著者
Sachiko Kanamori Taeko Abe Takuma Ito Keita Emura Lihua Wang Shuntaro Yamamoto Le Trieu Phong Kaien Abe Sangwook Kim Ryo Nojima Seiichi Ozawa Shiho Moriai
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.63, no.12, 2022-12-15

To tackle financial crimes including fraudulent financial transactions (FFTs), money laundering, illegal money transfers, and bank transfer scams, several attempts have been considered to employ artificial intelligence (AI)-based FFT detection systems, particularly, deep learning-based ones. However, to the best of our knowledge, no federated learning systems using real transaction data among financial institutions have been implemented so far. This is because there are several issues to be addressed as follows: (1) it is difficult to prepare sufficient amount of transaction data for training by one financial institution (e.g., a local bank), and a small amount of dataset does not promise high accuracy for detection, (2) each transaction data contains personal information, and thus it is restricted by Act on the Protection of Personal Information in Japan to provide the transaction data to a third party. In this paper, we introduce out demonstration experimental results of privacy-preserving federated learning with five banks in Japan: the Chiba Bank, Ltd., MUFG Bank, Ltd., the Chugoku Bank, Ltd., Sumitomo Mitsui Trust Bank, Ltd., and the Iyo Bank, Ltd. As the underlying cryptographic tool, we proposed a privacy-preserving federated learning protocol which we call DeepProtect, for detecting fraudulent financial transactions. Briefly, DeepProtect allows parties to execute the stochastic gradient descent algorithm using a set of techniques for the privacy-preserving deep learning algorithms (IEEE TIFS 2018, 2019). In the demonstration experiments, we built machine learning models for detecting two types of financial frauds ― detecting fraudulent transactions in customers/victims' accounts and detecting criminals' bank accounts. We show that our federated learning system detected FFTs that could not be detected by the model built using the dataset from a single bank and detected criminals' bank accounts before the bank actually froze them.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.30(2022) (online)DOI http://dx.doi.org/10.2197/ipsjjip.30.789------------------------------
著者
Hayato Kimura Keita Emura Takanori Isobe Ryoma Ito Kazuto Ogawa Toshihiro Ohigashi
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.64, no.9, 2023-09-15

Cryptanalysis in a blackbox setting using deep learning is powerful because it does not require the attacker to have knowledge about the internal structure of the cryptographic algorithm. Thus, it is necessary to design a symmetric key cipher that is secure against cryptanalysis using deep learning. Kimura et al. (AIoTS 2022) investigated deep learning-based attacks on the small PRESENT-[4] block cipher with limited component changes, identifying characteristics specific to these attacks which remain unaffected by linear/differential cryptanalysis. Finding such characteristics is important because exploiting such characteristics can make the target cipher vulnerable to deep learning-based attacks. Thus, this paper extends a previous method to explore clues for designing symmetric-key cryptographic algorithms that are secure against deep learning-based attacks. We employ small PRESENT-[4] with two weak S-boxes, which are known to be weak against differential/linear attacks, to clarify the relationship between classical and deep learning-based attacks. As a result, we demonstrated the success probability of our deep learning-based whitebox analysis tends to be affected by the success probability of classical cryptanalysis methods. And we showed our whitebox analysis achieved the same attack capability as traditional methods even when the S-box of the target cipher was changed to a weak one.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.31(2023) (online)DOI http://dx.doi.org/10.2197/ipsjjip.31.550------------------------------
著者
Keita EMURA Atsushi TAKAYASU
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E106.A, no.3, pp.193-202, 2023-03-01 (Released:2023-03-01)
参考文献数
33
被引用文献数
1

Identity-based encryption with equality test (IBEET) is a generalization of the traditional identity-based encryption (IBE) and public key searchable encryption, where trapdoors enable users to check whether two ciphertexts of distinct identities are encryptions of the same plaintext. By definition, IBEET cannot achieve indistinguishability security against insiders, i.e., users who have trapdoors. To address this issue, IBEET against insider attacks (IBEETIA) was later introduced as a dual primitive. While all users of IBEETIA are able to check whether two ciphertexts are encryptions of the same plaintext, only users who have tokens are able to encrypt plaintexts. Hence, IBEETIA is able to achieve indistinguishability security. On the other hand, the definition of IBEETIA weakens the notion of IBE due to its encryption inability. Nevertheless, known schemes of IBEETIA made use of rich algebraic structures such as bilinear groups and lattices. In this paper, we propose a generic construction of IBEETIA without resorting to rich algebraic structures. In particular, the only building blocks of the proposed construction are symmetric key encryption and pseudo-random permutations in the standard model. If a symmetric key encryption scheme satisfies CCA security, our proposed IBEETIA scheme also satisfies CCA security.
著者
Hayato Kimura Keita Emura Takanori Isobe Ryoma Ito Kazuto Ogawa Toshihiro Ohigashi
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.31, pp.550-561, 2023 (Released:2023-09-15)
参考文献数
40

Cryptanalysis in a blackbox setting using deep learning is powerful because it does not require the attacker to have knowledge about the internal structure of the cryptographic algorithm. Thus, it is necessary to design a symmetric key cipher that is secure against cryptanalysis using deep learning. Kimura et al. (AIoTS 2022) investigated deep learning-based attacks on the small PRESENT-[4] block cipher with limited component changes, identifying characteristics specific to these attacks which remain unaffected by linear/differential cryptanalysis. Finding such characteristics is important because exploiting such characteristics can make the target cipher vulnerable to deep learning-based attacks. Thus, this paper extends a previous method to explore clues for designing symmetric-key cryptographic algorithms that are secure against deep learning-based attacks. We employ small PRESENT-[4] with two weak S-boxes, which are known to be weak against differential/linear attacks, to clarify the relationship between classical and deep learning-based attacks. As a result, we demonstrated the success probability of our deep learning-based whitebox analysis tends to be affected by the success probability of classical cryptanalysis methods. And we showed our whitebox analysis achieved the same attack capability as traditional methods even when the S-box of the target cipher was changed to a weak one.
著者
Yusuke SAKAI Keita EMURA Goichiro HANAOKA Yutaka KAWAI Kazumasa OMOTE
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E96.A, no.6, pp.1156-1168, 2013-06-01 (Released:2013-06-01)
参考文献数
27
被引用文献数
3 4

This paper proposes methods for “restricting the message space” of public-key encryption, by allowing a third party to verify whether a given ciphertext does not encrypt some message which is previously specified as a “bad” (or “problematic”) message. Public-key encryption schemes are normally designed not to leak even partial information of encrypted plaintexts, but it would be problematic in some circumstances. This higher level of confidentiality could be abused, as some malicious parties could communicate with each other, or could talk about some illegal topics, using an ordinary public key encryption scheme with help of the public-key infrastructure. It would be undesirable considering the public nature of PKI. The primitive of restrictive public key encryption will help this situation, by allowing a trusted authority to specify a set of “bad” plaintexts, and allowing every third party to detect ciphertexts that encrypts some of the specified “bad” plaintext. The primitive also provides strong confidentiality (of indistinguishability type) of the plaintext when it is not specified as “bad.” In this way, a third party (possible a gateway node of the network) can examine a ciphertext (which comes from the network) includes an allowable content or not, and only when the ciphertext does not contain forbidden message, the gateway transfers the ciphertext to a next node. In this paper, we formalize the above requirements and provide two constructions that satisfied the formalization. The first construction is based on the techniques of Teranishi et al. (IEICE Trans. Fundamentals E92-A, 2009), Boudot (EUROCRYPT 2000), and Nakanishi et al. (IEICE Trans. Fundamentals E93-A, 2010), which are developed in the context of (revocation of) group signature. The other construction is based on the OR-proof technique. The first construction has better performance when very few messages are specified as bad, while the other does when almost all of messages are specified as bad (and only very few messages are allowed to encrypt).
著者
Ai ISHIDA Keita EMURA Goichiro HANAOKA Yusuke SAKAI Keisuke TANAKA
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E98-A, no.12, pp.2446-2455, 2015-12-01

The primitive called public key encryption with non-interactive opening (PKENO) is a class of public key encryption (PKE) with additional functionality. By using this, a receiver of a ciphertext can prove that the ciphertext is an encryption of a specified message in a publicly verifiable manner. In some situation that a receiver needs to claim that a ciphertext is NOT decrypted to a specified message, if he/she proves the fact by using PKENO straightforwardly, the real message of the ciphertext is revealed and a verifier checks that it is different from the specified message about which the receiver wants to prove. However, this naive solution is problematic in terms of privacy. Inspired by this problem, we propose the notion of disavowable public key encryption with non-interactive opening (disavowable PKENO) where, with respect to a ciphertext and a message, the receiver of the ciphertext can issue a proof that the plaintext of the ciphertext is NOT the message. Also, we give a concrete construction. Specifically, a disavowal proof in our scheme consists of 61 group elements. The proposed disavowable PKENO scheme is provably secure in the standard model under the decisional linear assumption and strong unforgeability of the underlying one-time signature scheme.