2025年12月16日から12月18日にかけて、The 9th International Conference on Mobile Internet Security (Mobisec2025) が北海道で開催されました。本学会において、当研究所の研究員である林田 淳一郎、野村 健太、斎藤 恆和、高田 雄太、熊谷 裕志、神薗 雅紀が 研究論文を発表し、「Best Paper Award」を受賞しました。
Evaluation of Smart Contract Tools for Comprehensive Vulnerability Detection and Optimal Integration
著者:Kentaro Sako (Waseda University/DTCY), Daiki Ito, Takuya Watanabe, Yuta Takata, Hiroshi Kumagai (DTCY), Masaki Kamizono (DTCY/DTSI), Tatsuya Mori (Waseda University/RIKEN AIP/NICT)
概要:Attribute-based authentication (ABA) is a cryptographic protocol which enables access control based on user-specific attributes such as age, affiliation, or location. While this approach offers fine-grained authorization, conventional ABA schemes require users to disclose all attributes in their credentials, posing significant privacy risks. Anonymous credentials (AC) address this issue by allowing users to hide their attributes during issuance and selectively disclose them during authentication. However, existing AC models assume that users interact directly with issuers, which creates practical challenges: issuers are expected to issue credentials without knowing whether the underlying attribute should be authorized. This design raises both security and accountability concerns and often necessitates centralized attribute management, which is undesirable in real-world settings. In this paper, we propose Split Credential Authentication (SCA), a new cryptographic framework that separates attribute management and credential issuance. This separation better reflects real-world institutional settings, where authorities managing user attributes (e.g., municipalities or hospitals) are typically distinct from certificate issuers. At the core of SCA, we introduce a novel cryptographic primitive called Oblivious Certificate Generation (OCG), which enables certificate issuance without revealing attribute contents to the issuer, nor linking certificates to specific users from the authority’s perspective. We provide a formal definition of OCG and its construction based on standard digital signatures and blind signature schemes satisfying a novel property called splittability. Then, we formalize SCA and its construction based on OCG and non-interactive zero-knowledge proofs to enable selective attribute disclosure. Finally, we demonstrate the applicability of SCA in sensitive domains such as disability services, where it reduces the privacy burden on users while preserving verifiability and policy compliance.
受賞:Best Paper Award