An authentication code (A-code) is a two-party message authentication code in the information-theoretic security setting. One of the variants of A-codes is a multi-receiver authentication code (MRA-code), where there are a single sender and multiple receivers and the sender can create a single authenticator so that all receivers accepts it unless it is maliciously modified. In this paper, we introduce a multi-designated receiver authentication code (MDRA-code) with information-theoretic security as an extension of MRA-codes. The purpose of MDRA-codes is to securely transmit a message via a broadcast channel from a single sender to an arbitrary subset of multiple receivers that have been designated by the sender, and only the receivers in the subset (i.e., not all receivers) should accept the message if an adversary is absent. This paper proposes a model and security formalization of MDRA-codes, and provides constructions of MDRA-codes.

An (≤n,≤ω)-one-time secure broadcast encryption scheme (BES) allows a sender to choose any subset of receivers so that only the designated users can decrypt a ciphertext. In this paper, we first show an efficient construction of an (≤n,≤ω)-one-time secure BES with general ciphertext sizes. Specifically, we propose a generic construction of an (≤n,≤ω)-one-time secure BES from key predistribution systems (KPSs) when its ciphertext size is equal to integer multiple of the plaintext size, and our construction includes all known constructions. However, there are many possible combinations of the KPSs to realize the BES in our construction methodology, and therefore, we show that which combination is the best one in the sense that secret-key size can be minimized. Our (optimized) construction provides a flexible parameter setup (i.e. we can adjust the secret-key sizes) by setting arbitrary ciphertext sizes based on restrictions on channels such as channel capacity and channel bandwidth.

We study the use of the additive white Gaussian noise channel to achieve a cryptographic primitive that is important in secure multiparty computation. A protocol for unconditionally secure oblivious transfer is presented. We show that channel input alphabets with a certain algebraic structure and their partitions are useful in achieving the requirements on the primitive. Signal design for a protocol with high information rate is discussed.

We consider the use of the additive white Gaussian noise channel to achieve information theoretically secure oblivious transfer. A protocol for this primitive that ensures the correctness and privacy for players is presented together with the signal design. We also study the information theoretic efficiency of the protocol, and some more practical issues where the parameter of the channel is unknown to the players.

Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant.

We consider the problem of secret key agreement in Gaussian Maurer's Model. In Gaussian Maurer's model, legitimate receivers, Alice and Bob, and a wire-tapper, Eve, receive signals randomly generated by a satellite through three independent memoryless Gaussian channels respectively. Then Alice and Bob generate a common secret key from their received signals. In this model, we propose a protocol for generating a common secret key by using the result of soft-decision of Alice and Bob's received signals. Then, we calculate a lower bound on the secret key rate in our proposed protocol. As a result of comparison with the protocol that only uses hard-decision, we found that the higher rate is obtained by using our protocol.

It is known that perfectly secure (1-round, n-channel) message transmission (MT) schemes exist if and only if n ≥ 3t+1, where t is the number of channels that the adversary can corrupt. Then does there exist an almost secure MT scheme for n=2t+1 ? In this paper, we first sum up a number flaws of the previous almost secure MT scheme presented at Crypto 2004. We next show an equivalence between almost secure MT schemes and secret sharing schemes with cheaters. By using our equivalence, we derive a lower bound on the communication complexity of almost secure MT schemes. Finally, we present a near optimum scheme which meets our bound approximately. This is the first construction of provably secure almost secure (1-round, n-channel) MT schemes for n=2t+1.

We have introduced the first electronic cash scheme with unconditional security. That is, even malicious users with unlimited computational ability cannot forge a coin and cannot change user's identity secretly embedded in each coin. While, the spender's anonymity is preserved by our new blind signature scheme based on unconditionally secure signature proposed in [7]. But the anonymity is preserved only computationally under the assumption that Decisional Diffie-Hellman Problem is intractable.