Dr. Tatsuaki Okamoto is the Director of the NTT Research Cryptography & Information Security (CIS) Laboratory. An NTT Fellow, Dr. Okamoto has made extensive contributions to the field of cryptography. He has previously served as President of the Japan Society for Industrial and Applied Mathematics (JSIAM), Director of the International Association of Cryptology Research (IACR), and program chairs of many international conferences. He has received the Best and Lifetime Achievement awards from the Institute of Electronics, Information and Communication Engineers (IEICE), the Distinguished Lecturer award from the IACR, the Medal of Honor with Purple Ribbon from the Japanese government, and the Asahi Prize. Dr. Okamoto received his B.E., M.E., and Ph.D. degrees from the University of Tokyo in 1976, 1978, and 1988, respectively. He has been with NTT since 1978 and joined NTT Research at its inception in 2019. For an update from Dr. Okamoto on the CIS Lab and thoughts about his own research and influences, please read the following Q&A:
You have built a very strong team at the CIS Lab. Have you achieved your original goals, and are you looking to hire additional scientists?
I think we have almost achieved the original goal in recruiting for cryptography research. We could pursue more diversity in our team, e.g., female or postdoc scientists. We could also hire more scientists for blockchain research.
Your many contributions to the field of cryptography theory include work on public-key encryption (elliptic curves, the Fujisaki-Okamoto transform, etc.), protocols for electronic money and voting, and the zero-knowledge proof. Which of these or any other areas of research would you consider the most important?
My research topics and interests have been changing in my research career for more than 30 years. In the late 1980s and 1990s, elliptic curve cryptosystems (ECC) attracted the attention of many researchers because they are based on advanced mathematics, elliptic curve theory, and are also one of the most efficient/practical public-key cryptosystems. (Bitcoin uses ECDSA, a signature scheme of ECC, due to its efficiency.) I studied the security of ECC with Alfred Menezes and Scott Vanstone during my visit to the University of Waterloo in 1989-1990. We found an attack, the Menezes-Okamoto-Vanstone (MOV) reduction, against a typical class (supersingular curves) of ECC, in 1990 (STOC 1991, IEEE Trans. IT (1993)). It utilized the Weil pairings, bilinear maps over elliptic curve groups, and led to the pairing-based cryptography in the 2000s. It also gives a guideline for selecting secure parameters of ECC.
I have been interested in zero-knowledge proofs since the concept was introduced in 1985. I have presented many papers on this topic, but the most important result I think is the characterization of the statistical zero-knowledge proofs (STOC 1996, journal-invited to J. Comput. Syst. Sci. (2000)).
The study of electronic cash started in 1980s, and I presented several papers on the topic from the late 1980s to the mid-1990s (Crypto 1991, Crypto 1995, etc.). I also led a project of experimental research of electronic cash with the Bank of Japan in the late 1990s.
One of the hot topics in cryptography in 1990s was how to practically construct the strongest security notion of public-key encryption (PKE), IND-CCA2 (Indistinguishability against Adaptive Chosen Ciphertext Attacks). Eiichiro Fujisaki and I answered this question with two types of transforms from primitive forms of PKE in the random oracle model, the Fujisaki-Okamoto transform (Crypto 1999, PKC 1999, J. Cryptology (2013)). Many PKE/KEM candidates (including finalists) of NIST’s post-quantum cryptography contest use this transform (with the security proof in the quantum random oracle model).
Since 2005, I have been interested in attribute-based encryption (ABE) and functional encryption (FE), which were initiated by Brent Waters. Katsuyuki Takashima and I did a series of joint works on this topic. We developed a methodology of realizing a fully secure ABE/FE scheme over prime-order bilinear groups (Crypto 2010, Eurocrypt 2012, Asiacrypt 2012, J. Cryptology (2019), etc.)
Among your own and co-authored journal articles, do you have any favorites? Are there any articles by other scientists that have had a particularly strong influence you?
My favorite journal articles are (overlapped with the above):
- IEEE Trans. IT, 39(5) pp.1639-1646 (1993): MOV reduction
- Comput. Syst. Sci. 60(1), pp.47-108 (2000): statistical zero-knowledge proofs
- J. Cryptology, 26(1), pp.80-101 (2013): Fujisaki-Okamoto transform
- J. Cryptology, 32(4), pp.1491-1573 (2019): functional encryption from prime-order groups
I have particularly been influenced by the series of works by Shafi Goldwasser, Silvio Micali and Oded Goldreich, since they did fundamentally essential works when I started the research of cryptography. For example:
- Shafi Goldwasser, Silvio Micali, Charles Rackoff: The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput. 18(1), pp.186-208 (1989)
- Oded Goldreich, Silvio Micali, Avi Wigderson, How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. STOC 1987, pp.218-229
- Oded Goldreich , Shafi Goldwasser, Silvio Micali, How to construct random functions. J. ACM 33(4), pp.792-807 (1986)
In your video on the web site, you mention the need to “enhance security and privacy without sacrificing the functionalities.” Did you have functional encryption in mind with that statement?
I had more general cases in mind. Cryptography often tries to solve paradoxical problems. For example, when several persons negotiate for a consensus over the network, they usually exchange many messages before reaching a consensus. Usually, these messages should include some private information. If, however, they hide such private information during the negotiation, it would be almost impossible to negotiate and communicate with each other. That is, it looks hard to achieve the functionality of negotiation with keeping privacy.
Multi-party computation (MPC) or secure computation gives a solution for such a hard problem or dilemma between functionality and privacy. Any cryptographic schemes and protocols are solutions for such dilemmas between functionalities and privacy/security.
What are you hoping the CIS Lab and your academic partners will accomplish in 2021?
NTT Research and the CIS Lab launched in July 2019, but our office was tentative, and many were working remotely. After a while, the office was closed due to COVID. Our new office in Sunnyvale will reopen soon. I hope 2021 is really a starting year for our lab and that many people will be working at our new office. I believe our lab will continue to be very productive in 2021, as it was in 2020.