paper proposes a novel secure biometric authentication scheme. The scheme deals with fingerprint minutiae as the biometric feature and the matching is checked by a widely used technique. To discuss security, we formalize the model of secure biometric authentication scheme by abstracting the related and proposed schemes. The schemes which satisfy all the proposed security requirements are guaranteed to prevent leakage of biometric information and impersonation. In particular, the definition captures well-known and practical attacks including replay attacks and hill-climbing attacks. We prove that the proposed scheme achieves all the requirements if the additive homomorphic encryption scheme used in the scheme satisfies some additional properties. As far as we know, the proposed scheme is the first one that satisfies all the requirements. Also, we show that modified Elgamal cryptosystem satisfies all the properties under the decisional Diffie-Hellman assumption.

We suggest to use short secret keys in the anonymous group identification scheme proposed by Lee, Deng, and Zhu and prove that this scheme is secure under the discrete logarithm with short exponents assumption that solving the discrete logarithm problem modulo an n-bit prime p is hard even when the exponent is a small c-bit number. We show that the communication and the computation costs are lower than those of the Lee-Deng-Zhu scheme.