ThePKC'99conference,heldintheancientcapitalofKamakura,Japan,March 1-3,1999,representsthesecondconferenceintheinternationalworkshopseries dedicatedtothepracticeandtheoryinpublickeycryptography. Theprogramcommitteeoftheconferencereceived61submissionsfrom12co- triesandregions(Australia,Canada,Finland,France,Japan,SaudiArabia,S- gapore,Spain,Taiwan,UK,USA,andYugoslavia),ofwhich25wereselectedfor presentation. Allsubmissionswerereviewedbyexpertsintherelevantareas. TheprogramcommitteeconsistedofChin-ChenChangoftheNationalChung ChengUniversity,Taiwan,YvoDesmedtoftheUniversityofWisconsin-Milwaukee, USA,HidekiImai(Co-Chair)oftheUniversityofTokyo,Japan,MarkusJak- sson of Bell Labs, USA, Kwangjo Kim of Information and Communications University, Korea, Arjen Lenstra of Citibank, USA, Tsutomu Matsumoto of YokohamaNationalUniversity,Japan,EijiOkamotoofJAIST,Japan,Tatsuaki OkamotoofNTT,Japan,NigelSmartofHPLabsBristol,UK,andYuliang Zheng(Co-Chair)ofMonashUniversity,Australia. Membersofthecommittee spentnumeroushoursinreviewingthesubmissionsandprovidingadviceand commentsontheselectionofpapers.
Wewouldliketotakethisopportunityto thankallthemembersfortheirinvaluablehelpinproducingsuchahighquality technicalprogram. Theprogramcommitteealsoaskedexpertadviceofmanyoftheircolleagues,- cluding:MasayukiAbe,KazumaroAoki,DanielBleichenbacher,AtsushiFujioka, EiichiroFujisaki,ChandanaGamage,BrianKing,KunioKobayashi,Tetsutaro Kobayashi,PhilMacKenzie,HidemiMoribatake,KazuoOhta,AminShokr- lahi,ShigenoriUchiyama,andYonggeWang. Wethankthemallfortheirhelp. Theconferencewouldnothavebeensuccessfulwithouttheskillfulassistance ofthemembersoftheorganizingcommittee. OurspecialthanksgotoTakashi ManoofIPA,Japan,KantaMatsuuraandHidenoriShida,bothofUniversity ofTokyo,Japan. Last,butnotleast,wewouldliketothankallthepeoplewhosubmittedtheir paperstotheconference(includingthosewhosesubmissionswerenotsuccessful), aswellastheworkshopparticipantsfromaroundtheworld,fortheirsupport whichmadethisconferencepossible.
March1999 UniversityofTokyo,Japan HidekiImai MonashUniversity,Melbourne,Australia YuliangZheng PKC'99 1999InternationalWorkshop onPracticeandTheory inPublicKeyCryptography KamakuraPrinceHotel,Kamakura,Japan March1-3,1999 Incooperationwith TheTechnicalGrouponInformationSecurity,theInstituteof Electronics,InformationandCommunicationEngineers(IEICE) OrganizingCommittee HidekiImai,Chair (UniversityofTokyo,Japan) TakashiMano (IPA,Japan) KantaMatsuura (UniversityofTokyo,Japan) HidenoriShida (UniversityofTokyo,Japan) YuliangZheng (MonashUniversity,Australia) ProgramCommittee HidekiImai,Co-Chair (UniversityofTokyo,Japan) YuliangZheng,Co-Chair (MonashUniversity,Australia) Chin-ChenChang (NationalChungChengUniversity,Taiwan) YvoDesmedt (UniversityofWisconsin-Milwaukee,USA) KwangjoKim (InformationandCommunicationsUniversity,Korea) MarkusJakobsson (BellLabs,USA) ArjenLenstra (Citibank,USA) TsutomuMatsumoto (YokohamaNationalUniversity,Japan) EijiOkamoto (JAIST,Japan) TatsuakiOkamoto (NTT,Japan) NigelSmart (HPLabsBristol,UK) Contents ANewTypeofMagicInk"Signatures|Towards Transcript-IrrelevantAnonymityRevocation...1 FengBaoandRobertH.
Deng(KentRidgeDigitalLabs,Singapore) ANewAspectofDualBasisforE cientFieldArithmetic ...12 Chang-HyiLee(SAIT,Korea) Jong-InLim(KoreaUni) OntheSecurityofRandomSources...29 Jean-S ebastienCoron(ENSandGemplus,France) AnonymousFingerprintingBasedonCommitted ObliviousTransfer...43 JosepDomingo-Ferrer(UniRoviraiVirgili,Spain) HowtoEnhancetheSecurityofPublic-Key EncryptionatMinimumCost...53 EiichiroFujisakiandTatsuakiOkamoto(NTT,Japan) EncryptedMessageAuthenticationbyFirewalls...69 ChandanaGamage,JussipekkaLeiwoand YuliangZheng(MonashUni,Australia) ARelationshipbetweenOne-Waynessand CorrelationIntractability...82 SatoshiHadaandToshiakiTanaka(KDD,Japan) MessageRecoveryFairBlindSignature ...97 Hyung-WooLeeandTai-YunKim(KoreaUni) OnQuorumControlledAsymmetricProxyRe-encryption...112 MarkusJakobsson(BellLabs,USA) Mini-Cash:AMinimalisticApproachtoE-Commerce...122 MarkusJakobsson(BellLabs,USA) PreservingPrivacyinDistributedDelegation withFastCerti cates ...136 PekkaNikander(Ericsson,Finland) YkiKortesniemiandJonnaPartanen(HelsinkiUniofTech,Finland) UnknownKey-ShareAttacksontheStation-to-Station(STS)Protocol...1
54 SimonBlake-Wilson(Certicom,Canada) AlfredMenezes(UniofWaterloo,Canada) TowardFairInternationalKeyEscrow{AnAttemptbyDistributed TrustedThirdAgencieswithThresholdCryptography{ ...171 ShingoMiyazaki(KyushuUniv,Japan) IkukoKuroda(NTT,Japan) KouichiSakurai(KyushuUniv,Japan) HowtoCopyrightaFunction?...188 DavidNaccache(Gemplus,France) AdiShamir(WeizmannInstofSci,Israel) JulienP. Stern(UCL,Belgium,andUnideParis-Sud,France) OntheSecurityofRSAScreening...197 Jean-S ebastienCoron(ENSandGemplus,France) DavidNaccache(Gemplus,France) TheE ectivenessofLatticeAttacksAgainstLow-ExponentRSA ...204 ChristopheCoup e(ENSdeLyon,France) PhongNguyenandJacquesStern(ENSParis,France) ATrapdoorPermutationEquivalenttoFactoring...219 PascalPaillier(GemplusandENST,France) Low-CostDouble-SizeModularExponentiation orHowtoStretchYourCryptoprocessor...223 PascalPaillier(GemplusandENST,France) EvaluatingDi erentialFaultAnalysisofUnknownCryptosystems ...235 PascalPaillier(GemplusandENST,France) RemovingInteroperabilityBarriersBetweentheX. 509and EDIFACTPublicKeyInfrastructures:TheDEDICAProject ...2
45 MontseRubia,JuanCarlosCruellasand ManelMedina(PolytechUniofCatalonia,Spain) HashFunctionsandtheMACUsingAll-or-NothingProperty...263 SangUkShinandKyungHyuneRhee(PuKyongNatUni,Korea) JaeWooYoon(ETRI,Korea) DecisionOraclesareEquivalenttoMatchingOracles...276 HelenaHandschuh(GemplusandENST,France) YiannisTsiounis(GTELabs,USA) MotiYung(CertCo,USA) SharedGenerationofRandomNumberwithTimestamp: HowtoCopewiththeLeakageoftheCA'sSecret ...290 YujiWatanabeandHidekiImai(UniofTokyo,Japan) Auto-RecoverableCryptosystemswithFasterInitialization andtheEscrowHierarchy ...306 AdamYoung(ColumbiaUni,USA) MotiYung(CertCo,USA) ASecurePay-per-ViewSchemeforWeb-BasedVideoService ...315 JianyingZhou(KentRidgeDigitalLabs,Singapore) Kwok-YanLam(NatUniofSingapore) AuthorIndex ...327 ANewTypeofMagicInk"Signatures| TowardsTranscript-IrrelevantAnonymity Revocation Feng Bao and Robert H. Deng Information Security Group Kent Ridge Digital Labs Singapore 119613 fbaofeng,dengg@krdl. org.