IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Volume E102.A, Issue 1

Token Model and Interpretation Function for Blockchain-Based FinTech Applications

Financial Technology (FinTech) is considered a taxonomy that describes a wide range of ICT (information and communications technology) associated with financial transactions and related operations. Improvement of service quality is the main issue addressed in this taxonomy, and there are a large number of emerging technologies including blockchain-based cryptocurrencies and smart contracts. Due to its innovative nature in accounting, blockchain can also be used in lots of other FinTech contexts where token models play an important role for financial engineering. This paper revisits some of the key concepts accumulated behind this trend, and shows a generalized understanding of the technology using an adapted stochastic process. With a focus on financial instruments using blockchain, research directions toward stable applications are identified with the help of a newly proposed stabilizer: interpretation function of token valuation. The idea of adapted stochastic process is essential for the stabilizer, too.

Towards Reducing the Gap between Cryptography and Its Usage

ICT development progresses, and many cryptographic algorithms are used. The most of cryptographic algorithms require assumptions to guarantee their security, but it is sometimes not clearly written. This causes many problems. This paper shows previous cases, and suggests to concede cryptographers and system developer each other from an industrial cryptographers viewpoint.

Meet-in-the-Middle Key Recovery Attacks on a Single-Key Two-Round Even-Mansour Cipher

We propose new key recovery attacks on the two-round single-key n-bit Even-Mansour ciphers (2SEM) that are secure up to 2^2n/3 queries against distinguishing attacks proved by Chen et al. Our attacks are based on the meet-in-the-middle technique which can significantly reduce the data complexity. In particular, we introduce novel matching techniques which enable us to compute one of the two permutations without knowing a part of the key information. Moreover, we present two improvements of the proposed attack: one significantly reduces the data complexity and the other reduces the time complexity. Compared with the previously known attacks, our attack first breaks the birthday barrier on the data complexity although it requires chosen plaintexts. When the block size is 64 bits, our attack reduces the required data from 2⁴⁵ known plaintexts to 2²⁶ chosen plaintexts with keeping the time complexity required by the previous attacks. Furthermore, by increasing the time complexity up to 2⁶², the required data is further reduced to 2⁸, and DT=2⁷⁰, where DT is the product of data and time complexities. We show that our data-optimized attack requires DT=2ⁿ⁺⁶ in general cases. Since the proved lower bound on DT for the single-key one-round n-bit Even-Mansour ciphers is 2ⁿ, our results imply that adding one round to one-round constructions does not sufficiently improve the security against key recovery attacks. Finally, we propose a time-optimized attacks on 2SEM in which, we aim to minimize the number of the invocations of internal permutations.

On Quantum Related-Key Attacks on Iterated Even-Mansour Ciphers

It has been said that security of symmetric key schemes is not so much affected by quantum computers, compared to public key schemes. However, recent works revealed that, in some specific situations, symmetric key schemes are also broken in polynomial time by adversaries with quantum computers. These works contain a quantum distinguishing attack on 3-round Feistel ciphers and a quantum key recovery attack on the Even-Mansour cipher by Kuwakado and Morii, in addition to the quantum forgery attack on CBC-MAC which is proposed independently by Kaplan et al., and by Santoli and Schaffner. Iterated Even-Mansour cipher is a simple but important block cipher, which can be regarded as an idealization of AES. Whether there exists an efficient quantum algorithm that can break iterated Even-Mansour cipher with independent subkeys is an important problem from the viewpoint of analyzing post-quantum security of block ciphers. Actually there is an efficient quantum attack on iterated Even-Mansour cipher by Kaplan et al., but their attack can only be applied in the case that all subkeys are the same. This paper shows that there is a polynomial time quantum algorithm that recovers partial keys of the iterated Even-Mansour cipher with independent subkeys, in a related-key setting. The related-key condition is somewhat strong, but our algorithm can recover subkeys with two related oracles. In addition, we also show that our algorithm can recover all keys of the i-round iterated Even-Mansour cipher, if we are allowed to access i related quantum oracles. To realize quantum related-key attacks, we extend Simon's quantum algorithm so that we can recover the hidden period of a function that is periodic only up to constant. Our technique is to take differential of the target function to make a double periodic function, and then apply Simon's algorithm.

Optimizing Online Permutation-Based AE Schemes for Lightweight Applications

We explore ways to optimize online, permutation-based authenticated encryption (AE) schemes for lightweight applications. The lightweight applications demand that AE schemes operate in resource-constrained environments, which raise two issues: 1) implementation costs must be low, and 2) ensuring proper use of a nonce is difficult due to its small size and lack of randomness. Regarding the implementation costs, recently it has been recognized that permutation-based (rather than block-cipher-based) schemes frequently show advantages. However, regarding the security under nonce misuse, the standard permutation-based duplex construction cannot ensure confidentiality. There exists one permutation-based scheme named APE which offers certain robustness against nonce misuse. Unfortunately, the APE construction has several drawbacks such as ciphertext expansion and bidirectional permutation circuits. The ciphertext expansion would require more bandwidth, and the bidirectional circuits would require a larger hardware footprint. In this paper, we propose new constructions of online permutation-based AE that require less bandwidth, a smaller hardware footprint and lower computational costs. We provide security proofs for the new constructions, demonstrating that they are as secure as the APE construction.

Multi-Service Oriented Stream Data Synchronization Scheme for Multicore Cipher Chips

In cloud computing environments, data processing systems with strong and stochastic stream data processing capabilities are highly desired by multi-service oriented computing-intensive applications. The independeny of different business data streams makes these services very suitable for parallel processing with the aid of multicore processors. Furthermore, for the random crossing of data streams between different services, data synchronization is required. Aiming at the stochastic cross service stream, we propose a hardware synchronization mechanism based on index tables. By using a specifically designed hardware synchronization circuit, we can record the business index number (BIN) of the input and output data flow of the processing unit. By doing so, we can not only obtain the flow control of the job package accessing the processing units, but also guarantee that the work of the processing units is single and continuous. This approach overcomes the high complexity and low reliability of the programming in the software synchronization. As demonstrated by numerical experiment results, the proposed scheme can ensure the validity of the cross service stream, and its processing speed is better than that of the lock-based synchronization scheme. This scheme is applied to a cryptographic server and accelerates the processing speed of the cryptographic service.

An ASIC Crypto Processor for 254-Bit Prime-Field Pairing Featuring Programmable Arithmetic Core Optimized for Quadratic Extension Field

An ASIC crypto processor optimized for the 254-bit prime-field optimal-ate pairing over Barreto-Naehrig (BN) curve is proposed. The data path of the proposed crypto processor is designed to compute five F_p² operations, a multiplication, three addition/subtractions, and an inversion, simultaneously. We further propose a design methodology to automate the instruction scheduling by using a combinatorial optimization solver, with which the total cycle count is reduced to 1/2 compared with ever reported. The proposed crypto processor is designed and fabricated by using a 65nm silicon-on-thin-box (SOTB) CMOS process. The chip measurement result shows that the fabricated chip successfully computes a pairing in 0.185ms when a typical operating voltage of 1.20V is applied, which corresponds to 2.8× speed up compared to the current state-of-the-art pairing implementation on ASIC platform.

Improvement of Anomaly Detection Performance Using Packet Flow Regularity in Industrial Control Networks

Since cyber attacks such as cyberterrorism against Industrial Control Systems (ICSs) and cyber espionage against companies managing them have increased, the techniques to detect anomalies in early stages are required. To achieve the purpose, several studies have developed anomaly detection methods for ICSs. In particular, some techniques using packet flow regularity in industrial control networks have achieved high-accuracy detection of attacks disrupting the regularity, i.e. normal behaviour, of ICSs. However, these methods cannot identify scanning attacks employed in cyber espionage because the probing packets assimilate into a number of normal ones. For example, the malware called Havex is customised to clandestinely acquire information from targeting ICSs using general request packets. The techniques to detect such scanning attacks using widespread packets await further investigation. Therefore, the goal of this study was to examine high performance methods to identify anomalies even if elaborate packets to avoid alert systems were employed for attacks against industrial control networks. In this paper, a novel detection model for anomalous packets concealing behind normal traffic in industrial control networks was proposed. For the proposal of the sophisticated detection method, we took particular note of packet flow regularity and employed the Markov-chain model to detect anomalies. Moreover, we regarded not only original packets but similar ones to them as normal packets to reduce false alerts because it was indicated that an anomaly detection model using the Markov-chain suffers from the ample false positives affected by a number of normal, irregular packets, namely noise. To calculate the similarity between packets based on the packet flow regularity, a vector representation tool called word2vec was employed. Whilst word2vec is utilised for the culculation of word similarity in natural language processing tasks, we applied the technique to packets in ICSs to calculate packet similarity. As a result, the Markov-chain with word2vec model identified scanning packets assimulating into normal packets in higher performance than the conventional Markov-chain model. In conclusion, employing both packet flow regularity and packet similarity in industrial control networks contributes to improving the performance of anomaly detection in ICSs.

Elliptic Curve Method Using Complex Multiplication Method

In 2017, Shirase proposed a variant of Elliptic Curve Method combined with Complex Multiplication method for generating certain special kinds of elliptic curves. His algorithm can efficiently factorize a given composite integer when it has a prime factor p of the form 4p=1+Dv² for some integer v, where -D is an auxiliary input integer called a discriminant. However, there is a disadvantage that the previous method works only for restricted cases where the class polynomial associated to -D has degree at most two. In this paper, we propose a generalization of the previous algorithm to the cases of class polynomials having arbitrary degrees, which enlarges the class of composite integers factorizable by our algorithm. We also extend the algorithm to more various cases where we have 4p=t²+Dv² and p+1-t is a smooth integer.

Proxy Re-Encryption That Supports Homomorphic Operations for Re-Encrypted Ciphertexts

Homomorphic encryption (HE) is useful to analyze encrypted data without decrypting it. However, by using ordinary HE, a user who can decrypt a ciphertext that is generated by executing homomorphic operations, can also decrypt ciphertexts on which homomorphic evaluations have not been performed, since homomorphic operations cannot be executed among ciphertexts which are encrypted under different public keys. To resolve the above problem, we introduce a new cryptographic primitive called Homomorphic Proxy Re-Encryption (HPRE) combining the “key-switching” property of Proxy Re-Encryption (PRE) and the homomorphic property of HE. In our HPRE, original ciphertexts (which have not been re-encrypted) guarantee CCA2 security (and in particular satisfy non-malleability). On the other hand, re-encrypted ciphertexts only guarantee CPA security, so that homomorphic operations can be performed on them. We define the functional/security requirements of HPRE, and then propose a specific construction supporting the group operation (over the target group in bilinear groups) based on the PRE scheme by Libert and Vergnaud (PKC 2008) and the CCA secure public key encryption scheme by Lai et al. (CT-RSA 2010), and prove its security in the standard model. Additionally, we show two extensions of our HPRE scheme for the group operation: an HPRE scheme for addition and an HPRE scheme for degree-2 polynomials (in which the number of degree-2 terms is constant), by using the technique of the recent work by Catalano and Fiore (ACMCCS 2015).

How to Watermark Cryptographic Functions by Bilinear Maps

We introduce a notion of watermarking for cryptographic functions and propose a concrete scheme for watermarking cryptographic functions. Informally speaking, a digital watermarking scheme for cryptographic functions embeds information, called a mark, into functions such as one-way functions and decryption functions of public-key encryption. There are two basic requirements for watermarking schemes. A mark-embedded function must be functionally equivalent to the original function. It must be difficult for adversaries to remove the embedded mark without damaging the original functionality. In spite of its importance and usefulness, there have only been a few theoretical works on watermarking for functions (or programs). Furthermore, we do not have rigorous definitions of watermarking for cryptographic functions and concrete constructions. To solve the problem above, we introduce a notion of watermarking for cryptographic functions and define its security. Furthermore, we present a lossy trapdoor function (LTF) based on the decisional bilinear Diffie-Hellman problem problem and a watermarking scheme for the LTF. Our watermarking scheme is secure under the symmetric external Diffie-Hellman assumption in the standard model. We use techniques of dual system encryption and dual pairing vector spaces (DPVS) to construct our watermarking scheme. This is a new application of DPVS.

No-Dictionary Searchable Symmetric Encryption

In the model of no-dictionary searchable symmetric encryption (SSE) schemes, the client does not need to keep the list of keywords W. In this paper, we first show a generic method to transform any passively secure SSE scheme to a no-dictionary SSE scheme such that the client can verify search results even if w ∉ W. In particular, it takes only O(1) time for the server to prove that w ∉ W. We next present a no-dictionary SSE scheme such that the client can hide even the search pattern from the server.

On Fail-Stop Signature Schemes with H-EUC Security

Fail-Stop Signature (FSS) scheme is a signature scheme which satisfies unforgeability even against a forger with super-polynomial computational power (i.e. even against a forger who can compute acceptable signatures) and non-repudiability against a malicious signer with probabilistic polynomial time computational power (i.e. a PPT malicious signer). In this paper, under some settings, the equivalence relation has been derived between a set of security properties when single FSS scheme is used singly and a security property called Universally Composable (UC) security when plural FSS schemes are concurrently used. Here, UC security is a security property guaranteeing that even when plural schemes are concurrently used, security properties of each scheme (for single scheme usage) are preserved. The above main settings are as follows. Firstly, H-EUC (Externalized UC) security is introduced instead of “conventional” UC security, where a new helper functionality H is constructed appropriately. It is because that we can derive “conventional” UC security cannot hold for FSS schemes when malicious parties (e.g. a forger and a malicious signer) have super-polynomial computational power. In the environment where the above helper functionality H is used, all parties are PPT, but only a forger may compute acceptable signatures by obtaining some additional information from H. Secondly, the definition of unforgeability (in a set of security properties for single FSS scheme usage) is revised to match the above environment. The above equivalence relation derived under the above settings guarantees that even when plural FSS schemes are concurrently used, those security properties for single scheme usage are preserved, provided that some conditions hold. In particular, the equivalence relation in this paper has originality in terms of guaranteeing that unforgeability is preserved even against a forger who is PPT but may compute acceptable signatures. Furthermore, it has been firstly proved in this paper that H-EUC security holds for an existing instantiation of an FSS scheme by Mashatan et al. From this, it can be said that the equivalence relation shown in this paper is practical.

Post-Quantum Security of IGE Mode Encryption in Telegram

IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.

On Searching Maximal-Period Dynamic LFSRs With at Most Four Switches

Dynamic linear feedback shift registers (DLFSRs) are a scheme to transfer from one LFSR to another. In cryptography each LFSR included in a DLFSR should generate maximal-length sequences, and the number of switches transferring LFSRs should be small for efficient performance. This corresponding addresses on searching such conditioned DLFSRs. An efficient probabilistic algorithm is given to find such DLFSRs with two or four switches, and it is proved to succeed with nonnegligible probability.

Practical Performance and Prospect of Underwater Optical Wireless Communication

Underwater optical wireless communication has been merely a theory for a long time because light sources are too weak to use them as emitters for communications. In the past decade, however, underwater optical wireless communications have used laser diodes or light emitting diodes as emitters with visible light in high brightness with low power consumption. Recently, they have become practical. As described in this paper, recent trends of underwater optical wireless communication study, practical modems and prospective uses of underwater optical wireless communication are presented first. Next, optical characteristics of the seawater in various conditions are explained based on the experimental data measured using the profiler for underwater optics produced especially for this study. Then the prototype underwater optical wireless communication modem developed by our team is introduced. It was tested in several sea areas, which confirmed bi-directional communication in the 120m range at 20Mbps and a remote desktop connection between under water vehicles at 100m range. In addition, one modem was set in air; other was set in water. The modems mutually communicated directly through the sea surface.

Investigation into Symbol Error Rate of Multilevel Differential Polarization Shift Keying with Estimation of Inclined Polarization Axes

As a modulation scheme for optical wireless communication, there is MPolSK (multilevel polarization shift keying) that modulates a state of polarization of light. MPolSK has a problem that it is severely affected by mismatched polarization axes. Although MDPolSK (multilevel differential PolSK) can overcome the problem, it is susceptible to noise, and its SER (symbol error rate) degrades as compared to MPolSK. In this paper, we propose one kind of MDPolSK that estimates the mismatched polarization axes in the receiver. We analyzed SER of the proposed scheme by computer simulations. The result shows that the proposed scheme is not affected by the mismatched polarization axes, and it provides a good SER as compared to the conventional MDPolSK. In addition, we modified the constellation used in the proposed scheme to improve SER.

Filter-and-Forward-Based Full-Duplex Relaying in Frequency-Selective Channels

In this paper, we consider full-duplex (FD) relay networks with filter-and-forward (FF)-based multiple relays (FD-FF), where relay filters jointly mitigate self-interference (SI), inter-relay interference (IRI), and inter-symbol interference. We consider the filter design problem based on signal-to-noise-plus-interference ratio maximization subject to a total relay transmit power constraint. To make the problem tractable, we propose two methods: one that imposes an additional constraint whereby the filter responses to SI and IRI are nulled, and the other that makes i.i.d. assumptions on the relay transmit signals. Simulation results show that the proposed FD-FF scheme outperforms a conventional FF scheme in half-duplex mode. We also consider the filter design when only second-order statistics of channel path gains are available.

Random Access Control Scheme with Reservation Channel for Capacity Expansion of QZSS Safety Confirmation System

For capacity expansion of the Quasi-Zenith Satellite System (QZSS) safety confirmation system, frame slotted ALOHA with flag method has previously been proposed as an access control scheme. While it is always able to communicate in an optimum state, its maximum channel efficiency is only 36.8%. In this paper, we propose adding a reservation channel (R-Ch) to the frame slotted ALOHA with flag method to increase the upper limit of the channel efficiency. With an R-Ch, collision due to random channel selection is decreased by selecting channels in multiple steps, and the channel efficiency is improved up to 84.0%. The time required for accommodating 3 million mobile terminals, each sending one message, when using the flag method only and the flag method with an R-Ch are compared. It is shown that the accommodating time can be reduced to less than half by adding an R-Ch to the flag method.

Method for Detecting User Positions with Unmanned Aerial Vehicles Based on Doppler Shifts

Unmanned aircraft systems (UASs) have been developed and studied as temporal communication systems for emergency and rescue services during disasters, such as earthquakes and serious accidents. In a typical UAS model, several unmanned aerial vehicles (UAVs) are used to provide services over a large area. The UAV is comprised of a transmitter and receiver to transmit/receive the signals to/from terrestrial stations and terminals. Therefore, the carrier frequencies of the transmitted and received signals experience Doppler shifts due to the variations in the line-of-sight velocity between the UAV and the terrestrial terminal. Thus, by observing multiple Doppler shifts from different UAVs, it is possible to detect the position of a user that possesses a communication terminal for the UAS. This study aims to present a methodology for position detection based on the least-squares method to the Doppler shift frequencies. Further, a positioning accuracy index is newly proposed, which can be used as an index for measuring the position accurately, instead of the dilution-of-precision (DOP) method, which is used for global positioning systems (GPSs). A computer simulation was conducted for two different flight route models to confirm the applicability of the proposed positioning method and the positioning accuracy index. The simulation results confirm that the parameters, such as the flight route, the initial position, and velocity of the UAVs, can be optimized by using the proposed positioning accuracy index.

Positioning Method for Wireless LAN Based on RTK-GPS

This letter proposes a new positioning method for WLAN (Wireless Local Area Network) systems based on a principle of the RTK-GPS (Real Time Kinematic-Global Positioning System). The proposed method collects observations of the carrier phase at access points for a double phase difference of the RTK-GPS. We show a numerical example for evaluations of the proposed method considering the measurement error by computer simulations.

A 2-5GHz Wideband Inductorless Low Noise Amplifier for LTE and Intermediate-Frequency-Band 5G Applications

This paper presents a wideband inductorless noise-cancelling balun LNA with two gain modes, low NF, and high-linearity for LTE and intermediate-frequency-band (eg. 3.3-3.6GHz, 4.8-5GHz) 5G applications fabricated in 65nm CMOS. The proposed LNA is bonding tested and exhibits a minimum NF of 2.2dB and maximum IIP3 of -3.5dBm. Taking advantage of an off-chip bias inductor in CG stage and a cross-coupled buffer, the LNA occupies high operation frequency up to 5GHz with remarkable linearity and NF as well as compact area.

Phase-Difference Compensation and Nonuniform Pulse Transmission for Accurate Real-Time Moving Object Tracking

This paper presents a radio-based real-time moving object tracking method based on Kalman filtering using a phase-difference compensation technique and a non-uniform pulse transmission scheme. Conventional Kalman-based tracking methods often require time, amplitude, phase information and their derivatives for each receiver antenna; however, their location estimation accuracy does not become good even with many transmitting pulses. The presented method employs relative phase-difference information and a non-uniform pulse generation scheme, which can greatly reduce the number of transmitting pulses while preserving the tracking accuracy. Its performance is evaluated in comparison with that of conventional methods.

Circuit Scale Reduced N-Path Filters with Sampling Computation for Increased Harmonic Passband Rejection

A design method of the differential N-path filter with sampling computation is proposed. It enables the scale of the whole filter to be reduced by approximately half for easier realization. On top of that, the proposed method offers the ability to eliminate the harmonic passbands of the clock frequency and an increase of harmonic rejection. By using the proposed method, previous work involving an 8-path filter can be reduced to 5-path. The proposed differential 5-path filter reduces the scale of the circuit and at the same time has the performance of a 10-path filter from previous work. An example of differential 7-path filter using the same proposed design method is also stated in comparison of the differential 5-path filter. The differential 7-path filter offers the ability to eliminate all the passbands below 10 times the clock frequency with a tradeoff of an increase in circuit scale.

Asymptotic Stabilization of Nonholonomic Four-Wheeled Vehicle with Steering Limitation

In this paper, we propose a new asymptotically stabilizing control law for a four-wheeled vehicle with a steering limitation. We adopt a locally semiconcave control Lyapunov function (LS-CLF) for the system. To overcome the nonconvexity of the input-constraint set, we utilize a saturation function and a signum function in the control law. The signum function makes the vehicle velocity nonzero except at the origin so that the angular velocity can be manipulated within the input constraint. However, the signum function may cause a chattering phenomenon at certain points of the state far from the origin. Thus, we integrate a lazy-switching mechanism for the vehicle velocity into the control law. The mechanism makes a sign of the vehicle velocity maintain, and the new control input also decreases the value of the LS-CLF. We confirm the effectiveness of our method by a computer simulation and experiments.

Multi-Phase Synchronization Phenomena in a Ring-Coupled System of Digital Spiking Neurons

This paper studies synchronization phenomena in a ring-coupled system of digital spiking neurons. The neuron consists of two shift registers connected by a wiring circuit and can generate various spike-trains. Applying a spike based connection, the ring-coupled system is constructed. The ring-coupled system can generate multi-phase synchronization phenomena of various periodic spike-trains. Using a simple dynamic model, existence and stability of the synchronization phenomena are analyzed. Presenting a FPGA based test circuit, typical synchronization phenomena are confirmed experimentally.

New Distinguisher on Reduced-Round Keccak Sponge Function

The security analysis of Keccak, the winner of SHA-3, has attracted considerable interest. Recently, some attention has been paid to distinguishing Keccak sponge function from random permutation. In EUROCRYPT'17, Huang et al. proposed conditional cube tester to recover the key of Keccak-MAC and Keyak and to construct practical distinguishing attacks on Keccak sponge function up to 7 rounds. In this paper, we improve the conditional cube tester model by refining the formulation of cube variables. By classifying cube variables into three different types and working the candidates of these types of cube variable carefully, we are able to establish a new theoretical distinguisher on 8-round Keccak sponge function. Our result is more efficient and greatly improves the existing results. Finally we remark that our distinguishing attack on the the reduced-round Keccak will not threat the security margin of the Keccak sponge function.

Fast and Scalable Bilinear-Type Conversion Method for Large Scale Crypto Schemes

Bilinear-type conversion is to translate a cryptographic scheme designed over symmetric bilinear groups into one that works over asymmetric bilinear groups with small overhead regarding the size of objects concerned in the target scheme. In this paper, we address scalability for converting complex cryptographic schemes. Our contribution is threefold. Investigating complexity of bilinear-type conversion. We show that there exists no polynomial-time algorithm for worst-case inputs under standard complexity assumption. It means that bilinear-type conversion in general is an inherently difficult problem. Presenting a new scalable conversion method. Nevertheless, we show that large-scale conversion is indeed possible in practice when the target schemes are built from smaller building blocks with some structure. We present a novel conversion method, called IPConv, that uses 0-1 Integer Programming instantiated with a widely available IP solver. It instantly converts schemes containing more than a thousand of variables and hundreds of pairings. Application to computer-aided design. Our conversion method is also useful in modular design of middle to large scale cryptographic applications; first construct over simpler symmetric bilinear groups and run over efficient asymmetric groups. Thus one can avoid complication of manually allocating variables over asymmetric bilinear groups. We demonstrate its usefulness by somewhat counter-intuitive examples where converted DLIN-based Groth-Sahai proofs are more compact than manually built SXDH-based proofs. Though the early purpose of bilinear-type conversion is to save existing schemes from attacks against symmetric bilinear groups, our new scalable conversion method will find more applications beyond the original goal. Indeed, the above computer-aided design can be seen as a step toward automated modular design of cryptographic schemes.

The PRF Security of Compression-Function-Based MAC Functions in the Multi-User Setting

A compression-function-based MAC function called FMAC was presented as well as a vector-input PRF called vFMAC in 2016. They were proven to be secure PRFs on the assumption that their compression function is a secure PRF against related-key attacks with respect to their non-cryptographic permutations in the single user setting. In this paper, it is shown that both FMAC and vFMAC are also secure PRFs in the multi-user setting on the same assumption as in the single user setting. These results imply that their security in the multi-user setting does not degrade with the number of the users and is as good as in the single user setting.

Improving MDC-4 to Be More Secure

MDC-4 is the enhanced version of MDC-2, which is a well-known hash mode of block ciphers. However, it does not guarantee sufficient securities required for a cryptographic hash function. In the ideal cipher model, the MDC-4 compression function has the collision security bound close to 2^5n/8 and the preimage security bound close to 2^5n/4, where the underlying block cipher has the block size of n bits. We have studied how to improve MDC-4 with simple modification to strengthen its security. It is meaningful work because users often want to improve their familiar systems with low cost. In this paper, we achieve it by proposing MDC-4⁺, which is a light variation of MDC-4. We prove that MDC-4⁺ is much more secure than MDC-4 by showing that it has the collision security bound close to optimal 2ⁿ and the preimage security bound close to 2^4n/3. We also discuss its efficiency by comparing existing hash modes.

Zero-Forcing Aided Polarization Dependent Loss Elimination for Polarization Modulation Based Dual-Polarized Satellite Systems

To improve the robustness of the polarization modulation (PM) technique applied in dual-polarized satellite systems, a zero-forcing aided demodulation (ZFAD) method is proposed to eliminate the impairment to the PM from the depolarization effect (DE). The DE elimination is traditionally dependent on the pre-compensation method, which is based on the channel state information (CSI). While the distance between communication partners in satellite systems is so long that the CSI can not be always updated in time at the transmitter side. Therefore, the pre-compensation methods may not perform well. In the ZFAD method, the CSI is estimated at the receiver side and the zero forcing matrix is constructed to process the received signal before demodulating the PM signal. In this way, the DE is eliminated. In addition, we derive the received signal-to-noise ratio expression of the PC and ZFAD methods with the statistical channel model for a better comparison. Theoretical analysis and simulation results demonstrate the ZFAD method can eliminate the DE effect effectively and achieve a better symbol error rate performance than the pre-compensation method.

Online Antenna-Pulse Selection for STAP by Exploiting Structured Covariance Matrix

In this paper, we propose an online antenna-pulse selection method in space time adaptive processing, while maintaining considerable performance and low computational complexity. The proposed method considers the antenna-pulse selection and covariance matrix estimation at the same time by exploiting the structured clutter covariance matrix. Such prior knowledge can enhance the covariance matrix estimation accuracy and thus can provide a better objective function for antenna-pulse selection. Simulations also validate the effectiveness of the proposed method.

A New Attack Scheme on the Bitcoin Reward System

The reward of the Bitcoin system is designed to be proportional to miner's computational power. However, rogue miners can increase their rewards by using the block withholding attacks. For raising awareness on the Bitcoin reward system, a new attack scheme is proposed, where the attackers infiltrate into an open pool and launch the selfish mining as well as the block withholding attack. The simulation results demonstrate that the proposed attack outperforms the conventional block withholding attacks.

Some Improved Constructions for Nonbinary Quantum BCH Codes

Maximal designed distances for nonbinary narrow-sense quantum Bose-Chaudhuri-Hocquenghem (BCH) codes of length $n=\frac{q^4-1}{r}$ and new constructions for them are given, where q is an odd prime power. These constructions are capable of designing quantum BCH codes with new parameters. Furthermore, some codes obtained here have better parameters than those constructed by other known constructions.

Fast Montgomery-Like Square Root Computation for All Trinomials

We introduce a new type of Montgomery-like square root formulae in GF(2^m) defined by an arbitrary irreducible trinomial, which is more efficient compared with classic square root operation. By choosing proper Montgomery factors for different kind of trinomials, the space and time complexities of such square root computations match or outperform the best results. A practical application of the Montgomery-like square root in inversion computation is also presented.

On the Separating Redundancy of the Duals of First-Order Generalized Reed-Muller Codes

The separating redundancy is an important property in the analysis of the error-and-erasure decoding of a linear block code. In this work, we investigate the separating redundancy of the duals of first-order generalized Reed-Muller (GRM) codes, a class of nonbinary linear block codes that have nice algebraic properties. The dual of a first-order GRM code can be specified by two positive integers m and q and denoted by R(m,q), where q is the power of a prime number and q≠2. We determine the first separating redundancy value of R(m,q) for any m and q. We also determine the second separating redundancy values of R(m,q) for any q and m=1 and 2. For ≥3, we set up a binary integer linear programming problem, the optimum of which gives a lower bound on the second separating redundancy of R(m,q).

Low-Hit-Zone Frequency-Hopping Sequence Sets with Optimal Periodic Partial Hamming Correlation Properties

Frequency-hopping sequence (FHS) sets with low-hit-zone (LHZ) have Hamming correlations maintained at a low level as long as the relative time delay between different sequences are limited in a zone around the origin, and thus can be well applied in quasi-synchronous (QS) frequency-hopping multiple-access (FHMA) systems to reduce the mutual interference between different users. Moreover, the periodic partial Hamming correlation (PPHC) properties of employed LHZ-FHS sets usually act as evaluation criterions for the performances of QS-FHMA systems in practice. In this letter, a new class of LHZ-FHS sets is constructed via interleaving techniques. Furthermore, these new LHZ-FHS sets also possess optimal PPHC properties and parameters not included in the related literature.

Lightweight Computation of Overlaid Traffic Flows by Shortest Origin-Destination Trips

Given a network G(V,E), a lightweight method to calculate overlaid origin-destination (O-D) traffic flows on all edges is developed. Each O-D trip shall select the shortest path. While simple implementations for single-source/all-destination and all-pair trips need O(L·n) and O(L·n²) in worst-case time complexity, respectively, our technique is executed with O(m+n) and O(m+n²), where n=|V|, m=|E|, and L represents the maximum arc length. This improvement is achieved by reusing outcomes of priority queue-based algorithms. Using a GIS dataset of a road network in Tokyo, Japan, the effectiveness of our technique is confirmed.