IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Online ISSN : 1745-1337
Print ISSN : 0916-8508
Volume E100.A , Issue 12
Showing 1-50 articles out of 64 articles from the selected issue
Special Section on Information Theory and Its Applications
  • Jun MURAMATSU, Hiroki KOGA
    2017 Volume E100.A Issue 12 Pages 2556-2557
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS
    Download PDF (504K)
  • Tomoharu SHIBUYA, Takeru SUDO
    Type: PAPER
    Subject area: Coding Theory and Techniques
    2017 Volume E100.A Issue 12 Pages 2558-2571
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this paper, we propose a group theoretic representation suitable for the rank-modulation (RM) scheme over the multi-cell ranking presented by En Gad et al. By introducing an action of the group of all permutation matrices on the set of all permutations, the scheme is clearly reformulated. Moreover, we introduce the concept of r-dominating sets over the multi-cell ranking, which is a generalization of conventional dominating sets, in the design of rank-modulation rewriting codes. The concept together with the proposed group theoretic representation yields an explicit formula of an upper bound on the size of the set of messages that can be stored in the memory by using RM rewriting codes over multi-cell ranking. This bound enables us to consider the trade-off between the size of the storable message set and the rewriting cost more closely. We also provide a concrete example of RM rewriting code that is not available by conventional approaches and whose size of the storable message set can not be achieved by conventional codes.

    Download PDF (943K)
  • Jia LIU, Meilin HE, Jun CHENG
    Type: PAPER
    Subject area: Coding Theory and Techniques
    2017 Volume E100.A Issue 12 Pages 2572-2577
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this paper, the Voronoi region of the transmitted codeword is employed to improve the sphere bound on the maximum-likelihood decoding (MLD) performance of binary linear block codes over additive white Gaussian noise (AWGN) channels. We obtain the improved sphere bounds both on the frame-error probability and the bit-error probability. With the framework of the sphere bound proposed by Kasami et al., we derive the conditional decoding error probability on the spheres by defining a subset of the Voronoi region of the transmitted codeword, since the Voronoi regions of a binary linear block code govern the decoding error probability analysis over AWGN channels. The proposed bound improves the sphere bound by Kasami et al. and the sphere bound by Herzberg and Poltyrev. The computational complexity of the proposed bound is similar to that of the sphere bound by Kasami et al.

    Download PDF (1200K)
  • Makoto TAKITA, Masanori HIROTOMO, Masakatu MORII
    Type: PAPER
    Subject area: Coding Theory and Techniques
    2017 Volume E100.A Issue 12 Pages 2578-2584
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Symbol-pair read channels output overlapping pairs of symbols in storage applications. Pair distance and pair error are used in the channels. In this paper, we discuss error-trapping decoding for cyclic codes over symbol-pair read channels. By putting some restrictions on the correctable pair error patterns, we propose a novel error-trapping decoding algorithm over the channels and show a circuitry for implementing the decoding algorithm. In addition, we discuss how to modify the restrictions on the correctable pair error patterns.

    Download PDF (793K)
  • Yuan CAO, Yonglin CAO, Jian GAO
    Type: PAPER
    Subject area: Coding Theory and Techniques
    2017 Volume E100.A Issue 12 Pages 2585-2593
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Let $\mathbb{F}_q$ be a finite field of q elements, $R=\mathbb{F}_q+u\mathbb{F}_q$ (u2=0) and D2n=<x, y | xn=1, y2=1, yxy=x-1> be a dihedral group of order n. Left ideals of the group ring R[D2n] are called left dihedral codes over R of length 2n, and abbreviated as left D2n-codes over R. Let n be a positive factor of qe+1 for some positive integer e. In this paper, any left D2n-code over R is uniquely decomposed into a direct sum of concatenated codes with inner codes Ai and outer codes Ci, where Ai is a cyclic code over R of length n and Ci is a linear code of length 2 over a Galois extension ring of R. More precisely, a generator matrix for each outer code Ci is given. Moreover, a formula to count the number of these codes is obtained, the dual code for each left D2n-code is determined and all self-dual left D2n-codes over R are presented, respectively.

    Download PDF (908K)
  • Yuta NAKAHARA, Shota SAITO, Toshiyasu MATSUSHIMA
    Type: PAPER
    Subject area: Coding Theory and Techniques
    2017 Volume E100.A Issue 12 Pages 2594-2606
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    A new type of spatially coupled low density parity check (SCLDPC) code is proposed. This code has two benefits. (1) This code requires less number of iterations to correct the erasures occurring through the binary erasure channel in the waterfall region than that of the usual SCLDPC code. (2) This code has lower error floor than that of the usual SCLDPC code. Proposed code is constructed as a coupled chain of the underlying LDPC codes whose code lengths exponentially increase as the position where the codes exist is close to the middle of the chain. We call our code spatially “Mt. Fuji” coupled LDPC (SFCLDPC) code because the shape of the graph representing the code lengths of underlying LDPC codes at each position looks like Mt. Fuji. By this structure, when the proposed SFCLDPC code and the original SCLDPC code are constructed with the same code rate and the same code length, L (the number of the underlying LDPC codes) of the proposed SFCLDPC code becomes smaller and M (the code lengths of the underlying LDPC codes) of the proposed SFCLDPC code becomes larger than those of the SCLDPC code. These properties of L and M enables the above reduction of the number of iterations and the bit error rate in the error floor region, which are confirmed by the density evolution and computer simulations.

    Download PDF (1515K)
  • Sen MORIYA, Kana KIKUCHI, Hiroshi SASANO
    Type: PAPER
    Subject area: Coding Theory and Techniques
    2017 Volume E100.A Issue 12 Pages 2607-2614
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this study, we consider techniques to search for high-rate punctured convolutional code (PCC) encoders by rearranging row vectors of identical-encoder generator matrices. One well-known method to obtain a good PCC encoder is to perform an exhaustive search of all candidates. However, this approach is time-intensive. An exhaustive search with a rate RG=1/2 original encoder requires a relatively short time, whereas that with an RG=1/3 or lower original encoder takes significantly longer. The encoders with lower-rate original encoders are expected to create better PCC encoders. Thus, this paper proposes a method that uses exhaustive search results with rate RG=1/2 original encoders, and rearranges row vectors of identical-encoder generator matrices to create PCCs with a lower rate original code. Further, we provide PCC encoders obtained by searches that utilize our method.

    Download PDF (860K)
  • Tomohiko UYEMATSU, Tetsunao MATSUTA
    Type: PAPER
    Subject area: Shannon Theory
    2017 Volume E100.A Issue 12 Pages 2615-2628
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    We consider the intrinsic randomness problem for correlated sources. Specifically, there are three correlated sources, and we want to extract two mutually independent random numbers by using two separate mappings, where each mapping converts one of the output sequences from two correlated sources into a random number. In addition, we assume that the obtained pair of random numbers is also independent of the output sequence from the third source. We first show the δ-achievable rate region where a rate pair of two mappings must satisfy in order to obtain the approximation error within δ ∈ [0,1), and the second-order achievable rate region for correlated general sources. Then, we apply our results to non-mixed and mixed independently and identically distributed (i.i.d.) correlated sources, and reveal that the second-order achievable rate region for these sources can be represented in terms of the sum of normal distributions.

    Download PDF (851K)
  • Tetsunao MATSUTA, Tomohiko UYEMATSU
    Type: PAPER
    Subject area: Shannon Theory
    2017 Volume E100.A Issue 12 Pages 2629-2640
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper deals with a broadcast network with a server and many users. The server has files of content such as music and videos, and each user requests one of these files, where each file consists of some separated layers like a file encoded by a scalable video coding. On the other hand, each user has a local memory, and a part of information of the files is cached (i.e., stored) in these memories in advance of users' requests. By using the cached information as side information, the server encodes files based on users' requests. Then, it sends a codeword through an error-free shared link for which all users can receive a common codeword from the server without error. We assume that the server transmits some layers up to a certain level of requested files at each different transmission rate (i.e., the codeword length per file size) corresponding to each level. In this paper, we focus on the region of tuples of these rates such that layers up to any level of requested files are recovered at users with an arbitrarily small error probability. Then, we give inner and outer bounds on this region.

    Download PDF (848K)
  • Mikihiko NISHIARA, Ryo HIDAI
    Type: PAPER
    Subject area: Channel Coding
    2017 Volume E100.A Issue 12 Pages 2641-2646
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Sudoku is a pencil puzzle. The aim of the solver is to complete the 9×9 grid by filling in a digit in every cell according to a certain rule. In this study, we regard the process of solving Sudoku as a process of decoding a codeword from a received word, and show the expected decoding error probability for erasure channels obtained by experiments.

    Download PDF (514K)
  • Takafumi NAKANO, Tadashi WADAYAMA
    Type: PAPER
    Subject area: Channel Coding
    2017 Volume E100.A Issue 12 Pages 2647-2653
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper studies the zero error capacity of the Nearest Neighbor Error (NNE) channels with a multilevel alphabet. In the NNE channels, a transmitted symbol is a d-tuple of elements in {0,1,2,...,l-1}. It is assumed that only one element error to a nearest neighbor element in a transmitted symbol can occur. The NNE channels can be considered as a special type of limited magnitude error channels, and it is closely related to error models for flash memories. In this paper, we derive a lower bound of the zero error capacity of the NNE channels based on a result of the perfect Lee codes. An upper bound of the zero error capacity of the NNE channels is also derived from a feasible solution of a linear programming problem defined based on the confusion graphs of the NNE channels. As a result, a concise formula of the zero error capacity is obtained using the lower and upper bounds.

    Download PDF (720K)
  • Yoju FUJINO, Tadashi WADAYAMA
    Type: PAPER
    Subject area: Coding Theory for Strage
    2017 Volume E100.A Issue 12 Pages 2654-2661
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this paper, we propose a construction of non-binary WOM (Write-Once-Memory) codes for WOM storages such as flash memories. The WOM codes discussed in this paper are fixed rate WOM codes where messages in a fixed alphabet of size M can be sequentially written in the WOM storage at least t*-times. In this paper, a WOM storage is modeled by a state transition graph. The proposed construction has the following two features. First, it includes a systematic method to determine the encoding regions in the state transition graph. Second, the proposed construction includes a labeling method for states by using integer programming. Several novel WOM codes for q level flash memories with 2 cells are constructed by the proposed construction. They achieve the worst numbers of writes t* that meet the known upper bound in the range 4≤q≤8, M=8. In addition, we constructed fixed rate non-binary WOM codes with the capability to reduce ICI (inter cell interference) of flash cells. One of the advantages of the proposed construction is its flexibility. It can be applied to various storage devices, to various dimensions (i.e, number of cells), and various kind of additional constraints.

    Download PDF (693K)
  • Akira YAMAWAKI, Hiroshi KAMABE, Shan LU
    Type: PAPER
    Subject area: Coding Theory for Strage
    2017 Volume E100.A Issue 12 Pages 2662-2670
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Index-less Indexed Flash Code (ILIFC) is a coding scheme for flash memories in which one bit of a data sequence is stored in a slice consisting of several cells but the index of the bit is stored implicitly. Although several modified ILIFC schemes have been proposed, in this research we consider an ILIFC with inversion cells (I-ILIFC). The I-ILIFC reduces the total number of cell level changes at each write request. Computer simulation is used to show that the I-ILIFC improves the average performance of the ILIFC in many cases. This paper presents our derivation of the lower bound on the number of write operations by I-ILIFC and shows that the worst-case performance of the I-ILIFC is better than that of the ILIFC if the code length is sufficiently large. Additionally, we consider another lower bound thereon. The results show that the threshold of the code length that determines whether the I-ILIFC improves the worst-case performance of the ILIFC is lower than that in the first lower bound.

    Download PDF (1056K)
  • Ryo HAYAKAWA, Kazunori HAYASHI
    Type: PAPER
    Subject area: Communication Theory and Systems
    2017 Volume E100.A Issue 12 Pages 2671-2679
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this paper, we propose a novel error recovery method for massive multiple-input multiple-output (MIMO) signal detection, which improves an estimate of transmitted signals by taking advantage of the sparsity and the discreteness of the error signal. We firstly formulate the error recovery problem as the maximum a posteriori (MAP) estimation and then relax the MAP estimation into a convex optimization problem, which reconstructs a discrete-valued sparse vector from its linear measurements. By using the restricted isometry property (RIP), we also provide a theoretical upper bound of the size of the reconstruction error with the optimization problem. Simulation results show that the proposed error recovery method has better bit error rate (BER) performance than that of the conventional error recovery method.

    Download PDF (1221K)
  • Shoichiro YAMASAKI, Tomoko K. MATSUSHIMA, Shinichiro MIYAZAKI, Kotoku ...
    Type: PAPER
    Subject area: Communication Theory and Systems
    2017 Volume E100.A Issue 12 Pages 2680-2690
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Secret sharing is a method to protect information for security. The information is divided into n shares, and the information is reconstructed from any k shares but no knowledge of it is revealed from k-1 shares. Physical layer security is a method to yield a favorable receive condition to an authorized destination terminal in wireless communications based on multi-antenna transmission. In this study, we propose wireless packet communications protected by the secret sharing based on Reed Solomon coding and the physical layer security based on vector coding, which implements a single-antenna system and a multi-antenna system. Evaluation results show the validity of the proposed scheme.

    Download PDF (2188K)
  • Dung Hoang DUONG, Albrecht PETZOLDT, Tsuyoshi TAKAGI
    Type: PAPER
    Subject area: Cryptography and Information Security
    2017 Volume E100.A Issue 12 Pages 2691-2698
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Multivariate Public Key Cryptography (MPKC) is one of the main candidates for secure communication in a post-quantum era. Recently, Yasuda and Sakurai proposed at ICICS 2015 a new multivariate encryption scheme called SRP, which offers efficient decryption, a small blow up factor between plaintext and ciphertext and resists all known attacks against multivariate schemes. However, similar to other MPKC schemes, the key sizes of SRP are quite large. In this paper we propose a technique to reduce the key size of the SRP scheme, which enables us to reduce the size of the public key by up to 54%. Furthermore, we can use the additional structure in the public key polynomials to speed up the encryption process of the scheme by up to 50%. We show by experiments that our modifications do not weaken the security of the scheme.

    Download PDF (1192K)
  • Olav GEIL, Stefano MARTIN, Umberto MARTÍNEZ-PEÑAS, Ryutaroh MATSUMOTO, ...
    Type: PAPER
    Subject area: Cryptography and Information Security
    2017 Volume E100.A Issue 12 Pages 2699-2708
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Asymptotically good sequences of linear ramp secret sharing schemes have been intensively studied by Cramer et al. in terms of sequences of pairs of nested algebraic geometric codes [4]-[8], [10]. In those works the focus is on full privacy and full reconstruction. In this paper we analyze additional parameters describing the asymptotic behavior of partial information leakage and possibly also partial reconstruction giving a more complete picture of the access structure for sequences of linear ramp secret sharing schemes. Our study involves a detailed treatment of the (relative) generalized Hamming weights of the considered codes.

    Download PDF (363K)
  • Wataru NAKAMURA, Hirosuke YAMAMOTO, Terence CHAN
    Type: PAPER
    Subject area: Cryptography and Information Security
    2017 Volume E100.A Issue 12 Pages 2709-2719
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this paper, we treat (k, L, n) ramp secret sharing schemes (SSSs) that can detect impersonation attacks and/or substitution attacks. First, we derive lower bounds on the sizes of the shares and random number used in encoding for given correlation levels, which are measured by the mutual information of shares. We also derive lower bounds on the success probabilities of attacks for given correlation levels and given sizes of shares. Next we propose a strong (k, L, n) ramp SSS against substitution attacks. As far as we know, the proposed scheme is the first strong (k, L, n) ramp SSSs that can detect substitution attacks of at most k-1 shares. Our scheme can be applied to a secret SL uniformly distributed over GF(pm)L, where p is a prime number with pL+2. We show that for a certain type of correlation levels, the proposed scheme can achieve the lower bounds on the sizes of the shares and random number, and can reduce the success probability of substitution attacks within nearly L times the lower bound when the number of forged shares is less than k. We also evaluate the success probability of impersonation attack for our schemes. In addition, we give some examples of insecure ramp SSSs to clarify why each component of our scheme is essential to realize the required security.

    Download PDF (1134K)
  • Kazuyoshi TSUCHIYA, Yasuyuki NOGAMI, Satoshi UEHARA
    Type: PAPER
    Subject area: Sequences
    2017 Volume E100.A Issue 12 Pages 2720-2727
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    A pseudorandom number generator is widely used in cryptography. A cryptographic pseudorandom number generator is required to generate pseudorandom numbers which have good statistical properties as well as unpredictability. An m-sequence is a linear feedback shift register sequence with maximal period over a finite field. M-sequences have good statistical properties, however we must nonlinearize m-sequences for cryptographic purposes. A geometric sequence is a binary sequence given by applying a nonlinear feedforward function to an m-sequence. Nogami, Tada and Uehara proposed a geometric sequence whose nonlinear feedforward function is given by the Legendre symbol. They showed the geometric sequences have good properties for the period, periodic autocorrelation and linear complexity. However, the geometric sequences do not have the balance property. In this paper, we introduce geometric sequences of two types and show some properties of interleaved sequences of the geometric sequences of two types. These interleaved sequences have the balance property and double the period of the geometric sequences by the interleaved structure. Moreover, we show correlation properties and linear complexity of the interleaved sequences. A key of our observation is that the second type geometric sequence is the complement of the left shift of the first type geometric sequence by half-period positions.

    Download PDF (1140K)
  • Shota SAITO, Toshiyasu MATSUSHIMA
    Type: LETTER
    Subject area: Shannon Theory
    2017 Volume E100.A Issue 12 Pages 2728-2731
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This letter treats the problem of lossless fixed-to-variable length source coding in moderate deviation regime. We investigate the behavior of the overflow probability of the Bayes code. Our result clarifies that the behavior of the overflow probability of the Bayes code is similar to that of the optimal non-universal code for i.i.d. sources.

    Download PDF (283K)
  • Masahiro FUJII, Masaya ITO
    Type: LETTER
    Subject area: Communication Theory and Systems
    2017 Volume E100.A Issue 12 Pages 2732-2737
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In this letter, we analyze performances of a frequency offset estimation based on the maximum likelihood criterion and provide a theoretical proof that the mean squared error of the estimation grows with increase in the offset. Moreover, we propose a new iterative offset estimation method based on the analysis. By computer simulations, we show that the proposed estimator can achieve the lowest estimation error after a few iterations.

    Download PDF (663K)
  • Ryutaroh MATSUMOTO
    Type: LETTER
    Subject area: Cryptography and Information Security
    2017 Volume E100.A Issue 12 Pages 2738-2739
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    We show a simple example of a secret sharing scheme encoding classical secret to quantum shares that can realize an access structure impossible by classical information processing with limitation on the size of each share. The example is based on quantum stabilizer codes.

    Download PDF (138K)
Special Section on VLSI Design and CAD Algorithms
  • Mineo KANEKO
    2017 Volume E100.A Issue 12 Pages 2740
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS
    Download PDF (286K)
  • Toru NAKURA, Tetsuya IIZUKA, Kunihiro ASADA
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2741-2749
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper demonstrates a PLL compiler that generates the final GDSII data from a specification of input and output frequencies with PVT corner conditions. A Pulse Width Controlled PLLs (PWPLL) is composed of digital blocks, and thus suitable for being designed using a standard cell library and being layed out with a commercially available place-and-route (P&R) tool. A PWPLL has 8 design parameters. Our PLL compiler decides the 8 parameters and confirms the PLL operation with the following functions: 1) calculates rough parameter values based on an analytical model, 2) generates SPICE and gate-level verilog netlists with given parameter values, 3) runs SPICE simulations and analyzes the waveform, to examine the oscillation frequency or the voltage of specified nodes at a given time, 4) changes the parameter values to an appropriate direction depending on the waveform analyses to obtain the optimized parameter values, 5) generates scripts that can be used in commercial design tools and invokes the tools with the gate-level verilog netlist to get the final LVS/DRC-verified GDSII data from a P&R and a verification tools, and finally 6) generates the necessary characteristic summary sheets from the post-layout SPICE simulations extracted from the GDSII. Our compiler was applied to an 0.18µm standard CMOS technology to design a PLL with 600MHz output, 600/16MHz input frequency, and confirms the PLL operation with 1.2mW power and 85µm×85µm layout area.

    Download PDF (2198K)
  • Kento SUZUKI, Nobukazu TAKAI, Yoshiki SUGAWARA, Masato KATO
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2750-2757
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Automatic design of analog circuits using a programmed algorithm is in great demand because optimal analog circuit design in a short time is required due to the limited development time. Although an automatic design using equation-based method can design simple circuits fast and accurately, it cannot solve complex circuits. On the other hand, an automatic design using optimization algorithm such as Ant Colony Optimization, Genetic Algorithm, and so on, can design complex circuits. However, because these algorithms are based on the stochastic optimization technique and determine the circuit parameters at random, a lot of circuits which do not operate in principle are generated and simulated to find the circuit which meets specifications. In this paper, to reduce the search space and the redundant simulations, automatic design using both equation-based method and a genetic algorithm is proposed. The proposed method optimizes the bias circuit blocks using the equation-based method and signal processing blocks using Genetic Algorithm. Simulation results indicate that the evaluation value which considers the trade-off of the circuit specification is larger than the conventional method and the proposed method can design 1.4 times more circuits which satisfy the minimum requirements than the conventional method.

    Download PDF (1773K)
  • Takuya KOMAWAKI, Michitarou YABUUCHI, Ryo KISHIDA, Jun FURUTA, Takashi ...
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2758-2763
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    As device sizes are downscaled to nanometer, Random Telegraph Noise (RTN) becomes dominant. It is indispensable to accurately estimate the effect of RTN. We propose an RTN simulation method for analog circuits. It is based on the charge trapping model. The RTN-induced threshold voltage fluctuation are replicated to attach a variable DC voltage source to the gate of a MOSFET by using Verilog-AMS. In recent deca-nanometer processes, high-k (HK) materials are used in gate dielectrics to decrease the leakage current. We must consider the defect distribution characteristics both in HK and interface layer (IL). This RTN model can be applied to the bimodal model which includes characteristics of the HK and IL dielectrics. We confirm that the drain current of MOSFETs temporally fluctuates in circuit-level simulations. The fluctuations of RTN are different in MOSFETs. RTN affects the frequency characteristics of ring oscillators (ROs). The distribution of RTN-induced frequency fluctuations has a long-tail in a HK process. The RTN model applied to the bimodal can replicate a long-tail distribution. Our proposed method can estimate the temporal impact of RTN including multiple transistors.

    Download PDF (2246K)
  • Jun SHIOMI, Tohru ISHIHARA, Hidetoshi ONODERA
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2764-2775
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Scaling supply voltage (VDD) and threshold voltage (Vth) dynamically has a strong impact on energy efficiency of CMOS LSI circuits. Techniques for optimizing VDD and Vth simultaneously under dynamic workloads are thus widely investigated over the past 15 years. In this paper, we refer to the optimum pair of VDD and Vth, which minimizes the energy consumption of a circuit under a specific performance constraint, as a minimum energy point (MEP). Based on the simple transregional models of a CMOS circuit, this paper derives a simple necessary and sufficient condition for the MEP operation. The simple condition helps find the MEP of CMOS circuits. Measurement results using standard-cell based memories (SCMs) fabricated in a 65-nm process technology also validate the condition derived in this paper.

    Download PDF (2058K)
  • Shu HOKIMOTO, Tohru ISHIHARA, Hidetoshi ONODERA
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2776-2784
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Scaling the supply voltage (Vdd) and threshold voltage (Vth) for minimizing the energy consumption of processors dynamically is highly desired for applications such as wireless sensor network and Internet of Things (IoT). In this paper, we refer to the pair of Vdd and Vth, which minimizes the energy consumption of the processor under a given operating condition, as a minimum energy point (MEP in short). Since the MEP is heavily dependent on an operating condition determined by a chip temperature, an activity factor, a process variation, and a performance required for the processor, it is not very easy to closely track the MEP at runtime. This paper proposes a simple but effective algorithm for dynamically tracking the MEP of a processor under a wide range of operating conditions. Gate-level simulation of a 32-bit RISC processor in a 65nm process demonstrates that the proposed algorithm tracks the MEP under a situation that operating condition widely vary.

    Download PDF (1424K)
  • Yusuke YOSHIDA, Kimiyoshi USAMI
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2785-2796
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper describes a design of energy-efficient Standard Cell Memory (SCM) using Silicon-on-Thin-BOX (SOTB). We present automatic place and routing (P&R) methodology for optimal body-bias separation (BBS) for SCM, which enables to apply different body bias voltages to latches and to other peripheral circuits within SCM. Capability of SOTB to effectively reduce leakage by body biasing is fully exploited in BBS. Simulation results demonstrated that our approach allows us to design SCM with 40% smaller energy dissipation at the energy minimum voltage as compared to the conventional design flow. For the process and temperature variations, Adaptive Body Bias (ABB) for SCM with our BBS provided 70% smaller leakage energy than ABB for the conventional SCM, while achieving the same clock frequency.

    Download PDF (3855K)
  • Song BIAN, Shumpei MORITA, Michihiro SHINTANI, Hiromitsu AWANO, Masayu ...
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2797-2806
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    As technology further scales semiconductor devices, aging-induced device degradation has become one of the major threats to device reliability. In addition, aging mechanisms like the negative bias temperature instability (NBTI) are known to be sensitive to workload (i.e., signal probability) that is hard to be assumed at design phase. In this work, we analyze the workload dependence of NBTI degradation using a processor, and propose a novel technique to estimate the worst-case paths. In our approach, we exploit the fact that the deterministic nature of circuit structure limits the amount of NBTI degradation on different paths, and propose a two-stage path extraction algorithm to identify the invariant critical paths (ICPs) in the processor. Utilizing these paths, we also propose an optimization technique for the replacement of internal node control logic that mitigates the NBTI degradation in the design. Through numerical experiment on two processor designs, we achieved nearly 300x reduction in the sheer number of paths on both designs. Utilizing the extracted ICPs, we achieved 96x-197x speedup without loss in mitigation gain.

    Download PDF (1338K)
  • Hiromitsu AWANO, Takashi SATO
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2807-2815
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    A circuit-aging simulation that efficiently calculates temporal change of rare circuit-failure probability is proposed. While conventional methods required a long computational time due to the necessity of conducting separate calculations of failure probability at each device age, the proposed Monte Carlo based method requires to run only a single set of simulation. By applying the augmented reliability and subset simulation framework, the change of failure probability along the lifetime of the device can be evaluated through the analysis of the Monte Carlo samples. Combined with the two-step sample generation technique, the proposed method reduces the computational time to about 1/6 of that of the conventional method while maintaining a sufficient estimation accuracy.

    Download PDF (689K)
  • Yuichi TANJI
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2816-2823
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    An efficient reciprocity and passivity preserving balanced truncation for RLC networks is presented in this paper. Reciprocity and passivity are fundamental principles of linear passive networks. Hence, reduction with preservation of reciprocity and passivity is necessary to simulate behavior of the circuits including the RLC networks accurately and stably. Moreover, the proposed method is more efficient than the previous balanced truncation methods, because sparsity patterns of the coefficient matrices for the circuit equations of the RLC networks are fully available. In the illustrative examples, we will show that the proposed method is compatible with PRIMA, which is known as a general reduction method of RLC networks, in efficiency and used memory, and is more accurate at high frequencies than PRIMA.

    Download PDF (432K)
  • Masayoshi YOSHIMURA, Yoshiyasu TAKAHASHI, Hiroshi YAMAZAKI, Toshinori ...
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2824-2833
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    High power dissipation can occur by high launch-induced switching activity when the response to a test pattern is captured by flip-flops (FFs) in at-speed scan testing, resulting in excessive IR drop. IR drop may cause significant capture-induced yield loss in the deep submicron era. It is known that test modification methods using X-identification and X-filling are effective to reduce power dissipation in the capture cycle. Conventional low power dissipation oriented X-filling methods consecutively select FFs and assign values to decrease the number of transitions on the FFs. In this paper, we propose a novel low power dissipation oriented X-filling method using SAT Solvers that conducts simultaneous X-filling for some FFs. We also proposed a selection order of FFs based on a correlation coefficient between transitions of FFs and power dissipation. Experimental results show that the proposed method was effective for ISCAS'89 and ITC'99 benchmark circuits compared with justification-probability-based fill.

    Download PDF (1928K)
  • Daiki AZUMA, Shuji TSUKIYAMA
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2834-2841
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In statistical approaches such as statistical static timing analysis, the distribution of the maximum of plural distributions is computed by repeating a maximum operation of two distributions. Moreover, since each distribution is represented by a linear combination of several explanatory random variables so as to handle correlations efficiently, sensitivity of the maximum of two distributions to each explanatory random variable, that is, covariance between the maximum and an explanatory random variable, must be calculated in every maximum operation. Since distribution of the maximum of two Gaussian distributions is not a Gaussian, Gaussian mixture model is used for representing a distribution. However, if Gaussian mixture models are used, then it is not always possible to make both variance and covariance of the maximum correct simultaneously. We propose a new algorithm to determine covariance without deteriorating the accuracy of variance of the maximum, and show experimental results to evaluate its performance.

    Download PDF (1222K)
  • Hiroyuki YOTSUYANAGI, Kotaro ISE, Masaki HASHIZUME, Yoshinobu HIGAMI, ...
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2842-2850
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Small delay caused by a resistive open is difficult to test since circuit delay varies depending on various factors such as process variations and crosstalk even in fault-free circuits. We consider the problem of discriminating a resistive open by anomaly detection using delay distributions obtained by the effect of various input signals provided to adjacent lines. We examined the circuit delay in a fault-free circuit and a faulty circuit by applying electromagnetic simulator and circuit simulator for a line structure with adjacent lines under consideration of process variations. The effectiveness of the method that discriminates a resistive open is shown for the results obtained by the simulation.

    Download PDF (1273K)
  • Kunihiro FUJIYOSHI, Takahisa IMANO
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2851-2856
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Photo Diode Array (PDA) is the key semiconductor component expected to produce specified output voltage in photo couplers and photo sensors when the light is on. PDA partitioning problem, which is to design PDA, is: Given die area, anode and cathode points, divide the area into N cells, with identical areas, connected in series from anode to cathode. In this paper, we first make restrictions for the problem and reveal the underlying properties of necessary and sufficient conditions for the existence of solutions when the restrictions are satisfied. Then, we propose a method to solve the problem using recursive algorithm, which can be guaranteed to obtain a solution in polynomial time.

    Download PDF (879K)
  • Kento HASEGAWA, Masao YANAGISAWA, Nozomu TOGAWA
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2857-2868
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    It has been reported that malicious third-party IC vendors often insert hardware Trojans into their IC products. How to detect them is a critical concern in IC design process. Machine-learning-based hardware-Trojan detection gives a strong solution to tackle this problem. Hardware-Trojan infected nets (or Trojan nets) in ICs must have particular Trojan-net features, which differ from those of normal nets. In order to classify all the nets in a netlist designed by third-party vendors into Trojan nets and normal ones by machine learning, we have to extract effective Trojan-net features from Trojan nets. In this paper, we first propose 51 Trojan-net features which describe well Trojan nets. After that, we pick up random forest as one of the best candidates for machine learning and optimize it to apply to hardware-Trojan detection. Based on the importance values obtained from the optimized random forest classifier, we extract the best set of 11 Trojan-net features out of the 51 features which can effectively classify the nets into Trojan ones and normal ones, maximizing the F-measures. By using the 11 Trojan-net features extracted, our optimized random forest classifier has achieved at most 100% true positive rate as well as 100% true negative rate in several Trust-HUB benchmarks and obtained the average F-measure of 79.3% and the accuracy of 99.2%, which realize the best values among existing machine-learning-based hardware-Trojan detection methods.

    Download PDF (1238K)
  • Jianbin ZHOU, Dajiang ZHOU, Li GUO, Takeshi YOSHIMURA, Satoshi GOTO
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2869-2877
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper presents a measurement-domain intra prediction coding framework that is compatible with compressive sensing (CS)-based image sensors. In this framework, we propose a low-complexity intra prediction algorithm that can be directly applied to measurements captured by the image sensor. We proposed a structural random 0/1 measurement matrix, embedding the block boundary information that can be extracted from the measurements for intra prediction. Furthermore, a low-cost Very Large Scale Integration (VLSI) architecture is implemented for the proposed framework, by substituting the matrix multiplication with shared adders and shifters. The experimental results show that our proposed framework can compress the measurements and increase coding efficiency, with 34.9% BD-rate reduction compared to the direct output of CS-based sensors. The VLSI architecture of the proposed framework is 9.1 Kin area, and achieves the 83% reduction in size of memory bandwidth and storage for the line buffer. This could significantly reduce both the energy consumption and bandwidth in communication of wireless camera systems, which are expected to be massively deployed in the Internet of Things (IoT) era.

    Download PDF (3347K)
  • Seiji MOCHIZUKI, Katsushige MATSUBARA, Keisuke MATSUMOTO, Chi Lan Phuo ...
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2878-2887
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    A 197mW 70ms-latency Full-HD 12-channel video-processing SoC for in-vehicle information systems has been implemented in 16nm CMOS. The SoC integrates 17 video processors of 6 types to operate video processing independently of other processing in CPU/GPU. The synchronous scheme between the video processors achieves 70ms low-latency for driver assistance. The optimized implementation of lossy and lossless video-data compression reduces memory access data by half and power consumption by 20%.

    Download PDF (4556K)
  • Yu SUZUKI, Masato ITO, Satoshi KANDA, Kousuke IMAMURA, Yoshio MATSUDA, ...
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2888-2900
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper describes the design and implementation of a real-time optical flow processor using a single field-programmable gate array (FPGA) chip. By introducing the modified initial flow generation method, the successive over-relaxation (SOR) method for both layers, the optimization of the reciprocal operation method, and the image division method, it is now possible to both reduce hardware requirements and improve flow accuracy. Additionally, by introducing a pipeline structure to this processor, high-throughput hardware implementation could be achieved. Total logic cell (LC) amounts and processer memory capacity are reduced by about 8% and 16%, respectively, compared to our previous hierarchical optical flow estimation (HOE) processor. The results of our evaluation confirm that this processor can perform 30 fps wide extended graphics array (WXGA) 175.7MHz real-time optical flow processing with a single FPGA.

    Download PDF (4406K)
  • Chien-Hui LIAO, Charles H.-P. WEN
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2901-2910
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Hotspots occur frequently in 3D multi-core processors (3D-MCPs), and they may adversely impact both the reliability and lifetime of a system. We present a new thermally constrained task scheduler based on a thermal-pattern-aware voltage assignment (TPAVA) to reduce hotspots in and optimize the performance of 3D-MCPs. By analyzing temperature profiles of different voltage assignments, TPAVA pre-emptively assigns different initial operating-voltage levels to cores for reducing temperature increase in 3D-MCPs. The proposed task scheduler consists of an on-line allocation strategy and a new voltage-scaling strategy. In particular, the proposed on-line allocation strategy uses the temperature-variation rates of the cores and takes into two important thermal behaviors of 3D-MCPs that can effectively minimize occurrences of hotspots in both thermally homogeneous and heterogeneous 3D-MCPs. Furthermore, a new vertical-grouping voltage scaling (VGVS) strategy that considers thermal correlation in 3D-MCPs is used to handle thermal emergencies. Experimental results indicate that, when compared to a previous online thermally constrained task scheduler, the proposed task scheduler can reduce hotspot occurrences by approximately 66% (71%) and improve throughput by approximately 8% (2%) in thermally homogeneous (heterogeneous) 3D-MCPs. These results indicate that the proposed task scheduler is an effective technique for suppressing hotspot occurrences and optimizing throughput for 3D-MCPs subject to thermal constraints.

    Download PDF (2690K)
  • Kotaro TERADA, Masao YANAGISAWA, Nozomu TOGAWA
    Type: PAPER
    2017 Volume E100.A Issue 12 Pages 2911-2924
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    As application hardware designs and implementations in a short term are required, high-level synthesis is more and more essential EDA technique nowadays. In deep-submicron era, interconnection delays are not negligible even in high-level synthesis thus distributed-register and -controller architectures (DR architectures) have been proposed in order to cope with this problem. It is also profitable to take data-bitwidth into account in high-level synthesis. In this paper, we propose a bitwidth-aware high-level synthesis algorithm using operation chainings targeting Tiled-DR architectures. Our proposed algorithm optimizes bitwidths of functional units and utilizes the vacant tiles by adding some extra functional units to realize effective operation chainings to generate high performance circuits without increasing the total area. Experimental results show that our proposed algorithm reduces the overall latency by up to 47% compared to the conventional approach without area overheads by eliminating unnecessary bitwidths and adding efficient extra FUs for Tiled-DR architectures.

    Download PDF (2460K)
Regular Section
  • Takumi KIMURA, Norikazu TAKAHASHI
    Type: PAPER
    Subject area: Digital Signal Processing
    2017 Volume E100.A Issue 12 Pages 2925-2935
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Nonnegative Matrix Factorization (NMF) with sparseness and smoothness constraints has attracted increasing attention. When these properties are considered, NMF is usually formulated as an optimization problem in which a linear combination of an approximation error term and some regularization terms must be minimized under the constraint that the factor matrices are nonnegative. In this paper, we focus our attention on the error measure based on the Euclidean distance and propose a new iterative method for solving those optimization problems. The proposed method is based on the Hierarchical Alternating Least Squares (HALS) algorithm developed by Cichocki et al. We first present an example to show that the original HALS algorithm can increase the objective value. We then propose a new algorithm called the Gauss-Seidel HALS algorithm that decreases the objective value monotonically. We also prove that it has the global convergence property in the sense of Zangwill. We finally verify the effectiveness of the proposed algorithm through numerical experiments using synthetic and real data.

    Download PDF (698K)
  • Takafumi KATAYAMA, Tian SONG, Wen SHI, Gen FUJITA, Xiantao JIANG, Taka ...
    Type: PAPER
    Subject area: Digital Signal Processing
    2017 Volume E100.A Issue 12 Pages 2936-2947
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Scalable high efficiency video coding (SHVC) can provide variable video quality according to terminal devices. However, the computational complexity of SHVC is increased by introducing new techniques based on high efficiency video coding (HEVC). In this paper, a hardware oriented low complexity algorithm is proposed. The hardware oriented proposals have two key points. Firstly, the coding unit depth is determined by analyzing the boundary correlation between coding units before encoding process starts. Secondly, the redundant calculation of R-D optimization is reduced by adaptively using the information of the neighboring coding units and the co-located units in the base layer. The simulation results show that the proposed algorithm can achieve over 62% computation complexity reduction compared to the original SHM11.0. Compared with other related work, over 11% time saving have been achieved without PSNR loss. Furthermore, the proposed algorithm is hardware friendly which can be implemented in a small area.

    Download PDF (2354K)
  • Xueqin ZHENG, Xiaoxiong CHEN, Tung-Chin PAN
    Type: PAPER
    Subject area: Systems and Control
    2017 Volume E100.A Issue 12 Pages 2948-2955
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper aims to improve the ability of low voltage ride through (LVRT) of doubly-fed induction generation (DFIG) under the asymmetric grid fault. The traditional rotor of the Crowbar device requires a large reactive support during the period of protection, which causes large fluctuations to the reactive power of the output grid while cut in and off for Crowbar. This case would influence the quality and efficiency of entire power system. In order to solve the fluctuation of reactive power and the stability of the wind power system, this paper proposes the coordinated control of the fuzzy-neural D-STATCOM and the rotor of the Crowbar. The simulation results show that the system has the performance of the rotor current with faster decay and faster dynamic response, high steady-state characteristic during the grid fault, which improve the ability of LVRT of DFIG.

    Download PDF (3753K)
  • Zhe GUAN, Shin WAKITANI, Ikuro MIZUMOTO, Toru YAMAMOTO
    Type: PAPER
    Subject area: Systems and Control
    2017 Volume E100.A Issue 12 Pages 2956-2962
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    This paper considers a design method of a discrete-time adaptive output feedback control system with a feedforward input based on almost strict positive realness (ASPR-ness). The proposed scheme utilizes the property of ASPR of the controlled plant, and the reference signal is used as feedforward input. The parallel feedforward compensator (PFC) which renders an ASPR augmented controlled plant is also investigated. Besides, it is shown that the output of original plant can track reference signal perfectly without any steady state error. The effectiveness of the proposed scheme is confirmed through a pilot-scale temperature control system.

    Download PDF (1731K)
  • Yuntao LIAO, Takuya KINOSHITA, Kazushige KOIWAI, Toru YAMAMOTO
    Type: PAPER
    Subject area: Systems and Control
    2017 Volume E100.A Issue 12 Pages 2963-2971
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    In industrial control processes, control performance influences the quality of products and utilization efficiency of energy; hence, the controller is necessarily designed according to user-desired control performance. Ideal control performance requires fast response for transient state and maintaining user-specified control performance for steady state. Hence, an algorithm to tune controller parameters to match the requirements for transient state and steady state is proposed. Considering the partial learning ability of the cerebellar model articulation controller (CMAC) neural network, it is utilized as a “tuner” of controller parameters in this study, since then the controller parameters can be tuned in both transient and steady states. Moreover, the fictitious reference iterative tuning (FRIT) algorithm is combined with CMAC in order to avoid problems, which may be caused by system modeling error and by using only a set of closed-loop data, the desired controller can be calculated in an off-line manner. In addition, the controller selected is a proportional-integral-derivative (PID) controller. Finally, the effectiveness of the proposed method is numerically verified by using some simulation and experimental examples.

    Download PDF (2082K)
  • Shanlin XIAO, Tsuyoshi ISSHIKI, Dongju LI, Hiroaki KUNIEDA
    Type: PAPER
    Subject area: VLSI Design Technology and CAD
    2017 Volume E100.A Issue 12 Pages 2972-2984
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    Object detection is an essential and expensive process in many computer vision systems. Standard off-the-shelf embedded processors are hard to achieve performance-power balance for implementation of object detection applications. In this work, we explore an Application Specific Instruction set Processor (ASIP) for object detection using Histogram of Oriented Gradients (HOG) feature. Algorithm simplifications are adopted to reduce memory bandwidth requirements and mathematical complexity without losing reliability. Also, parallel histogram generation and on-the-fly Support Vector Machine (SVM) calculation architecture are employed to reduce the necessary cycle counts. The HOG algorithm on the proposed ASIP was accelerated by a factor of 63x compared to the pure software implementation. The ASIP was synthesized for a standard 90nm CMOS library, with a silicon area of 1.31mm2 and 47.8mW power consumption at a 200MHz frequency. Our object detection processor can achieve 42 frames-per-second (fps) on VGA video. The evaluation and implementation results show that the proposed ASIP is both area-efficient and power-efficient while being competitive with commercial CPUs/DSPs. Furthermore, our ASIP exhibits comparable performance even with hard-wire designs.

    Download PDF (2101K)
  • HyungChul KANG, Deukjo HONG, Jaechul SUNG, Seokhie HONG
    Type: PAPER
    Subject area: Cryptography and Information Security
    2017 Volume E100.A Issue 12 Pages 2985-2990
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    We present the first known-key attack on SM4, which is the Chinese standard block cipher made for the wireless LAN WAPI. We make a known-key distinguisher using rebound techniques with the time complexity of 212.75. Then, with the distinguisher, we provide near-collision attacks on MMO and MP hash modes of SM4. Precisely, we find a 104-bit near-collision for 13 rounds of SM4 with the time complexity of 213.30 and a 32-bit near-collision for 17 rounds of SM4 with the time complexity of 212.91. They are much more efficient than generic attacks for the case of random permutation.

    Download PDF (2269K)
  • Yukou KOBAYASHI, Naoto YANAI, Kazuki YONEYAMA, Takashi NISHIDE, Goichi ...
    Type: PAPER
    Subject area: Cryptography and Information Security
    2017 Volume E100.A Issue 12 Pages 2991-3006
    Published: December 01, 2017
    Released: December 01, 2017
    JOURNALS RESTRICTED ACCESS

    By using Password-based Authenticated Key Exchange (PAKE), a server can authenticate a user who has only the same password shared with the server in advance and establish a session key with the user simultaneously. However, in the real applications, we may have a situation where a user needs to share a session key with server A, but the authentication needs to be done by a different server B that shares the password with the user. Further, to achieve higher security on the server side, it may be required to make PAKE tolerant of a server breach by having multiple authentication servers. To deal with such a situation, Abdalla et al. proposed a variant of PAKE called Gateway Threshold PAKE (GTPAKE) where a gateway corresponds to the aforementioned server A being an on-line service provider and also a potential adversary that may try to guess the passwords. However, the schemes of Abdalla et al. turned out to be vulnerable to Undetectable On-line Dictionary Attack (UDonDA). In this paper, we propose the first GTPAKE provably secure against UDonDA, and in the security analysis, we prove that our GTPAKE is secure even if an adversary breaks into parts of multiple authentication servers.

    Download PDF (2246K)
feedback
Top