ヨネヤマ カズキ
米山 一樹教授
Kazuki YONEYAMA

■研究者基本情報

組織

  • 工学部 情報工学科
  • 理工学研究科(博士前期課程) 情報工学専攻
  • 理工学研究科(博士後期課程) 社会インフラシステム科学専攻
  • 応用理工学野 情報科学領域

研究分野

  • 情報通信, 情報セキュリティ, 情報セキュリティ

研究キーワード

  • 形式検証
  • 暗号プロトコル

学位

  • 2008年09月 博士(工学)(電気通信大学)
  • 2006年03月 修士(工学)(電気通信大学)

学歴

  • 2006年04月 - 2008年09月, 電気通信大学, 電気通信学研究科, 情報通信工学専攻
  • 2004年04月 - 2006年03月, 電気通信大学, 電気通信学研究科, 情報通信工学専攻
  • 2000年04月 - 2004年03月, 電気通信大学, 電気通信学部, 情報通信工学科

経歴

  • 2024年04月 - 現在, 茨城大学, 学術研究院 応用理工学野 情報科学領域, 教授
  • 2020年04月, 茨城大学, 理工学研究科(工学野)情報科学領域, 教授
  • 2015年04月 - 2020年03月, 茨城大学, 工学部情報工学科, 准教授
  • 2014年07月 - 2015年03月, 日本電信電話株式会社, セキュアプラットフォーム研究所, 研究主任
  • 2012年04月 - 2014年06月, 日本電信電話株式会社, セキュアプラットフォーム研究所, 研究員
  • 2009年04月 - 2012年03月, 日本電信電話株式会社, 情報流通プラットフォーム研究所, 研究員
  • 2008年10月 - 2009年03月, 電気通信大学, 電気通信学研究科, 研究員(学振PD)

■研究活動情報

論文

  • Compact Password Authenticated Key Exchange from Group Actions               
    Ren Ishibashi; Kazuki Yoneyama, ラスト(シニア)オーサー
    ACISP 2023, 2023年07月, [査読有り]
  • ベイズ最適化を用いたデータ・クエリ効率の良いBlack-box Universal Adversarial Attacks               
    由比藤 真; 米山 一樹, ラスト(シニア)オーサー
    情報処理学会論文誌, 2022年12月, [査読有り]
  • Quantum Key Recovery Attacks on 3-Round Feistel-2 Structure without Quantum Encryption Oracles               
    Takanori Daiza; Kazuki Yoneyama, ラスト(シニア)オーサー
    IWSEC 2022, 2022年09月, [査読有り]
  • Query-Efficient Black-box Adversarial Attack with Random Pattern Noises               
    Makoto Yuito; Kenta Suzuki; Kazuki Yoneyama, ラスト(シニア)オーサー
    ICICS 2022, 2022年09月, [査読有り]
  • Post-Quantum Anonymous One-Sided Authenticated Key Exchange without Random Oracles               
    Ren Ishibashi; Kazuki Yoneyama, ラスト(シニア)オーサー
    PKC 2022, 2022年03月, [査読有り]
  • Formal Verification of Fair Exchange based on Bitcoin Smart Contracts               
    Cheng Shi; Kazuki Yoneyama, ラスト(シニア)オーサー
    IEICE Trans. on Fundamentals, 2022年03月, [査読有り]
  • Revocable Hierarchical Identity-Based Authenticated Key Exchange               
    Yuki Okano; Junichi Tomida; Akira Nagai; Kazuki Yoneyama; Atsushi Fujioka and Koutarou Suzuki
    ICISC 2021, 2021年12月, [査読有り]
  • Verification of Group Key Management of IEEE 802.21 using ProVerif               
    Ryoga Noguchi; Yoshikazu Hanatani; Kazuki Yoneyama, ラスト(シニア)オーサー
    APKC2020, 2021年10月, [査読有り]
  • Adaptive-ID Secure Hierarchical ID-Based Authenticated Key Exchange under Standard Assumptions without Random Oracles               
    Ren Ishibashi; Kazuki Yoneyama, ラスト(シニア)オーサー
    ACNS 2021, 2021年06月, [査読有り]
  • Universally Composable Forward Secure Dynamic Searchable Symmetric Encryption               
    Toshiya Shibata; Kazuki Yoneyama, 責任著者
    APKC 2021, 2021年06月, [査読有り]
  • Post-Quantum Variants of ISO/IEC Standards: Compact Chosen Ciphertext Secure Key Encapsulation Mechanism from Isogenies               
    Kazuki Yoneyama
    IEICE Trans. on Fundamentals, 2021年01月, [査読有り]
  • Memory Efficient and Provably Secure Virus Detection               
    Hayami Motohashi; Kazuki Yoneyama, ラスト(シニア)オーサー
    ISITA2020, 2020年10月, [査読有り]
  • Password-based Authenticated Key Exchange without Centralized Trusted Setup               
    筆頭著者
    IEICE Trans. on Fundamentals, 2020年10月, [査読有り]
  • Post-Quantum Variants of ISO/IEC Standards: Compact Chosen Ciphertext Secure Key Encapsulation Mechanism from Isogeny               
    Kazuki Yoneyama
    SSR 2019, 2019年11月, [査読有り]
  • One-Round Authenticated Group Key Exchange from Isogenies
    Atsushi Fujioka; Katsuyuki Takashima; Kazuki Yoneyama
    ProvSec 2019, 2019年10月, [査読有り]
  • Password-based Authenticated Key Exchange from Standard Isogeny Assumptions               
    Shintaro Terada; Kazuki Yoneyama, ラスト(シニア)オーサー
    ProvSec 2019, 2019年10月, [査読有り]
  • Verification of LINE Encryption Version 1.0 using ProVerif               
    Cheng Shi; Kazuki Yoneyama, ラスト(シニア)オーサー
    IEICE Trans. on Information and Systems, 2019年08月, [査読有り]
  • One-Round Authenticated Group Key Exchange from Isogenies
    Atsushi Fujioka; Katsuyuki Takashima; Kazuki Yoneyama, Springer
    ICIAM 2019, 2019年07月, [査読有り], [招待有り]
  • Supersingular Isogeny Diffie-Hellman Authenticated Key Exchange
    Atsushi Fujioka; Katsuyuki Takashima; Shintaro Terada; Kazuki Yoneyama
    ICISC 2018, 2018年12月, [査読有り]
  • Multi-cast key distribution: scalable, dynamic and provably secure construction               
    Kazuki Yoneyama; Reo Yoshida; Yuto Kawahara; Tetsutaro Kobayashi; Hitoshi Fuji; Tomohide Yamamoto, 筆頭著者
    International Journal of Information Security, 2018年10月, [査読有り]
  • Single Private-Key Generator Security Implies Multiple Private-Key Generators Security               
    Atsushi Fujioka; Kazuki Yoneyama, 責任著者
    ProvSec 2018, 2018年10月, [査読有り]
  • Improved Verifiable Delegated Private Set Intersection               
    Shintaro Terada; Kazuki Yoneyama, ラスト(シニア)オーサー
    ISITA 2018, 2018年10月, [査読有り]
  • On Hiding Access Timings in ORAM               
    Yuma Kanai; Kazuki Yoneyama, ラスト(シニア)オーサー
    ISITA 2018, 2018年10月, [査読有り]
  • Verification of LINE Encryption Version 1.0 using ProVerif               
    Cheng Shi; Kazuki Yoneyama, ラスト(シニア)オーサー
    IWSEC 2018, 2018年09月, [査読有り]
  • Exposure-resilient identity-based dynamic multi-cast key distribution
    Kazuki Yoneyama; Reo Yoshida; Yuto Kawahara; Tetsutaro Kobayashi; Hitoshi Fuji; Tomohide Yamamoto, In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services., Institute of Electronics, Information and Communication, Engineers, IEICE
    IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2018年06月, [査読有り]
  • Accumulable optimistic fair exchange from verifiably encrypted homomorphic signatures
    Jae Hong Seo; Keita Emura; Keita Xagawa; Kazuki Yoneyama, 責任著者
    International Journal of Information Security, 2018年03月, [査読有り]
  • Formal modeling of random oracle programmability and verification of signature unforgeability using task-PIOAs
    Kazuki Yoneyama, The task-structured probabilistic I/O automata (task-PIOA) framework provides a method to formulate and to prove the computationally bounded security of non-sequential processing systems in a formal way. Formalizing non-sequential processes for strong adversaries is not easy. Actually, existing security analyses using the task-PIOA framework are for cryptographic protocols (e.g., the EGL oblivious transfer) only against simple adversaries (e.g., honest but curious adversary). For example, there is no case study for digital signature against strong active adversaries (i.e., EUF-CMA) in the task-PIOA framework. In this paper, we propose the first formalization of digital signature against EUF-CMA in the task-PIOA framework. To formalize the non-sequential process of EUF-CMA, we introduce a new technique for the iteration of an identical action in a single session. Using the task-PIOA framework allows us to verify security of signature schemes in the non-sequential scheduling manner. We show the validity and usefulness of our formulation by giving a formal security analysis of the FDH signature scheme. In order to prove the security, we also introduce a method to utilize the power of random oracles. As far as we know, this work is the first case study to clarify usefulness of random oracles in this framework., Springer Verlag
    International Journal of Information Security, 2018年02月, [査読有り]
  • Verifiable and forward secure dynamic searchable symmetric encryption with storage efficiency
    Kazuki Yoneyama; Shogo Kimura, Searchable symmetric encryption (SSE) provides private searching over an encrypted database against an untrusted server. Though various SSE schemes have been studied, recently, it is shown that most of existing schemes are vulnerable to file injection attacks. At ACM CCS 2016, Bost proposed a forward secure SSE scheme to resist such attacks, called Σoϕoς. Besides the basic scheme (Σoϕoς) secure against semi-honest servers, a verifiable scheme (Σoϕoς-ϵ) secure against malicious servers is also introduced. In Σoϕoς-ϵ, each client keeps hash values of indexes of documents corresponding to each keyword. Thus, the client storage cost is higher than for Σoϕoς, and the hash table must be reconstructed when a new document is added. Also, since any security definition and proof of security against malicious servers are not provided, what Σoϕoς-ϵ guarantees against malicious server is unclear. In this paper, we propose a new verifiable and forward secure SSE scheme against malicious servers. An advantage of our scheme to Σoϕoς-ϵ is the client storage cost
    that is, our scheme only needs the same storage cost as Σoϕoς. Our key idea is to bind each index and keyword with a tag generated by an algebraic pseudo-random function, and to store the tag to the server as well as the encrypted index on an update phase. The client can efficiently check validity of answers to search queries by verifying the combined tag thanks to closed form efficiency of the algebraic pseudo-random function
    and thus, the client does not need to keep the hash table. Also, we formally prove security against malicious servers. Specifically, we show that our scheme satisfies the strong reliability definition., Springer Verlag
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018年, [査読有り]
  • On Randomness Exposure Resilience of Group Signatures
    Tomoyoshi Ono; Kazuki Yoneyama, Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im) possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2017年10月, [査読有り]
  • Compact public key encryption without full random oracles
    Kazuki Yoneyama; Goichiro Hanaoka, Achieving shorter ciphertext length under weaker assumptions in chosen-ciphertext (CCA) secure public-key encryption (PKE) is one of the most important research topics in cryptography. However, it is also known that it is hard to construct a CCA-secure PKE whose ciphertext overhead is less than two group elements in the underlying prime-order group under non-interactive assumptions. A naive approach for achieving more compactness than the above bound is to use random oracles (ROs), but the full RO has various ideal properties like programmability. In this paper, we pursue how to achieve compact PKE only with a minimum ideal property of ROs. Specifically, only with observability, we can give three CCA-secure PKE schemes whose ciphertext overhead is less than two group elements. Our schemes are provably secure under standard assumptions such as the CDH and DDH assumptions. This study shows that ideal properties other than observability are not necessary to construct compact PKE beyond the bound. (C) 2016 Elsevier B.V. All rights reserved., ELSEVIER SCIENCE BV
    PERVASIVE AND MOBILE COMPUTING, 2017年10月, [査読有り]
  • Computational soundness of asymmetric bilinear pairing-based protocols
    Kazuki Yoneyama, Asymmetric bilinear maps using Type-3 pairings are known to be advantageous in several points (e.g., the speed and the size of a group element) to symmetric bilinear maps using Type-1 pairings. Kremer and Mazaré introduce a symbolic model to analyze protocols based on bilinear maps, and show that the symbolic model is computationally sound. However, their model only covers symmetric bilinear maps. In this paper, we propose a new symbolic model to capture asymmetric bilinear maps. Our model allows us to analyze security of various protocols based on asymmetric bilinear maps (e.g., Joux's tripartite key exchange, and Scott's client-server ID-based key exchange). Also, we show computational sound-ness of our symbolic model under the decisional bilinear Diffie-Hellman assumption., Institute of Electronics, Information and Communication, Engineers, IEICE
    IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2017年09月, [査読有り]
  • Oblivious Polynomial Evaluation in the Exponent, Revisited
    Naota Itakura; Kaoru Kurosawa; Kazuki Yoneyama, There are two extensions of oblivious polynomial evaluation (OPE), OPEE (oblivious polynomial evaluation in the exponent) and OPEE2. At TCC 2015, Hazay showed two OPEE2 protocols. In this paper, we first show that her first OPEE2 protocol does not run in polynomial time if the computational DH assumption holds. We next present a constant round OPEE protocol under the DDH assumption., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2017年01月, [査読有り]
  • Provably Secure Gateway Threshold Password-Based Authenticated Key Exchange Secure against Undetectable On-Line Dictionary Attack.
    Yukou Kobayashi; Naoto Yanai; Kazuki Yoneyama; Takashi Nishide; Goichiro Hanaoka; Kwangjo Kim; Eiji Okamoto
    IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2017年, [査読有り]
  • One-Round authenticated key exchange without implementation tricks
    Kazuki Yoneyama, Fujioka et al. proposed the first generic construction (FSXY construction) of exposure-resilient authenticated key exchange (AKE) from a key encapsulation mechanism (KEM) without random oracles. However, the FSXY construction implicitly assumes that some intermediate computation result is never exposed though other secret information can be exposed. This is a kind of physical assumption, and an implementation trick (i.e., some on-line computation is executed in a special tamper-proof module) is necessary to achieve the assumption. Such a trick is very costly and may be missed by human errors in implementation. From the viewpoint of the human factor, it is desirable to avoid using complicated implementation tricks. In this paper, we introduce a new generic construction without implementation tricks. Our construction satisfies the same security model as the FSXY construction without increasing communication complexity. Moreover, it has another advantage that the protocol can be executed in one-round while the FSXY construction is a sequential two-move protocol. Our key idea is to use KEM with publickey-independent-ciphertext, which allows parties to be able to generate a ciphertext without depending on encryption keys., Information Processing Society of Japan
    Journal of Information Processing, 2016年01月, [査読有り]
  • UC-Secure Dynamic Searchable Symmetric Encryption Scheme
    Kaoru Kurosawa; Keisuke Sasaki; Kiyohiko Ohta; Kazuki Yoneyama, In a dynamic searchable symmetric encryption (SSE) scheme, a client can add/modify/delete encrypted files. In this paper, we first prove a weak equivalence between the UC security and the stand alone security based on the previous work on static SSE schemes. We next show a more efficient UC secure dynamic SSE scheme than before by replacing the RSA accumulator with XOR-MAC to authenticate the index table., SPRINGER INT PUBLISHING AG
    ADVANCES IN INFORMATION AND COMPUTER SECURITY, IWSEC 2016, 2016年, [査読有り]
  • Security Proof of Identity-based Signature under RSA Assumption, Reconsidered
    Shogo Kimura; Kazuki Yoneyama, No direct security proof of Shamir's identity-based signature (Shamir-IBS) is known, as far as we know. In EU-ROCRYPT2004, Bellare et al. introduce a generic conversion to IRS from standard identification, and the security of the Shamir-IBS is indirectly proved from the RSA assumption with the conversion. However, in the indirect security proof, the gap between advantages of the RSA problem and the scheme may be larger than proving the security directly from the RSA assumption. In this paper, we give a direct security proof of the Shamir-IBS. We show a comparison between reduction costs of the indirect and direct security proofs. As a result, in a practical parameter setting, the direct proof is better than the indirect proof. By improving the reduction cost, the parameter size which is required to achieve the same bit-security is reduced., IEEE
    PROCEEDINGS OF 2016 INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS (ISITA 2016), 2016年, [査読有り]
  • Multi-cast Key Distribution: Scalable, Dynamic and Provably Secure Construction
    Kazuki Yoneyama; Reo Yoshida; Yuto Kawahara; Tetsutaro Kobayashi; Hitoshi Fuji; Tomohide Yamamoto, In this paper, we propose a two-round dynamic multi-cast key distribution (DMKD) protocol under the star topology with a central authentication server. Users can share a common session key without revealing any information of the session key to the server, and can join/leave to/from the group at any time even after establishing the session key. Our protocol is scalable because communication and computation costs of each user are independent from the number of users. Also, our protocol is still secure if either private key or session-specific randomness of a user is exposed. Furthermore, time-based backward secrecy is guaranteed by renewing the session key for every time period even if the session key is exposed. We introduce the first formal security definition for DMKD under the star topology in order to capture such strong exposure resilience and time-based backward secrecy. We prove that our protocol is secure in our security model in the standard model., SPRINGER INT PUBLISHING AG
    PROVABLE SECURITY, (PROVSEC 2016), 2016年, [査読有り]
  • Analyzing and Fixing the QACCE Security of QUIC
    Hideki Sakurada; Kazuki Yoneyama; Yoshikazu Hanatani; Maki Yoshida, QUIC is a secure transport protocol developed by Google. Lychev et al. proposed a security model (QACCE model) to capture the security of QUIC. However, the QACCE model is very complicated, and it is not clear if security requirements for QUIC are appropriately defined. In this paper, we show the first formal analysis result of QUIC using automated security verification tool ProVerif. Our symbolic model formalizes the QACCE model and the specification of QUIC. As the result of the verification, we find three attacks against QUIC in the QACCE model. It means that the Lychev et al.'s security proofs are not correct. We discuss why such attacks occur, and clarify there are unnecessarily strong points in the QACCE model. Finally, we give a way to improve the QACCE model to exactly address the appropriate security requirements., SPRINGER INT PUBLISHING AG
    SECURITY STANDARDISATION RESEARCH, SSR 2016, 2016年, [査読有り]
  • Strongly secure authenticated key exchange from factoring, codes, and lattices
    Atsushi Fujioka; Koutarou Suzuki; Keita Xagawa; Kazuki Yoneyama, An unresolved problem in research on authenticated key exchange (AKE) in the public-key setting is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security proposed by Krawczyk (we call it the model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is secure in the standard model. The construction gives the first secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie-Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as PRF and KEA1. Furthermore, we extend the model to identity-based (called the model), and propose a generic construction of identity-based AKE (ID-AKE) based on identity-based KEM, which satisfies security. The construction leads first strongly secure ID-AKE protocols under the hardness of integer factorization problem, or learning problems with errors., SPRINGER
    DESIGNS CODES AND CRYPTOGRAPHY, 2015年09月, [査読有り]
  • Gateway threshold password-based Authenticated Key Exchange secure against Undetectable On-line Dictionary Attack
    Yukou Kobayashi; Naoto Yanai; Kazuki Yoneyama; Takashi Nishide; Goichiro Hanaoka; Kwangjo Kim; Eiji Okamoto, Password-based Authenticated Key Exchange (PAKE) allows a server to authenticate a user and to establish a session key shared between the server and the user just by having memorable passwords. In PAKE, conventionally the server is assumed to have the authentication functionality and also provide on-line services simultaneously. However, in the real-life applications, this may not be the case, and the authentication server may be separate from on-line service providers. In such a case, there is a problem that a malicious service provider with no authentication functionality may be able to guess the passwords by interacting with other participants repeatedly. Abdalla et al. put forward a notion of the server password protection security to deal with this problem. However, their proposed schemes turned out to be vulnerable to Undetectable On-line Dictionary Attack (UDonDA). To cope with this situation, we propose the Gateway Threshold PAKE provably secure against this password guessing attack by also taking the corruption of authentication servers into consideration., SciTePress
    SECRYPT 2015 - 12th International Conference on Security and Cryptography, Proceedings; Part of 12th International Joint Conference on e-Business and Telecommunications, ICETE 2015, 2015年
  • Compact Authenticated Key Exchange from Bounded CCA-Secure KEM
    Kazuki Yoneyama, How to reduce communication complexity is a common important issue to design cryptographic protocols. This paper focuses on authenticated key exchange (AKE). Several AKE schemes have been studied, which satisfy strong security such as exposure-resilience in the standard model (StdM). However, there is a large gap on communication costs between schemes in the StdM and in the random oracle model. In this paper, we show a generic construction that is significantly compact (i.e., small communication cost) and secure in the StdM. We follow an existing generic construction from key encapsulated mechanism (KEM). Our main technique is to use a bounded chosen-ciphertext secure KEM instead of an ordinary chosen-ciphertext secure KEM. The communication cost can be reduced to half by this technique, and we achieve the most compact AKE scheme in the StdM. Moreover, our construction has instantiations under wider classes of hardness assumptions (e.g., subset-sum problems and multi-variate quadratic systems) than existing constructions. This work pioneers the first meaningful application of bounded chosen-ciphertext secure KEM., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2015年01月, [査読有り]
  • Practical and Exposure-Resilient Hierarchical ID-Based Authenticated Key Exchange without Random Oracles
    Kazuki Yoneyama, ID-based authenticated key exchange (ID-AKE) is a cryptographic tool to establish a common session key between parties with authentication based on their IDs. If IDs contain some hierarchical structure such as an e-mail address, hierarchical ID-AXE (HID-AXE) is especially suitable because of scalability. However, most of existing HID-AKE schemes do not satisfy advanced security properties such as forward secrecy, and the only known strongly secure HID-AKE scheme is inefficient. In this paper, we propose a new HID-AXE scheme which achieves both strong security and efficiency. We prove that our scheme is eCK-secure (which ensures maximal-exposure-resilience including forward secrecy) without random oracles, while existing schemes is proved in the random oracle model. Moreover, the number of messages and pairing operations are independent of the hierarchy depth; that is, really scalable and practical for a large-system., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2014年06月, [査読有り]
  • Exposure-Resilient One-Round Tripartite Key Exchange without Random Oracles
    Koutarou Suzuki; Kazuki Yoneyama, This paper studies Tripartite Key Exchange (3KE) which is a special case of Group Key Exchange. Though general one-round GKE satisfying advanced security properties such as forward secrecy and maximal-exposure-resilience (MEX-resilience) is not known, it can be efficiently constructed with the help of pairings in the 3KE case. In this paper, we introduce the first one-round 3KE which is MEX-resilient in the standard model, though existing one-round 3KE schemes are proved in the random oracle model (ROM), or not MEX-resilient. Each party broadcasts 4 group elements, and executes 14 pairing operations. Complexity is only three or four times larger in computation and communication than the existing most efficient MEX-resilient 3KE scheme in the ROM; thus, our protocol is adequately practical., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2014年06月, [査読有り]
  • One-Round Authenticated Key Exchange with Strong Forward Secrecy in the Standard Model against Constrained Adversary
    Kazuki Yoneyama, Forward secrecy (FS) is a central security requirement of authenticated key exchange (AKE). Especially, strong FS (sFS) is desirable because it can guarantee security against a very realistic attack scenario that an adversary is allowed to be active in the target session. However, most of AKE schemes cannot achieve sFS, and currently known schemes with sFS are only proved in the random oracle model. In this paper, we propose a generic construction of AKE protocol with sFS in the standard model against a constrained adversary. The constraint is that session-specific intermediate computation results (i.e., session state) cannot be revealed to the adversary for achieving sFS, that is shown to be inevitable by Boyd and Gonzalez Nieto. However, our scheme maintains weak FS (wFS) if session state is available to the adversary. Thus, our scheme satisfies one of strongest security definitions, the CK+ model, which includes wFS and session state reveal. The main idea to achieve sFS is to use signcryption KEM while the previous CK+ secure construction uses ordinary KEM. We show a possible instantiation of our construction from Diffie-Hellman problems., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2013年06月, [査読有り]
  • Practical and Exposure-resilient Hierarchical ID-based Authenticated Key Exchange without Random Oracles
    Kazuki Yoneyama, ID-based authenticated key exchange (ID-AKE) is a cryptographic tool to establish a common session key between parties with authentication based on their IDs. If IDs contain some hierarchical structure such as an email address, hierarchical ID-AKE (HID-AKE) is especially suitable because of scalability. However, most of existing HID-AKE schemes do not satisfy advanced security properties such as forward secrecy, and the only known strongly secure HID-AKE scheme is inefficient. In this paper, we propose a new HID-AKE scheme which achieves both strong security and efficiency. We prove that our scheme is eCK-secure (which ensures maximal-exposure-resilience including forward secrecy) without random oracles, while existing schemes is proved in the random oracle model. Moreover, the number of messages and pairing operations are independent of the hierarchy depth; that is, really scalable and practical for a large-system., IEEE
    PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY (SECRYPT 2013), 2013年, [査読有り]
  • id-eCK Secure ID-Based Authenticated Key Exchange on Symmetric and Asymmetric Pairing.
    Atsushi Fujioka; Fumitaka Hoshino; Tetsutaro Kobayashi; Koutarou Suzuki; Berkant Ustaoglu; Kazuki Yoneyama
    IEICE Transactions, 2013年, [査読有り]
  • Exposure-Resilient One-Round Tripartite Key Exchange without Random Oracles.
    Koutarou Suzuki; Kazuki Yoneyama, Springer
    Applied Cryptography and Network Security - 11th International Conference, ACNS 2013, Banff, AB, Canada, June 25-28, 2013. Proceedings, 2013年, [査読有り]
  • Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism.
    Atsushi Fujioka; Koutarou Suzuki; Keita Xagawa; Kazuki Yoneyama, ACM
    8th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '13, Hangzhou, China - May 08 - 10, 2013, 2013年, [査読有り]
  • Strongly Secure Predicate-Based Authenticated Key Exchange: Definition and Constructions.
    Atsushi Fujioka; Koutarou Suzuki; Kazuki Yoneyama
    IEICE Transactions, 2012年, [査読有り]
  • Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices.
    Atsushi Fujioka; Koutarou Suzuki; Keita Xagawa; Kazuki Yoneyama, Springer
    Public Key Cryptography - PKC 2012 - 15th International Conference on Practice and Theory in Public Key Cryptography, Darmstadt, Germany, May 21-23, 2012. Proceedings, 2012年, [査読有り]
  • Security of Practical Cryptosystems Using Merkle-Damng{/aa}rd Hash Function in the Ideal Cipher Model               
    Yusuke Naito; Kazuki Yoneyama; Lei Wang; Kazuo Ohta
    ProvSec2011, 2011年10月, [査読有り]
  • Hierarchical ID-Based Authenticated Key Exchange Resilient to Ephemeral Key Leakage
    Atsushi Fujioka; Koutarou Suzuki; Kazuki Yoneyama, In this paper, the first extended Canetti-Krawzcyk (eCK) security model for hierarchical ID-based authenticated key exchange (AKE) that guarantee resistance to leakage of ephemeral secret keys is proposed. Moreover, an two-pass hierarchical ID-based AKE protocol secure in the proposed hierarchical ID-based eCK security model based on a hierarchical ID-based encryption is also proposed., IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2011年06月, [査読有り]
  • Security of Cryptosystems Using Merkle-Damgard in the Random in the Random Oracle Model
    Yusuke Naito; kazuki Yoneyama; Lei Wang; Kazuo Ohta, Since the Merkle-Damgård hash function (denoted by MDFH) that uses a fixed input length random oracle as a compression function is not indifferentiable from a random oracle (denoted by RO) due to the extension attack, there is no guarantee for the security of cryptosystems, which are secure in the RO model, when RO is instantiated with MDHF. This fact motivates us to establish a criteria methodology for confirming cryptosystems security when RO is instantiated with MDHF. In this paper, we confirm cryptosystems security by using the following approach: 1. Find a weakened random oracle (denoted by WRO) which leaks values needed to realize the extension attack. 2. Prove that MDHF is indifferentiable from WRO. 3. Prove cryptosystems security in the WRO model. The indifferentiability framework of Maurer, Renner and Holenstein guarantees that we can securely use the cryptosystem when WRO is instantiated with MDHF. Thus we concentrate on such finding WRO. We propose Traceable Random Oracle (denoted by TRO) which leaks values enough to permit the extension attack. By using TRO, we can easily confirm the security of OAEP encryption scheme and variants of OAEP encryption scheme. However, there are several practical cryptosystems whose security cannot be confirmed by TRO (e.g. RSA-KEM). This is because TRO leaks values that are irrelevant to the extension attack. Therefore, we propose another WRO, Extension Attack Simulatable Random Oracle (denoted by ERO), which leaks just the value needed for the extension attack. Fortunately, ERO is necessary and sufficient to confirm the security of cryptosystems under MDHF. This means that the security of any cryptosystem under MDHF is equivalent to that under the ERO model. We prove that RSA-KEM is secure in the ERO model., The Institute of Electronics, Information and Communication Engineers
    IEICE Trans. Fundamentals of Electronics,Communications and Computer Sciences, 2011年01月
  • Universally Composable NBAC-Based Fair Voucher Exchange for Mobile Environments
    Kazuki Yoneyama; Masayuki Terada; Sadayuki Hongo; Kazuo Ohta
    IEICE Trans. Fandmentals, 2011年01月, [査読有り]
  • Proxiable Designated Verifier Signature               
    Mebae Ushida; Yutaka Kawai; Kazuki Yoneyama; Kazuo Ohta, Information Processing Society of Japan
    Journal of Information Processing, 2011年, [査読有り]
  • Rigorous Security Requirements for Designated Verifier Signatures               
    Kazuki Yoneyama; Mebae Ushida; Kazuo Ohta
    Inscrypt 2010, 2010年10月, [査読有り]
  • Proxiable Designated Verifier Signature. SECRYPT 2010: 344-353               
    Mebae Ushida; Kazuo Ohta; Yutaka Kawai; Kazuki Yoneyama, The International Joint Conference on e-Business and Telecommunications.
    SECRYPT 2010, 2010年07月, [査読有り]
  • Strongly Secure Two-Pass Attribute-Based Authenticated Key Exchange
    Kazuki Yoneyama, In this paper, we present a two-party attribute-based authenticated key exchange scheme secure in the stronger security model than the previous models. Our strong security model is a natural extension of the eCK model, which is for PKI-based authenticated key exchange, into the attribute-based setting. We prove the security of our scheme under the gap Bilinear Diffie-Hellman assumption. Moreover, while the previous scheme needs the three-pass interaction between parties, our scheme needs only the two-pass interaction. In a practical sense, we can use any string as an attribute in our scheme because the setup algorithm of our scheme does not depend on the number of attribute candidates (i.e., the setup algorithm outputs constant size parameters)., SPRINGER-VERLAG BERLIN
    PAIRING-BASED CRYPTOGRAPHY-PAIRING 2010, 2010年, [査読有り]
  • Hierarchical ID-Based Authenticated Key Exchange Resilient to Ephemeral Key Leakage.
    Atsushi Fujioka; Koutarou Suzuki; Kazuki Yoneyama, Springer
    Advances in Information and Computer Security - 5th International Workshop on Security, IWSEC 2010, Kobe, Japan, November 22-24, 2010. Proceedings, 2010年, [査読有り]
  • Predicate-Based Authenticated Key Exchange Resilient to Ephemeral Key Leakage.
    Atsushi Fujioka; Koutarou Suzuki; Kazuki Yoneyama, Springer
    Information Security Applications - 11th International Workshop, WISA 2010, Jeju Island, Korea, August 24-26, 2010, Revised Selected Papers, 2010年, [査読有り]
  • Leaky Random Oracle               
    Kazuki Yoneyama; Satoshi Miyagawa; Kazuo Ohta
    IEICE Transactions on Fundamentals of Electronics, Communications and Vomputer Sciences, 2009年08月
  • Secret Handshake: Strong Anonymity Definition and Construction,               
    Yutaka Kawai; Kazuki Yoneyama; Kazuo Ohta
    ISPEC 2009, 2009年04月
  • Attribute-Based Encryption with Partially Hidden Ciphertext Policies               
    Takashi Nishide; Kazuki Yoneyama; Kazuo Ohta
    IEICE Trans. on Fundamentals, 2009年01月
  • Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition under DDH Assumption               
    Shotaro Tanno; Kazuki Yoneyama; Yutaka Kawai; Noboru Kunihiro; Kazuo Ohta
    TriSAI 2008, 2008年10月
  • Leaky Random Oracle
    Kazuki Yoneyama; Satoshi Miyagawa; Kazuo Ohta, Springer
    ProvSec2008, 2008年10月
  • Efficient and Strongly Secure Password-Based Server Aided Key Exchange
    Kazuki Yoneyama, In ACNS'06, Cliff et al. proposed the password-based server aided key exchange (PSAKE) as one of password-based authenticated key exchanges in the three-party setting (3-party PAKE) in which two clients with different passwords exchange a session key by the help of their corresponding server. Though they also studied a strong security definition of 3-party PAKE, their security model is not strong enough because there are desirable security properties which cannot be captured. In this paper, we define a new formal security model of 3-party PAKE which is stronger than the previous model. Our model captures all known desirable security requirements of 3-party PAKE, like resistance to key-compromise impersonation, to leakage of ephemeral private keys of servers and to undetectable on-line dictionary attack. Also, we propose a new scheme as an improvement of PSAKE with the optimal number of rounds for a client, which is secure in the sense of our model., SPRINGER-VERLAG BERLIN
    PROGRESS IN CRYPTOLOGY - INDOCRYPT 2008, 2008年, [査読有り]
  • Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures
    Takashi Nishide; Kazuki Yoneyama; Kazuo Ohta, Springer-verlag
    ACNS2008, 2008年
  • Secure Cross-Realm Client-to-Client Password-based Key Exchange against Undetectable On-line Dictionary Attacks               
    Kazuki Yoneyama; Haruki Ota; Kazuo Ohta
    2007年12月, [査読有り]
  • A Security Analysis on Diffie-Hellman Key Exchange against Adaptive Adversaries using Task-Structured PIOA               
    Kazuki Yoneyama; Yuichi Kokubun; Kazuo Ohta
    FCS-ARSPA2007, 2007年07月, [査読有り]
  • Modeling Agreement Problems in the Universal Composability Framework.
    Masayuki Terada; Kazuki Yoneyama; Sadayuki Hongo; Kazuo Ohta, Springer
    Information and Communications Security(ICICS), 2007年
  • Unversally Composable Hierarchical Hybrid Authenticated Key Excange               
    Haruki Ota; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
    IEICE Transactions, 2007年01月, [査読有り]
  • Ring Signatures: Universally Composable Definitions and Constructions               
    Kazuki Yoneyama; Kazuo Ohta
    情報処理学会論文誌, 2007年, [査読有り]
  • Universally Composable Client-to-Client General Authenticated Key Exchange               
    Haruki Ota; Kazuki Yoneyama; Shinsaku Kiyomoto; Toshiaki Tanaka; Kazuo Ohta
    情報処理学会論文誌, 2007年, [査読有り]
  • Probabilistic Metering Scheme               
    Kazuki Yoneyama; Noboru Kunihiro; Kazuo Ohta
    IEEE Mexican Conference on Informatics Security MCIS2006, 2006年11月, [査読有り]
  • Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares
    Mitsugu Iwamoto; Lei Wang; Kazuki Yoneyama; Noboru Kunihiro; Kazuo Ohta
    IEICE Transactons, 2006年05月, [査読有り]
  • Universally Composable Ring Signature
    Kazuki Yoneyama; Yoshikazu Hanatani; Santoso Bagus; Kazuo Ohta
    Proc. of IWSEC2006, 2006年, [査読有り]
  • Non-linear Function Ramp Scheme               
    Kazuki Yoneyama; Noboru Kunihiro; Bagus Santoso; Kazuo Ohta
    ISITA, 2004年, [査読有り]

MISC

書籍等出版物

  • "I/O オートマトン" 「日本応用数理学会 監修/薩摩順吉・大石進一・杉原正顕(編), 応用数理ハンドブック」第16-6章               
    米山 一樹, 共著
    2013年11月
  • "タスク構造確率I/O オートマトンを用いた安全性証明"「萩谷昌己・塚田恭章(編), 数理的技法による情報セキュリティ(シリーズ応用数理)」第5章               
    米山 一樹; 太田 和夫, 共著
    2010年07月

講演・口頭発表等

  • 数理的技法による情報セキュリティの最近の研究動向               
    中林 美郷; 吉田 真紀; 花谷 嘉一; 山本 光晴; 米山 一樹
    日本応用数理学会2022年度研究部会連合発表会, 2023年03月
  • FIDO2の形式化の再考と複数モードの検証への拡張               
    佐藤 瑞己; 米山 一樹
    日本応用数理学会2022年度研究部会連合発表会, 2023年03月
  • ベイズ最適化を用いたデータ・クエリ効率の良いBlack-box Universal Adversarial Attacks               
    由比藤 真; 米山 一樹
    電子情報通信学会技術研究報告, 2023年03月, [招待有り]
  • コンパクトな同種写像ベースパスワード認証鍵交換               
    石橋 錬; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2023年01月
  • 標準モデルでtight安全なIDベース認証鍵交換に向けて               
    三田 拓夢; 石橋 錬; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2023年01月
  • Stateful Detectionに対するラベルのみメンバーシップ推定攻撃               
    鈴木 健太; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2023年01月
  • 単一局を想定した時限式IDベース暗号についての考察               
    宮永 英和; 藤岡 淳; 佐々木 太良; 永井 彰; 上野 真奈; 鈴木 幸太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2023年01月
  • ProVerifによるQi Authenticationの形式検証               
    藤田 和弘; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2023年01月
  • x^{-1}-Poseidon^\piに対する代数攻撃の評価               
    大井 脩平; 米山 一樹; 品川 和雅
    暗号と情報セキュリティシンポジウム, 2023年01月
  • 短期秘密鍵漏洩耐性を持つIoT向け耐量子認証鍵交換               
    石橋 錬; 米山 一樹
    コンピュータセキュリティシンポジウム, 2022年10月
  • 標準モデル安全な耐量子一方向匿名認証鍵交換 (from PKC 2022)               
    石橋 錬; 米山 一樹
    電子情報通信学会技術研究報告, 2022年05月, [招待有り]
  • 同種写像問題に基づく耐量子決定的ウォレット               
    ムハマド ウスマーン; 米山 一樹
    電子情報通信学会技術研究報告, 2022年03月
  • Reduced SHA-256とSHA-512に対する量子衝突攻撃における量子ビット数の削減               
    福村 春樹; 米山 一樹
    電子情報通信学会技術研究報告, 2022年03月
  • Bernstein-Vazirani量子アルゴリズムに基づくランダムブール関数の隠れシフト問題の求解について               
    八藤後 彬; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2022年01月
  • 復号制御付IDベース暗号の安全性に関する考察               
    宮永 英和; 藤岡 淳; 佐々木 太良; 岡野 裕樹; 永井 彰; 鈴木 幸太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2022年01月
  • 状態更新を含むプロトコルに対するTamarin Proverを用いたリプレイ攻撃の検証に向けて               
    佐藤 瑞己; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2022年01月
  • Malicious Private Key Generators in Identity-Based Authenticated Key Exchange               
    Kazuma Wariki; Atsushi Fujioka; Taroh Sasaki; Kazuki Yoneyama; Yuki Okano; Akira Nagai; Koutarou Suzuki
    暗号と情報セキュリティシンポジウム, 2022年01月
  • 強フォワード秘匿性を満たす匿名一方向認証鍵交換               
    石橋 錬; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2022年01月
  • ベイズ最適化を用いたデータ・クエリ効率の良いBlack-box Universal Adversarial Attacks               
    由比藤 真; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2022年01月
  • 復号制御付IDベース暗号の安全性に関する考察               
    宮永 英和; 藤岡 淳; 佐々木 太良; 岡野 裕樹; 鈴木 幸太郎; 米山 一樹
    電子情報通信学会技術研究報告, 2021年11月
  • 3ラウンドFeistel暗号に対するGroverのアルゴリズムを用いた効率的な鍵回復攻撃               
    台座 崇規; 米山 一樹
    コンピュータセキュリティシンポジウム, 2021年10月
  • 標準モデル安全な耐量子一方向匿名認証鍵交換               
    石橋 錬; 米山 一樹
    コンピュータセキュリティシンポジウム, 2021年10月
  • 一般化Merkle-Damgård構造に対する計算機支援証明               
    福留 直宙; 米山 一樹
    日本応用数理学会年会, 2021年09月
  • 事後参照可能なクラウド保存データのエンドツーエンド暗号化とその構成例               
    村上 啓造; 米山 一樹; 岡野 裕樹; 吉田 麗生; 小林 鉄太郎
    暗号と情報セキュリティシンポジウム, 2021年01月
  • ランダムパターンノイズを用いたブラックボックスAdversarial Examples攻撃               
    由比藤 真; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2021年01月
  • ステートフル検知手法のソフトラベル型Black-box攻撃に対する性能評価               
    下條道 皐太; 由比藤 真; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2021年01月
  • 複数デバイスでのIDベース暗号の利用に関する考察               
    宮永 英和; 藤岡 淳; 佐々木 太良; 岡野 裕樹; 永井 彰; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2021年01月
  • 失効可能な階層型IDベース認証鍵交換の安全性モデルと構成について               
    岡野 裕樹; 米山 一樹; 藤岡 淳; 永井 彰
    暗号と情報セキュリティシンポジウム, 2021年01月
  • 標準的仮定に基づく標準モデルで適応的ID安全な階層型IDベース認証鍵交換               
    石橋 錬; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2021年01月
  • DeepSecを用いたGroup Domain of Interpretationプロトコルの識別不可能性の検証               
    野口 凌雅; 花谷 嘉一; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2021年01月
  • Bernstein-Vazirani量子アルゴリズムに基づく周期発見を用いた3ラウンドFeistel暗号に対する量子識別攻撃とその検証               
    八藤後 彬; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2021年01月
  • DeepSecを用いた可換性をもつ関数の形式化               
    野口 凌雅; 米山 一樹
    日本応用数理学会2020年度年会, 2020年09月
  • アニーリング計算を用いたAESの差分特性探索に向けて               
    平野 遥; 垣本 修吾; 米山 一樹; 山口 純平
    電子情報通信学会技術研究報告, 2020年03月
  • 動的検索可能暗号におけるフォワード安全性のUC定義について               
    柴田 敏弥、米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • セキュアチャネルフリー分散ORAM               
    金井 佑篤、米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • Verification of Zero Knowledge Contingent Payment using ProVerif               
    Cheng Shi; Kazuki Yoneyama
    暗号と情報セキュリティシンポジウム, 2020年01月
  • 茨城大学におけるダークネット宛通信のハニーポットによる分析と比較               
    戸谷 信暁、米山 一樹、大瀧 保広、山本 一幸、西原 忠史
    暗号と情報セキュリティシンポジウム, 2020年01月
  • EasyCrypt1.0によるMerkle-Damgardハッシュの計算機支援証明               
    福留 直宙、米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • Black-box攻撃における決定的Adversarial Examples生成手法の拡張と比較               
    由比藤 真、米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • ProVerifによるGroup Domain of Interpretationプロトコルの検証               
    野口 凌雅; 花谷 嘉一; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • IDベース非同期多者間鍵交換               
    中林 美郷; 小林 鉄太郎; 村上 啓造; 岡野 裕樹; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • 証明書不要非同期グループ鍵交換プロトコル               
    岡野 裕樹; 小林 鉄太郎; 村上 啓造; 中林 美郷; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2020年01月
  • メモリ効率の良い証明可能安全なウィルス検出方式               
    元橋 颯充; 米山 一樹
    コンピュータセキュリティシンポジウム, 2019年10月
  • 状態の更新を含むプロトコルの形式化の検討               
    野口 凌雅; 花谷 嘉一; 米山 一樹
    日本応用数理学会2019年度年会, 2019年09月
  • ICカードとリーダ/ライタ間の認証プロトコルにおける認証再利用と暗号理論的安全性モデルの関係               
    勝野 凌介; 米山 一樹
    電子情報通信学会技術研究報告, 2019年03月
  • 検証可能委譲秘匿ビット比較演算               
    白井 直輝; 米山 一樹
    電子情報通信学会技術研究報告, 2019年03月
  • UC安全動的検索可能暗号の拡張とフォワード安全性について               
    柴田 敏弥; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • 複数のファイルアクセス可能なORAM               
    金井 佑篤; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • グループ鍵交換プロトコルにおける長期秘密鍵漏洩後の後方鍵の安全性について               
    松井 政裕; 岡野 裕樹; 村上 啓造; 小林 鉄太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • 同種写像を用いた1ラウンド認証グループ鍵共有               
    藤岡 淳; 高島 克幸; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • CSIDHに基づくパスワードベース認証鍵交換               
    寺田 槙太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • ProVerifによるHEMSにおけるグループ鍵管理の検証               
    野口 凌雅; 花谷 嘉一; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • ProVerifによるスマートコントラクト決済委託プロトコルの公平性の検証               
    師 成; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2019年01月
  • シグマプロトコルの合成における複製可能性について               
    安藤 毅宙; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • 同種写像に基づくUnified Model認証鍵交換プロトコル               
    寺田 槙太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • ORAMにおけるアクセスタイミングの秘匿について               
    金井 佑篤; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • 通信のメタデータを漏らさないグループ鍵交換               
    小林 鉄太郎; 米山 一樹; 吉田 麗生; 川原 祐人; 山本 具英; 冨士 仁
    暗号と情報セキュリティシンポジウム, 2018年01月
  • 非対話参加可能なIDベース動的多者鍵配布プロトコルの提案とその実装評価               
    吉田 麗生; 米山 一樹; 川原 祐人; 小林 鉄太郎; 冨士 仁; 山本 具英; 岡野 裕樹; 奥田 哲矢
    暗号と情報セキュリティシンポジウム, 2018年01月
  • 長期秘密鍵漏洩時の動的多者鍵配布プロトコルにおける後方鍵の安全性について               
    松井 政裕; 岡野 裕樹; 吉田 麗生; 小林 鉄太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • ビジネスチャットにおけるエンドツーエンド暗号化を実現するためのグループメッセージングプロトコルの提案               
    岡野 裕樹; 小林 鉄太郎; 西巻 陵; 吉田 麗生; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • 検証可能フォワード安全動的検索可能暗号の改良               
    木村 翔吾; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • LINE Encryption Version 1.0のProVerifによる検証               
    師 成; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2018年01月
  • セキュアビジネスチャットにおけるIDに基づくスケーラブルな動的多者鍵配布プロトコル               
    小林 鉄太郎; 米山 一樹; 吉田 麗生; 川原 祐人; 冨士 仁
    暗号と情報セキュリティシンポジウム, 2017年01月
  • クライアント間の通信なしで安全な検証可能委譲秘匿共通集合演算               
    寺田 槙太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2017年01月
  • 秘匿ブルームフィルタープロトコルの拡張               
    田中 諒太; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2017年01月
  • ストレージ効率のよい検証可能フォワード安全動的検索可能暗号               
    木村 翔吾; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2017年01月
  • A Note on Using Sigma Protocols in Cryptographic Protocols               
    Hideki Sakurada; Kazuki Yoneyama; Yoshikazu Hanatani; Maki Yoshida
    日本応用数理学会2016年度年会, 2016年09月
  • セキュリティプロトコル安全性検証の理想と現実               
    米山 一樹
    CRYPTRECシンポジウム2016, 2016年06月, [招待有り]
  • スケーラブルな動的多者鍵配布プロトコル               
    小林 鉄太郎; 米山 一樹; 吉田 麗生; 川原 祐人; 冨士 仁; 山本 具英
    暗号と情報セキュリティシンポジウム, 2016年01月
  • 冪の上での紛失多項式計算の再考               
    板倉 直人; 黒澤 馨; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2016年01月
  • RSA問題に基づくIDベース署名における安全性証明の再考               
    木村 翔吾; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2016年01月
  • UC安全性を満たす効率的で動的な検索可能暗号               
    黒澤 馨; 佐々木 圭佑; 太田 清比古; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2016年01月
  • 乱数暴露に対しても匿名性を保つグループ署名               
    小野 智義; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2016年01月
  • TLSへのLogjam攻撃のProVerifによる形式化と検出               
    木村 文哉; 吉田 真紀; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2016年01月
  • 形式検証に向けたQUICの安全性定義の検討               
    櫻田 英樹; 米山 一樹; 花谷 嘉一; 吉田 真紀
    日本応用数理学会2015年度年会, 2015年09月
  • UCコミットメントの形式検証による厳密な仮定の導出に向けて               
    櫻田 英樹; 米山 一樹; 花谷 嘉一; 吉田 真紀
    暗号と情報セキュリティシンポジウム, 2015年01月
  • PKIベースからIDベース認証鍵交換への一般的変換法               
    鈴木 幸太郎; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2015年01月
  • 検証可能暗号化準同型署名               
    Jae Hong Seo; 江村 恵太; 草川 恵太; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2015年01月
  • ツケ払いに適した楽観的公平交換               
    Jae Hong Seo; 江村 恵太; 草川 恵太; 米山 一樹
    暗号と情報セキュリティシンポジウム, 2015年01月
  • チュートリアル:暗号プロトコルの結合可能安全性とその形式検証               
    米山 一樹
    日本応用数理学会2014年度年会, 2014年09月, [招待有り]
  • 国際会議 ASIACRYPT2013 参加報告               
    米山 一樹
    電子情報通信学会技術研究報告, 2014年05月

共同研究・競争的資金等の研究課題