IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Volume E104.A, Issue 9

Counting Convex and Non-Convex 4-Holes in a Point Set

In this paper, we present an algorithm that counts the number of empty quadrilaterals whose corners are chosen from a given set S of n points in general position. Our algorithm can separately count the number of convex or non-convex empty quadrilaterals in O(T) time, where T denotes the number of empty triangles in S. Note that T varies from Ω(n²) and O(n³) and the expected value of T is known to be Θ(n²) when the n points in S are chosen uniformly and independently at random from a convex and bounded body in the plane. We also show how to enumerate all convex and/or non-convex empty quadrilaterals in S in time proportional to the number of reported quadrilaterals, after O(T)-time preprocessing.

Max-Min 3-Dispersion Problems

Given a set P of n points on which facilities can be placed and an integer k, we want to place k facilities on some points so that the minimum distance between facilities is maximized. The problem is called the k-dispersion problem. In this paper, we consider the 3-dispersion problem when P is a set of points on a plane (2-dimensional space). Note that the 2-dispersion problem corresponds to the diameter problem. We give an O(n) time algorithm to solve the 3-dispersion problem in the L_∞ metric, and an O(n) time algorithm to solve the 3-dispersion problem in the L₁ metric. Also, we give an O(n² log n) time algorithm to solve the 3-dispersion problem in the L₂ metric.

Chromatic Art Gallery Problem with r-Visibility is NP-Complete

The art gallery problem is to find a set of guards who together can observe every point of the interior of a polygon P. We study a chromatic variant of the problem, where each guard is assigned one of k distinct colors. The chromatic art gallery problem is to find a guard set for P such that no two guards with the same color have overlapping visibility regions. We study the decision version of this problem for orthogonal polygons with r-visibility when the number of colors is k=2. Here, two points are r-visible if the smallest axis-aligned rectangle containing them lies entirely within the polygon. In this paper, it is shown that determining whether there is an r-visibility guard set for an orthogonal polygon with holes such that no two guards with the same color have overlapping visibility regions is NP-hard when the number of colors is k=2.

Research on Map Folding with Boundary Order on Simple Fold

Folding an m×n square grid pattern along the edges of a grid is called map folding. We consider a decision problem in terms of whether a partial overlapping order of the squares aligning on the boundary of an m×n map is valid in a particular fold model called simple fold. This is a variation of the decision problem of valid total orders of the map in a simple fold model. We provide a linear-time algorithm to solve this problem, by defining an equivalence relation and computing the folding sequence sequentially, either uniquely or representatively.

Analysis of Lower Bounds for Online Bin Packing with Two Item Sizes

In the bin packing problem, we are asked to place given items, each being of size between zero and one, into bins of capacity one. The goal is to minimize the number of bins that contain at least one item. An online algorithm for the bin packing problem decides where to place each item one by one when it arrives. The asymptotic approximation ratio of the bin packing problem is defined as the performance of an optimal online algorithm for the problem. That value indicates the intrinsic hardness of the bin packing problem. In this paper we study the bin packing problem in which every item is of either size α or size β (≤ α). While the asymptotic approximation ratio for $\alpha > \frac{1}{2}$ was already identified, that for $\alpha \leq \frac{1}{2}$ is only partially known. This paper is the first to give a lower bound on the asymptotic approximation ratio for any $\alpha \leq \frac{1}{2}$, by formulating linear optimization problems. Furthermore, we derive another lower bound in a closed form by constructing dual feasible solutions.

Computing the Winner of 2-Player TANHINMIN

DAIHINMIN, which means Grand Pauper, is a popular playing-card game in Japan. TANHINMIN is a simplified variant of DAIHINMIN, which was proposed by Nishino in 2007 in order to investigate the mathematical properties of DAIHINMIN. In this paper, we consider a 2-player generalized TANHINMIN, where the deck size is arbitrary n. We present a linear-time algorithm that determines which player has a winning strategy after all cards are distributed to the players.

Convex Grid Drawings of Plane Graphs with Pentagonal Contours on O(n²) Grids

In a convex grid drawing of a plane graph, all edges are drawn as straight-line segments without any edge-intersection, all vertices are put on grid points and all facial cycles are drawn as convex polygons. A plane graph G has a convex drawing if and only if G is internally triconnected, and an internally triconnected plane graph G has a convex grid drawing on an (n-1)×(n-1) grid if either G is triconnected or the triconnected component decomposition tree T(G) of G has two or three leaves, where n is the number of vertices in G. An internally triconnected plane graph G has a convex grid drawing on a 2n×2n grid if T(G) has exactly four leaves. Furthermore, an internally triconnected plane graph G has a convex grid drawing on a 6n×n² grid if T(G) has exactly five leaves. In this paper, we show that an internally triconnected plane graph G has a convex grid drawing on a 20n×16n grid if T(G) has exactly five leaves. We also present an algorithm to find such a drawing in linear time. This is the first algorithm that finds a convex grid drawing of such a plane graph G in a grid of O(n²) size.

Automatic Drawing of Complex Metro Maps

The Tokyo subway is one of the most complex subway networks in the world and it is difficult to compute a visually readable metro map using existing layout methods. In this paper, we present a new method that can generate complex metro maps such as the Tokyo subway network. Our method consists of two phases. The first phase generates rough metro maps. It decomposes the metro networks into smaller subgraphs and partially generates rough metro maps. In the second phase, we use a local search technique to improve the aesthetic quality of the rough metro maps. The experimental results including the Tokyo metro map are shown.

Indifferentiability of SKINNY-HASH Internal Functions

We provide a formal proof for the indifferentiability of SKINNY-HASH internal function from a random oracle. SKINNY-HASH is a family of sponge-based hash functions that use functions (instead of permutations) as primitives, and it was selected as one of the second round candidates of the NIST lightweight cryptography competition. Its internal function is constructed from the tweakable block cipher SKINNY. The construction of the internal function is very simple and the designers claim n-bit security, where n is the block length of SKINNY. However, a formal security proof of this claim is not given in the original specification of SKINNY-HASH. In this paper, we formally prove that the internal function of SKINNY-HASH has n-bit security, i.e., it is indifferentiable from a random oracle up to O(2ⁿ) queries, substantiating the security claim of the designers.

Impossibility on the Schnorr Signature from the One-More DL Assumption in the Non-Programmable Random Oracle Model

The Schnorr signature is one of the representative signature schemes and its security was widely discussed. In the random oracle model (ROM), it is provable from the DL assumption, whereas there is negative circumstantial evidence in the standard model. Fleischhacker, Jager, and Schröder showed that the tight security of the Schnorr signature is unprovable from a strong cryptographic assumption, such as the One-More DL (OM-DL) assumption and the computational and decisional Diffie-Hellman assumption, in the ROM via a generic reduction as long as the underlying cryptographic assumption holds. However, it remains open whether or not the impossibility of the provable security of the Schnorr signature from a strong assumption via a non-tight and reasonable reduction. In this paper, we show that the security of the Schnorr signature is unprovable from the OM-DL assumption in the non-programmable ROM as long as the OM-DL assumption holds. Our impossibility result is proven via a non-tight Turing reduction.

Redactable Signature with Compactness from Set-Commitment

Redactable signature allows anyone to remove parts of a signed message without invalidating the signature. The need to prove the validity of digital documents issued by governments is increasing. When governments disclose documents, they must remove private information concerning individuals. Redactable signature is useful for such a situation. However, in most redactable signature schemes, to remove parts of the signed message, we need pieces of information for each part we want to remove. If a signed message consists of ℓ elements, the number of elements in an original signature is at least linear in ℓ. As far as we know, in some redactable signature schemes, the number of elements in an original signature is constant, regardless of the number of elements in a message to be signed. However, these constructions have drawbacks in that the use of the random oracle model or generic group model. In this paper, we construct an efficient redactable signature to overcome these drawbacks. Our redactable signature is obtained by combining set-commitment proposed in the recent work by Fuchsbauer et al. (JoC 2019) and digital signatures.

Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers

Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao's scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem have strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem. In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao's scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.

Receiver Selective Opening CCA Secure Public Key Encryption from Various Assumptions

Receiver selective opening (RSO) attack for public key encryption (PKE) captures a situation where one sender sends messages to multiple receivers, an adversary can corrupt a set of receivers and get their messages and secret keys. Security against RSO attack for a PKE scheme ensures confidentiality of other uncorrupted receivers' ciphertexts. Among all of the RSO security notions, simulation-based RSO security against chosen ciphertext attack (SIM-RSO-CCA security) is the strongest notion. In this paper, we explore constructions of SIM-RSO-CCA secure PKE from various computational assumptions. Toward this goal, we show that a SIM-RSO-CCA secure PKE scheme can be constructed based on an IND-CPA secure PKE scheme and a designated-verifier non-interactive zero-knowledge (DV-NIZK) argument satisfying one-time simulation soundness. Moreover, we give the first construction of DV-NIZK argument satisfying one-time simulation soundness. Consequently, through our generic construction, we obtain the first SIM-RSO-CCA secure PKE scheme under the computational Diffie-Hellman (CDH) or learning parity with noise (LPN) assumption.

A Compact Digital Signature Scheme Based on the Module-LWR Problem

We propose a new lattice-based digital signature scheme MLWRSign by modifying Dilithium, which is one of the second-round candidates of NIST's call for post-quantum cryptographic standards. To the best of our knowledge, our scheme MLWRSign is the first signature scheme whose security is based on the (module) learning with rounding (LWR) problem. Due to the simplicity of the LWR, the secret key size is reduced by approximately 30% in our scheme compared to Dilithium, while achieving the same level of security. Moreover, we implemented MLWRSign and observed that the running time of our scheme is comparable to that of Dilithium.

Optimal Basis Matrices of a Visual Cryptography Scheme with Meaningful Shares and Analysis of Its Security

The extended visual cryptography scheme (EVCS) proposed by Ateniese et al. is one of variations of the visual cryptography scheme such that a secret image is recovered by superimposition of certain qualified collections of shares, where cover images are visible on respective shares. In this paper, we give a new definition of the EVCS for improving visibility of the recovered secret image as well as the cover images. We formulate the problem to construct the basis matrices of the EVCS with the minimum pixel expansion as an integer programming problem. We solve the integer programming problem for general access structures with less than or equal to five participants and show that basis matrices with a smaller pixel expansion can be obtained for certain cases. We also analyze security of the EVCS meeting the new definition from an information-theoretic viewpoint. We give a condition under which any forbidden collection of shares does not reveal any additional information on not only a secret image but also the cover images that are not visible on the other shares.

Efficient Algorithm to Compute Odd-Degree Isogenies Between Montgomery Curves for CSIDH

Isogeny-based cryptography, such as commutative supersingular isogeny Diffie-Hellman (CSIDH), have been shown to be promising candidates for post-quantum cryptography. However, their speeds have remained unremarkable. This study focuses on computing odd-degree isogeny between Montgomery curves, which is a dominant computation in CSIDH. Our proposed “2-ADD-Skip method” technique reduces the required number of points to be computed during isogeny computation. A novel algorithm for isogeny computation is also proposed to efficiently utilize the 2-ADD-Skip method. Our proposed algorithm with the optimized parameter reduces computational cost by approximately 12% compared with the algorithm proposed by Meyer and Reith. Further, individual experiments for each degree of isogeny ℓ show that the proposed algorithm is the fastest for 19≤ℓ≤373 among previous studies focusing on isogeny computation including the Õ(√ℓ) algorithm proposed by Bernstein et al. The experimental results also show that the proposed algorithm achieves the fastest on CSIDH-512. For CSIDH-1024, the proposed algorithm is faster than the algorithm by Meyer and Reith although it is slower than the algorithm by Bernstein et al.

Watermarkable Signature with Computational Function Preserving

Software watermarking enables one to embed some information called “mark” into a program while preserving its functionality, and to read it from the program. As a definition of function preserving, Cohen et al. (STOC 2016) proposed statistical function preserving which requires that the input/output behavior of the marked circuit is identical almost everywhere to that of the original unmarked circuit. They showed how to construct watermarkable cryptographic primitives with statistical function preserving, including pseudorandom functions (PRFs) and public-key encryption from indistinguishability obfuscation. Recently, Goyal et al. (CRYPTO 2019) introduced more relaxed definition of function preserving for watermarkable signature. Watermarkable signature embeds a mark into a signing circuit of digital signature. The relaxed function preserving only requires that the marked signing circuit outputs valid signatures. They provide watermarkable signature with the relaxed function preserving only based on (standard) digital signature. In this work, we introduce an intermediate notion of function preserving for watermarkable signature, which is called computational function preserving. Then, we examine the relationship among our computational function preserving, relaxed function preserving by Goyal et al., and statistical function preserving by Cohen et al. Furthermore, we propose a generic construction of watermarkable signature scheme satisfying computational function preserving based on public key encryption and (standard) digital signature.

Private Information Retrieval from Coded Storage in the Presence of Omniscient and Limited-Knowledge Byzantine Adversaries

This paper investigates an adversarial model in the scenario of private information retrieval (PIR) from n coded storage servers, called Byzantine adversary. The Byzantine adversary is defined as the one altering b server responses and erasing u server responses to a user's query. In this paper, two types of Byzantine adversaries are considered; 1) the classic omniscient type that has the full knowledge on n servers as considered in existing literature, and 2) the reasonable limited-knowledge type that has information on only b+u servers, i.e., servers under the adversary's control. For these two types, this paper reveals that the resistance of a PIR scheme, i.e., the condition of b and u to correctly obtain the desired message, can be expressed in terms of a code parameter called the coset distance of linear codes employed in the scheme. For the omniscient type, the derived condition expressed by the coset distance is tighter and more precise than the estimation of the resistance by the minimum Hamming weight of the codes considered in existing researches. Furthermore, this paper also clarifies that if the adversary is limited-knowledge, the resistance of a PIR scheme could exceed that for the case of the omniscient type. Namely, PIR schemes can increase their resistance to Byzantine adversaries by allowing the limitation on adversary's knowledge.

A Narrowband Active Noise Control System with a Frequency Estimator

A narrowband active noise control (NANC) system is very effective for controlling low-frequency periodic noise. A frequency mismatch (FM) with the reference signal will degrade the performance or even cause the system to diverge. To deal with an FM and obtain an accurate reference signal, NANC systems often employ a frequency estimator. Combining an autoregressive predictive filter with a variable step size (VSS) all-pass-based lattice adaptive notch filter (ANF), a new frequency estimation method is proposed that does not require prior information of the primary signal, and the convergence characteristics are much improved. Simulation results show that the designed frequency estimator has a higher accuracy than the conventional algorithm. Finally, hardware experiments are carried out to verify the noise reduction effect.

Convex and Differentiable Formulation for Inverse Problems in Hilbert Spaces with Nonlinear Clipping Effects

We propose a useful formulation for ill-posed inverse problems in Hilbert spaces with nonlinear clipping effects. Ill-posed inverse problems are often formulated as optimization problems, and nonlinear clipping effects may cause nonconvexity or nondifferentiability of the objective functions in the case of commonly used regularized least squares. To overcome these difficulties, we present a tractable formulation in which the objective function is convex and differentiable with respect to optimization variables, on the basis of the Bregman divergence associated with the primitive function of the clipping function. By using this formulation in combination with the representer theorem, we need only to deal with a finite-dimensional, convex, and differentiable optimization problem, which can be solved by well-established algorithms. We also show two practical examples of inverse problems where our theory can be applied, estimation of band-limited signals and time-harmonic acoustic fields, and evaluate the validity of our theory by numerical simulations.

Update on Analysis of Lesamnta-LW and New PRF Mode LRF

We revisit the design of Lesamnta-LW, which is one of the three lightweight hash functions specified in ISO/IEC 29192-5:2016. Firstly, we present some updates on the bounds of the number of active S-boxes for the underlying 64-round block cipher. While the designers showed that the Viterbi algorithm ensured 24 active S-boxes after 24 rounds, our tool based on Mixed Integer Linear Programming (MILP) in the framework of Mouha et al. ensures the same number of active S-boxes only after 18 rounds. The tool completely evaluates the tight bound of the number of active S-boxes, and it shows that the bound is 103 for full (64) rounds. We also analyze security of the Shuffle operation in the round function and resistance against linear cryptanalysis. Secondly, we present a new mode for a pseudorandom function (PRF) based on Lesamnta-LW. It is twice as efficient as the previous PRF modes based on Lesamnta-LW. We prove its security both in the standard model and the ideal cipher model.

The Weight Distributions of the (256, k) Extended Binary Primitive BCH Codes with k≤71 and k≥187

Computing the weight distribution of a code is a challenging problem in coding theory. In this paper, the weight distributions of (256, k) extended binary primitive BCH codes with k≤71 and k≥187 are given. The weight distributions of the codes with k≤63 and k≥207 have already been obtained in our previous work. Affine permutation and trellis structure are used to reduce the computing time. Computer programs in C language which use recent CPU instructions, such as SIMD, are developed. These programs can be deployed even on an entry model workstation to obtain the new results in this paper.

Optical CDMA Scheme Using Generalized Modified Prime Sequence Codes and Extended Bi-Orthogonal Codes

Optical code-division multiple-access (CDMA) techniques provide multi-user data transmission services in optical wireless and fiber communication systems. Several signature codes, such as modified prime sequence codes (MPSCs), generalized MPSCs (GMPSCs) and modified pseudo-orthogonal M-sequence sets, have been proposed for synchronous optical CDMA systems. In this paper, a new scheme is proposed for synchronous optical CDMA to increase the number of users and, consequently, to increase the total data rate without increasing the chip rate. The proposed scheme employs a GMPSC and an extended bi-orthogonal code which is a unipolar code generated from a bipolar Walsh code. Comprehensive comparisons between the proposed scheme and several conventional schemes are shown. Moreover, bit error rate performance and energy efficiency of the proposed scheme are evaluated comparing with those of the conventional optical CDMA schemes under atmospheric propagation environment.

Effects of Initial Configuration on Attentive Tracking of Moving Objects Whose Depth in 3D Changes

In daily reality, people often pay attention to several objects that change positions while being observed. In the laboratory, this process is investigated by a phenomenon known as multiple object tracking (MOT) which is a task that evaluates attentive tracking performance. Recent findings suggest that the attentional set for multiple moving objects whose depth changes in three dimensions from one plane to another is influenced by the initial configuration of the objects. When tracking objects, it is difficult for people to expand their attentional set to multiple-depth planes once attention has been focused on a single plane. However, less is known about people contracting their attentional set from multiple-depth planes to a single-depth plane. In two experiments, we examined tracking accuracy when four targets or four distractors, which were initially distributed on two planes, come together on one of the planes during an MOT task. The results from this study suggest that people have difficulty changing the depth range of their attention during attentive tracking, and attentive tracking performance depends on the initial attentional set based on the configuration prior to attentive tracking.

Pilot De-Contamination by Modified HTRCI with Time-Domain CSI Separation for Two-Cell MIMO Downlink

This letter expands the previously proposed High Time Resolution Carrier Interferometry (HTRCI) to estimate a larger amount of channel status information (CSI). HTRCI is based on a comb-type pilot symbol on OFDM and CSI for null subcarriers are interpolated by time-domain signal processing. In order to utilize such null pilot subcarriers for increasing estimable CSI, they should generally be separated in frequency-domain prior to estimation and interpolation processes. The main proposal is its separation scheme in conjunction with the HTRCI treatment of the temporal domain. Its effectiveness is verified by a pilot de-contamination on downlink two-cell MIMO transmission scenario. Binary error rate (BER) performance can be improved in comparison to conventional HTRCI and zero padding (ZP) which replaces the impulse response alias with zeros.

Orthogonal Chaotic Binary Sequences Based on Tent Map and Walsh Functions

In this letter, we will prove that chaotic binary sequences generated by the tent map and Walsh functions are i.i.d. (independent and identically distributed) and orthogonal to each other.

A New 10-Variable Cubic Bent Function Outside the Completed Maiorana-McFarland Class

In this letter, we present a construction of bent functions which generalizes a work of Zhang et al. in 2016. Based on that, we obtain a cubic bent function in 10 variables and prove that, it has no affine derivative and does not belong to the completed Maiorana-McFarland class, which is opposite to all 6/8-variable cubic bent functions as they are inside the completed Maiorana-McFarland class. This is the first time a theoretical proof is given to show that the cubic bent functions in 10 variables can be outside the completed Maiorana-McFarland class. Before that, only a sporadic example with such properties was known by computer search. We also show that our function is EA-inequivalent to that sporadic one.

The Explicit Dual of Leander's Monomial Bent Function

Permutation polynomials and their compositional inverses are crucial for construction of Maiorana-McFarland bent functions and their dual functions, which have the optimal nonlinearity for resisting against the linear attack on block ciphers and on stream ciphers. In this letter, we give the explicit compositional inverse of the permutation binomial $f(z)=z^{2^{r}+2}+\alpha z\in\mathbb{F}_{2^{2r}}[z]$. Based on that, we obtain the dual of monomial bent function $f(x)={\rm Tr}_1^{4r}(x^{2^{2r}+2^{r+1}+1})$. Our result suggests that the dual of f is not a monomial any more, and it is not always EA-equivalent to f.

New Almost Periodic Complementary Pairs

In this letter, we give a recursive construction of q-ary almost periodic complementary pairs (APCPs) based on an interleaving technique of sequences and Kronercker product. Based on this construction, we obtain new quaternary APCPs with new lengths.

Face Super-Resolution via Hierarchical Multi-Scale Residual Fusion Network

Exploring the structural information as prior to facial images is a key issue of face super-resolution (SR). Although deep convolutional neural networks (CNNs) own powerful representation ability, how to accurately use facial structural information remains challenges. In this paper, we proposed a new residual fusion network to utilize the multi-scale structural information for face SR. Different from the existing methods of increasing network depth, the bottleneck attention module is introduced to extract fine facial structural features by exploring correlation from feature maps. Finally, hierarchical scales of structural information is fused for generating a high-resolution (HR) facial image. Experimental results show the proposed network outperforms some existing state-of-the-art CNNs based face SR algorithms.

Optic Disc Detection Based on Saliency Detection and Attention Convolutional Neural Networks

The automatic analysis of retinal fundus images is of great significance in large-scale ocular pathologies screening, of which optic disc (OD) location is a prerequisite step. In this paper, we propose a method based on saliency detection and attention convolutional neural network for OD detection. Firstly, the wavelet transform based saliency detection method is used to detect the OD candidate regions to the maximum extent such that the intensity, edge and texture features of the fundus images are all considered into the OD detection process. Then, the attention mechanism that can emphasize the representation of OD region is combined into the dense network. Finally, it is determined whether the detected candidate regions are OD region or non-OD region. The proposed method is implemented on DIARETDB0, DIARETDB1 and MESSIDOR datasets, the experimental results of which demonstrate its superiority and robustness.

Applying K-SVD Dictionary Learning for EEG Compressed Sensing Framework with Outlier Detection and Independent Component Analysis

This letter reports on the effectiveness of applying the K-singular value decomposition (SVD) dictionary learning to the electroencephalogram (EEG) compressed sensing framework with outlier detection and independent component analysis. Using the K-SVD dictionary matrix with our design parameter optimization, for example, at compression ratio of four, we improved the normalized mean square error value by 31.4% compared with that of the discrete cosine transform dictionary for CHB-MIT Scalp EEG Database.