Although a great deal of research has been done on electronic cash schemes with blind multisignatures to prevent an insider attack, there is no discussion of a formal security model in the literature. Firstly we discussed the security model of e-cash schemes based on the blind multisignature scheme against a (restricted) attack model and proposed a concrete scheme proven to be secure in the mod...

Why do we care about random oracles? It goes back to computability theory. Many results including halting problems, R vs RE, and etc., were based on black-box simulations and the existence of universal machine. This includes clever methods such as diagonalization. People thought that the same technique would work for complexity theory, for example, P versus NP problem. An oracle machine is a Tu...

The celebrated work of Barak et al. (Crypto’01) ruled out the possibility of virtual blackbox (VBB) obfuscation for general circuits. The recent work of Canetti, Kalai, and Paneth (TCC’15) extended this impossibility to the random oracle model as well assuming the existence of trapdoor permutations (TDPs). On the other hand, the works of Barak et al. (Crypto’14) and Brakerski-Rothblum (TCC’14) ...

The Pintsov-Vanstone signature scheme with partial message recovery (PVSSR) is a variant of the Schnorr and Nyberg-Rueppel signature schemes. It produces very short signatures on messages with intrinsic redundancy. At 80 bits of security, cryptographic overhead (message expansion) ranges from 20 to 30 bytes, depending on the amount of intrinsic redundancy in the message being signed. (In compar...

Abstract. In a continuous time random walk (CTRW), a random waiting time precedes each random jump. The CTRW model is useful in physics, to model diffusing particles. Its scaling limit is a time-changed process, whose densities solve an anomalous diffusion equation. Some applications require the anticipating version, an oracle continuous time random walk (OCTRW), where the next jump after any g...

The oracle identification problem (OIP) is, given a set S of M Boolean oracles out of 2 ones, to determine which oracle in S is the current black-box oracle. We can exploit the information that candidates of the current oracle is restricted to S. The OIP contains several concrete problems such as the original Grover search and the Bernstein-Vazirani problem. Our interest is in the quantum query...

The definition of oracles is a significant part of model transformation testing. The tester has to ensure their quality. Mutation analysis that can be used to qualify test oracles is an expensive task which is also dependent on the transformation under test’s implementation. In this paper we propose to use the coverage of the transformation’s output meta-model by the oracles as an alternative t...

We prove that the class NP has Co-NP-immune sets relative to a random oracle. Moreover, we prove that, relative to a random oracle, there are L 2 P and NP-set L 1 L such that L 1 is Co-NP-immune and L n L 1 is NP-immune. The second theorem implies the theorem in 4] that Co-NP has NP-immune sets relative to a random oracle.

Key-insulated cryptography is a crucial technique for protecting private keys. To strengthen the security of key-insulated protocols, Hanaoka, Hanaoka and Imai recently introduced the idea of parallel key-insulated encryption (PKIE) where distinct physically-secure devices (called helpers) are independently used in key updates. Their motivation was to reduce the risk of exposure for helpers by ...

We can only test software effectively if we understand how it is intended to behave. For some categories of programs, such as scientific models, it is not obvious what the output of the software should be. New techniques are needed to help domain experts, such as scientists, gather the knowledge they need to construct suitable tests and oracles. This paper introduces a new interactive tool for ...