Cryptography has become one of the most important fields in information technology. With cryptography it is possible to construct many security protocols that become the basic infrastructure for secure communications such as SSL and IPsec.

These security protocols provide us with different security applications such as secure payment systems, secure IP Networks, and secure mobile networks. Two necessary concepts for these attractive paradigms are public-key cryptosystems and digital signatures. Without them we would not be able to accomplish the mentioned lucrative applications. The security of these concepts is underpinned by difficult mathematical problems, e.g., a factoring problem, a discrete logarithm problem over elliptic curves, and lattice theory. Once the underlying problem is broken, the whole system using the problem is no longer secure. One main research subject is the security of these problems and its implication for cryptographic protocols. To achieve these security applications in practice, we have to implement the security concept on a security device (like a smartcard).

If the implementation on the device is careless, an attacker can easily know the secret information on the device. Secure implementation on security devices is another important research subject.

(1) Provable Security

Security models are needed for the security level of cryptographic protocols to be correctly judged. One standard model is semantic security against a chosen ciphertext attack. A provably secure cryptosystem is a cryptosystem whose security can be mathematically verified in a security model. Provable security is theoretically and also practically meaningful because we have a guarantee that there can be no successful attack in the security model. We are engaged in researching the security of present and future cryptographic protocols.

(2) Efficient Algorithms

We stand at the beginning of the ubiquitous computing era, and we can expect to achieve lucrative applications by effectively synthesizing ubiquitous computers with cryptography. Ubiquitous computers have scarce computational resources (such as smartcards or RFID), so we have to work towards optimizing the memory and efficiency of the security system. This research group is engaged in the development of new efficient cryptographic algorithms.

(3) Secure Implementation

Even if the security of a cryptosystem is mathematically proven, the cryptosystem can be broken at the implementation level. For example, side channel attacks enable an adversary to recover the secret key in the cryptographic device by observing side channel information such as computing time and power consumption. Other attacks on implementation include differential fault attacks, reject timing attacks, memory dump attacks, and exceptional procedure attacks. We are evaluating the implications of these attacks and developing countermeasures.

(4) Security Applications

Cryptographic protocols can provide new application paradigms that cannot be achieved without cryptography. For example, using cryptographic protocols, we are able to establish electronic payment systems, electronic election systems, electronic auction system, etc. Some of these systems have been used in practical fields. They are becoming the fundamental infrastructure of an electronic society. We are constructing more flexible and attractive security applications based on cryptographic protocols.