-
Kouichi SAKURAI
2015 Volume E98.A Issue 1 Pages
1-2
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
-
Tatsuaki OKAMOTO, Katsuyuki TAKASHIMA
Article type: INVITED PAPER
2015 Volume E98.A Issue 1 Pages
3-15
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
The concept of
dual pairing vector spaces (DPVS) was introduced by Okamoto and Takashima in 2009, and it has been employed in various applications, functional encryption (FE) including attribute-based encryption (ABE) and inner-product encryption (IPE) as well as attribute-based signatures (ABS), generic conversion from composite-order group based schemes to prime-order group based ones and public-key watermarking. In this paper, we show the concept of DPVS, the major applications to FE and the key techniques employed in these applications. This paper presents them with placing more emphasis on plain and intuitive descriptions than formal preciseness.
View full abstract
-
Junji SHIKATA
Article type: INVITED PAPER
2015 Volume E98.A Issue 1 Pages
16-25
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
This paper briefly deals with a wide range of topics in information-theoretic cryptography. First, we focus on the results on symmetric-key encryption and authentication codes, since these protocols are fundamental in the field and well studied in the frameworks by Shannon and Simmons, respectively. Secondly, we explain several existing assumptions and security criteria whose merit mainly lies in realizing cryptographic protocols with short/weak shared secret-keys, correlated weak secret-keys, or no shared secrets. Thirdly, we consider research themes by three aspects for further development of information-theoretic cryptography. Finally, we refer to trends of technical approaches in information-theoretic cryptography and explain our recent results brought by using the approach.
View full abstract
-
Yu SASAKI, Gaoli WANG, Lei WANG
Article type: PAPER
Subject area: Symmetric Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
26-38
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
This paper presents key recovery attacks on Sandwich-MAC instantiating MD5, where Sandwich-MAC is an improved variant of HMAC and achieves the same provable security level and better performance especially for short messages. The increased interest in lightweight cryptography motivates us to analyze such a MAC scheme. Our attacks are based on a distinguishing-
H attack on HMAC-MD5 proposed by Wang et al. We first improve its complexity from 2
97 to 2
89.04. With this improvement, we then propose key recovery attacks on Sandwich-MAC-MD5 by combining various techniques such as distinguishing-
H for HMAC-MD5, IV Bridge for APOP, dBB-near-collisions for related-key NMAC-MD5, meet-in-the-middle attack etc. In particular, we generalize a previous key-recovery technique as a new tool exploiting a conditional key-dependent distribution. Surprisingly, a key which is even longer than the tag size can be recovered without the knowledge of the key size. Finally, our attack also improves the previous partial-key (
K1) recovery on MD5-MAC, and extends it to recover both of
K1 and
K2.
View full abstract
-
Yosuke TODO
Article type: PAPER
Subject area: Symmetric Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
39-48
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In this paper, we deal with upper bounds for the security of some Feistel networks. Such a topic has been discussed since the introduction of Luby-Rackoff construction. The Luby-Rackoff construction is unrealistic because its round functions must be chosen at random from the set of all functions. Knudsen dealt with a more practical construction whose round functions are chosen at random from a family of 2
k randomly chosen functions, and showed an upper bound for the security by demonstrating generic key recovery attacks. However it is still difficult for designers to choose functions randomly. Then, this paper considers the security of some Feistel networks which have more efficient and practical round functions, and such Feistel networks are indeed used by some Feistel ciphers in practice. We show new properties using the relationship between plaintexts and ciphertexts. We propose new generic key recovery attacks by using our properties, and confirm the feasibility by implementing the attack on Feistel ciphers with small block sizes. As a result, we conclude that efficient and practical 6-round Feistel networks are not secure.
View full abstract
-
Yu SASAKI, Lei WANG
Article type: PAPER
Subject area: Symmetric Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
49-60
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In this paper, we present a new cryptanalytic tool that can reduce the complexity of integral analysis against Addition-Rotation-XOR (ARX) based designs. Our technique is based on the partial-sum technique proposed by Ferguson et al. at FSE 2000, which guesses subkeys byte to byte in turn, and the data to be analyzed is compressed for each key guess. In this paper, the technique is extended to ARX based designs. Subkeys are guessed bit by bit, and the data is compressed with respect to the value of the guessed bit position and carry values to the next bit position. We call the technique
bitwise partial-sum. We demonstrate this technique by applying it to reduced-round versions of HIGHT, which is one of the ISO standard 64-bit block ciphers. Another contribution of this paper is an independent improvement specific to HIGHT. By exploiting linear computations inside the round function, the number of guessed bits during the key recovery phase can be greatly reduced. Together with the bitwise partial-sum, the integral analysis on HIGHT is extended from previous 22 rounds to 26 rounds, while full HIGHT consists of 32 rounds.
View full abstract
-
Yu SASAKI
Article type: PAPER
Subject area: Symmetric Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
61-71
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In this paper, generic attacks are presented against hash functions that are constructed by a hashing mode instantiating a Feistel or generalized Feistel networks with an SP-round function. It is observed that the omission of the network twist in the last round can be a weakness against preimage attacks. The first target is a standard Feistel network with an SP round function. Up to 11 rounds can be attacked in generic if a condition on a key schedule function is satisfied. The second target is a 4-branch type-2 generalized Feistel network with an SP round function. Up to 15 rounds can be attacked in generic. These generic attacks are then applied to hashing modes of ISO standard ciphers Camellia-128 without FL and whitening layers and CLEFIA-128.
View full abstract
-
Kexin QIAO, Lei HU, Siwei SUN, Xiaoshuang MA, Haibin KAN
Article type: PAPER
Subject area: Symmetric Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
72-80
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Counting the number of differentially active S-boxes is of great importance in evaluating the security of a block cipher against differential attack. Mouha et al. proposed a technique based on Mixed-Integer Linear Programming (MILP) to automatically calculate a lower bound of the number of differentially active S-boxes for word-oriented block ciphers, and applied it to symmetric ciphers AES and Enocoro-128v2. Later Sun et al. extended the method by introducing bit-level representations for S-boxes and new constraints in the MILP problem, and applied the extended method to PRESENT-80 and LBlock. This kind of methods greatly depends on the constraints in the MILP problem describing the differential propagation of the block cipher. A more accurate description of the differential propagation leads to a tighter bound on the number of differentially active S-boxes. In this paper, we refine the constraints in the MILP problem describing XOR operations, and apply the refined MILP modeling to determine a lower bound of the number of active S-boxes for the Lai-Massey type block cipher FOX in the model of single-key differential attack, and obtain a tighter bound in FOX64 than existing results. Experimental results show that 6, instead of currently known 8, rounds of FOX64 is strong enough to resist against basic single-key differential attack since the differential characteristic probability is upper bounded by 2
-64, and thus the maximum differential characteristic probability of 12-round FOX64 is upper bounded by 2
-128, where 128 is the key-length of FOX64. We also get the lower bound of the number of differentially active S-boxes for 5-round FOX128, and proved the security of the full-round FOX128 with respect to single-key differential attack.
View full abstract
-
Toshihiro OHIGASHI, Takanori ISOBE, Yuhei WATANABE, Masakatu MORII
Article type: PAPER
Subject area: Symmetric Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
81-91
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
RC4 is a widely-used stream cipher, adopted in many standard protocols, such as WEP, WPA and SSL/TLS, as a standard encryption algorithm. Isobe et al. proposed a plaintext recovery attack on RC4 in the broadcast setting, where the same plaintext is encrypted with different secret keys. Their attack is able to recover the first 257bytes by exploiting the biases of the initial bytes of a keystream. In this paper, we propose two types of
full plaintext recovery attacks that are able to recover all the bytes, even after the 258th byte, of a plaintext, unlike Isobe et al.'s attack. To achieve this, we combine the use of multiple keystream biases appropriately. The first attack utilizes the initial byte biases and Mantin's long-term bias. This attack can recover the first 1000 terabytes of a plaintext from 2
34 ciphertexts with a probability of almost one. The second attack is based on two long-term biases. Since this attack does not rely on the biases of the initial bytes of the RC4 keystream, it can recover any byte of a plaintext, even if the initial bytes are disregarded. Given 2
35 ciphertexts encrypted by different keys, any byte of a target plaintext can be recovered with a probability close to one.
View full abstract
-
Nguyen Quoc VIET, Wakaha OGATA
Article type: PAPER
Subject area: Public Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
92-99
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
A certificateless aggregate signature scheme saves cost from complicated certificate management in PKI and compresses many signatures on different messages signed by different users to one single signature. It is originally required to be secure against a conspiring group of malicious signers (
type I adversary) and against malicious KGC (
type II adversary). In this paper, we define a novel fundamental type of adversary for certificateless aggregate signature schemes, type III adversary, called
malicious KGC & Signers Coalition, who can break Zhang-Zhang scheme. We also propose two new certificateless aggregate schemes which are provably secure against all three types of adversary.
View full abstract
-
Ryo NISHIMAKI, Keita XAGAWA
Article type: PAPER
Subject area: Public Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
100-116
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
We propose two unidirectional proxy re-encryption schemes from the LWE assumptions. The schemes enjoy
key privacy defined by Ateniese, Benson, and Hohenberger (CT-RSA 2009), that is, a delegator and a delegatee of a re-encryption key are anonymous.
View full abstract
-
Toru NAKANISHI, Nobuo FUNABIKI
Article type: PAPER
Subject area: Public Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
117-131
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
A group signature scheme allows a group member to anonymously sign a message on behalf of the group. One of the important issues is the member revocation, and lots of revocable schemes have been proposed so far. A scheme recently proposed by Libert et al. achieves that
O(1) or
O(log
N) efficiency of communication and computation except for the revocation list size (also the revocation cost), for the total number of members
N and the number of revoked members
R. However, since a signature is required for each subset separated from the set of non-revoked members, the size is about 900
R Bytes in the 128-bit security. In the case of
R=100,000, it amounts to about 80MB. In this paper, we extend the scheme to reduce the revocation list (also the revocation cost), by accumulating
T subsets, which is signed for the revocation list. The revocation list size is reduced by 1/
T. Unfortunately, the public key size, membership certificate size and the cost of a witness computation needed for signing increase related to
T.
View full abstract
-
Kazuki YONEYAMA
Article type: PAPER
Subject area: Public Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
132-143
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
How to reduce communication complexity is a common important issue to design cryptographic protocols. This paper focuses on authenticated key exchange (AKE). Several AKE schemes have been studied, which satisfy strong security such as exposure-resilience in the standard model (StdM). However, there is a large gap on communication costs between schemes in the StdM and in the random oracle model. In this paper, we show a generic construction that is significantly compact (i.e., small communication cost) and secure in the StdM. We follow an existing generic construction from key encapsulated mechanism (KEM). Our main technique is to use a bounded chosen-ciphertext secure KEM instead of an ordinary chosen-ciphertext secure KEM. The communication cost can be reduced to half by this technique, and we achieve the most compact AKE scheme in the StdM. Moreover, our construction has instantiations under wider classes of hardness assumptions (e.g., subset-sum problems and multi-variate quadratic systems) than existing constructions. This work pioneers the first meaningful application of bounded chosen-ciphertext secure KEM.
View full abstract
-
Yasufumi HASHIMOTO
Article type: PAPER
Subject area: Public Key Based Cryptography
2015 Volume E98.A Issue 1 Pages
144-152
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Rainbow is one of signature schemes based on the problem solving a set of multivariate quadratic equations. While its signature generation and verification are fast and the security is presently sufficient under suitable parameter selections, the key size is relatively large. Recently, Quaternion Rainbow — Rainbow over a quaternion ring — was proposed by Yasuda, Sakurai and Takagi (CT-RSA'12) to reduce the key size of Rainbow without impairing the security. However, a new vulnerability emerges from the structure of quaternion ring; in fact, Thomae (SCN'12) found that Quaternion Rainbow is less secure than the same-size original Rainbow. In the present paper, we further study the structure of Quaternion Rainbow and show that Quaternion Rainbow is one of sparse versions of the Rainbow. Its sparse structure causes a vulnerability of Quaternion Rainbow. Especially, we find that Quaternion Rainbow over even characteristic field, whose security level is estimated as about the original Rainbow of at most 3/4 by Thomae's analysis, is almost as secure as the original Rainbow of at most 1/4-size.
View full abstract
-
Kosei ENDO, Noboru KUNIHIRO
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
153-161
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
At Eurocrypt 2011, Kiltz et al. presented two efficient authentication protocols for resource-constrained devices such as radio-frequency identification tags. Kiltz et al. proved that their protocols were provably secure against active attackers. However, they did not refer to the security against man-in-the-middle (MIM) attackers. In this paper, we analyze the security of the protocols against the MIM attacks and reveal the vulnerabilities. More concretely, we propose MIM attacks on them and evaluate authentication rounds required in these attacks precisely. We assume that the tag and reader share a 2
l-bit secret key. The expected number of authentication rounds to recover the secret information in the first and second protocol is at most 2
l+2 and 4
l+4, respectively. These attacks do not contradict the proof of security since the MIM attack is located outside the attack model that Kiltz et al. considered.
View full abstract
-
Dai WATANABE, Masayuki YOSHINO
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
162-170
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Cryptography is now popularized and is widely used anywhere for many aims such as data confidentiality and integrity. The cryptographic key has a limited lifetime. For example, the National Institute of Standards and Technology published SP800-57 in order to provide cryptographic key management guidance, and it strictly limits the lifetime of the cryptographic key and the lifetime of encrypted data. That means, the data encryption key is required to be periodically updated and the associated encrypted data is required to be re-encrypted with the new key each time. The cost, especially network traffic, is crucial if the encrypted data is away from the key. In this paper we discuss what to be achieved by key updating and propose a key update mechanism reducing the communication and computation cost of re-encryption.
View full abstract
-
Sho ENDO, Naofumi HOMMA, Yu-ichi HAYASHI, Junko TAKAHASHI, Hitoshi FUJ ...
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
171-181
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
This paper proposes a multiple-fault injection attack based on adaptive control of fault injection timing in embedded microcontrollers. The proposed method can be conducted under the black-box condition that the detailed cryptographic software running on the target device is not known to attackers. In addition, the proposed method is non-invasive, without the depackaging required in previous works, since such adaptive fault injection is performed by precisely generating a clock glitch. We first describe the proposed method which injects two kinds of faults to obtain a faulty output available for differential fault analysis while avoiding a conditional branch in a typical recalculation-based countermeasure. We then show that the faulty output can be obtained by the proposed method without using information from the detailed instruction sequence. In particular, the validity of the proposed method is demonstrated through experiments on Advanced Encryption Standard (AES) software with a recalculation-based countermeasure on 8-bit and 32-bit microcontrollers. We also present a countermeasure resistant to the proposed method.
View full abstract
-
Rei UENO, Naofumi HOMMA, Takafumi AOKI
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
182-191
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
This paper presents an efficient method for differential fault analysis (DFA) on substitution-permutation network (SPN)-based block ciphers. A combination of a permutation cancellation and an algebraic key filtering technique makes it possible to reduce the computational cost of key filtering significantly and therefore perform DFAs with new fault models injected at an earlier round, which defeats conventional countermeasures duplicating or recalculating the rounds of interest. In this paper, we apply the proposed DFA to the LED block cipher. Whereas existing DFAs employ fault models injected at the 30th round, the proposed DFA first employs a fault model injected at the 29th round. We demonstrate that the proposed DFA can obtain the key candidates with only one pair of correct and faulty ciphertexts in about 2.1h even from the 29th round fault model and the resulting key space is reduced to 2
4.04
View full abstract
-
Junko TAKAHASHI, Toshinori FUKUNAGA, Kazumaro AOKI, Hitoshi FUJI
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
192-202
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
This paper proposes a new accurate evaluation method for examining the resistance of cryptographic implementations against access-driven cache attacks (CAs). We show that a mathematical correlation method between the sets of measured access time and the ideal data, which depend on the guessed key, can be utilized to evaluate quantitatively the correct key in access-driven CAs. We show the effectiveness of the proposed method using the access time measured in noisy environments. We also estimate the number of key candidates based on mathematical proof while considering memory allocation. Furthermore, based on the proposed method, we analyze quantitatively how the correlation values change with the number of plaintexts for a successful attack.
View full abstract
-
Shingo HASEGAWA, Shuji ISOBE, Jun-ya IWAZAKI, Eisuke KOIZUMI, Hiroki S ...
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
203-212
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Password-protected secret sharing (PPSS, for short) schemes were proposed by Bagherzandi, Jarecki, Saxena and Lu. In this paper, we consider another attack for PPSS schemes which is based on public parameters and documents. We show that the protocol proposed by Bagherzandi et al. is broken with the attack. We then propose an enhanced protocol which is secure against the attack.
View full abstract
-
Ryo KIKUCHI, Koji CHIDA, Dai IKARASHI, Wakaha OGATA, Koki HAMADA, Kats ...
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
213-222
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Secret sharing scheme (SS) has been extensively studied since SSs are important not only for secure data storage but also as a fundamental building block for multiparty computation (MPC). For an application to secure data storage, the share size of SS is an important factor. For an application to a building block for MPC, the extendibility to MPC is needed. Computationally secure SSs and a ramp scheme have a small share size but there have been few studies concerning their MPC. In contrast, there have been many studies about MPC on Shamir's and replicated SSs while their share size is large. We consider an application scenario of SS such as applying SSs to secure data storage service with MPC. In this application, users store their data in servers through SS, and sometimes the servers perform MPC as an optional feature. In this case, the extendibility to MPC is needed and good code-efficiency is preferable. We propose a new computational SS, and show how to convert shares of our SS and a ramp SS to those of multiparty-friendly SS such as Shamir's and replicated SS. This enables one to secretly-share data compactly and extend secretly-shared data to MPC if needed.
View full abstract
-
Ryo KIKUCHI, Dai IKARASHI, Koki HAMADA, Koji CHIDA
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
223-231
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Secret sharing (SS) has been extensively studied as for both secure data storage and a fundamental building block for multiparty computation (MPC). Recently, Kikuchi et al. proposed a passively and unconditionally secure conversion protocol that converts from a share of a ramp scheme to another of homomorphic SS scheme. The share-size of the ramp scheme is small, and the homomorphic SS scheme is a class of SS schemes that includes Shamir's and replicated SS schemes, which are convenient for MPC. Therefore, their protocol is a conversion from an SS scheme whose share-size is small to MPC-friendly SS schemes, and can be applied to reduce the amount of data storage while maintaining extendibility to MPC. We propose five unconditionally and actively secure protocols in the honest majority. In this paper, we consider a privacy and correctness as security requirement and does not consider a robustness: A cheat caused by an active adversary must be detected. These protocols consist of two conversion protocols, two reveal protocols and a protocol generating specific randomness. Main protocols among them are two conversion protocols for bilateral conversion between a ramp scheme and linear SS scheme, and the others are building blocks of the main protocols. Linear SS scheme is a subset of homomorphic SS scheme but includes both Shamir's and replicated SS schemes. Therefore, these main protocols are conversions between an SS scheme whose share-size is small to MPC-friendly SS schemes. These main protocols are unconditionally and actively secure so if MPC protocols used after the conversion are actively secure, the whole system involving SS scheme, conversion, and MPC protocols can be unconditionally and actively secure by using our main protocols. One of our two main protocols is the first to convert from MPC-friendly SS schemes to the ramp scheme. This enhances applications, such as secure backup, of the conversion protocol. Other than the two main protocols, we propose a protocol for generating specific randomnesses and two reveal protocols as building blocks. The latter two reveal protocols are actively and unconditionally secure in the honest majority and requires
O(
n||F||)-bit communication per revealing, and we believe that it is independently interest.
View full abstract
-
Kaoru KUROSAWA, Ryo NOJIMA, Le Trieu PHONG
Article type: PAPER
Subject area: Foundation
2015 Volume E98.A Issue 1 Pages
232-245
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
We aim at constructing adaptive oblivious transfer protocols, enjoying fully simulatable security, from various well-known assumptions such as DDH,
d-Linear, QR, and DCR. To this end, we present two generic constructions of adaptive OT, one of which utilizes verifiable shuffles together with threshold decryption schemes, while the other uses permutation networks together with what we call
loosely-homomorphic key encapsulation schemes. The constructions follow a novel designing approach called “blind permutation”, which completely differs from existing ones. We then show that specific choices of the building blocks lead to concrete adaptive OT protocols with fully simulatable security in the standard model under the targeted assumptions. Our generic methods can be extended to build universally composable (UC) secure OT protocols, with a loss in efficiency.
View full abstract
-
Lin WANG, Yu ZHOU, Ying GAO
Article type: LETTER
2015 Volume E98.A Issue 1 Pages
246-249
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Primitive linear recurring sequences over rings are important in modern communication technology, and character sums of such sequences are used to analyze their statistical properties. We obtain a new upper bound for the character sum of primitive sequences of order
n over the residue ring modulo a square-free odd integer
m, and thereby improve previously known bound
mn/2.
View full abstract
-
Shunsuke KAMIJO
2015 Volume E98.A Issue 1 Pages
250
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
-
Tsuneo TAKAHASHI
Article type: INVITED PAPER
2015 Volume E98.A Issue 1 Pages
251-258
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
ITS refers to advanced transportation systems in which control technology and information communication technology are applied for the purpose of coping with issues concerning safety, congestion, the environment, resource usage, etc. Here, we will review the history of ITS and look at its prospects for the future, with a focus on the rise of car navigation systems in Japan.
View full abstract
-
Hiroshi MAKINO, Shunsuke KAMIJO
Article type: INVITED PAPER
2015 Volume E98.A Issue 1 Pages
259-266
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
ITS R&D includes wide variety of research area such as mechanical engineering, road engineering, traffic engineering, information and communication engineering, and electrical engineering. In spite of initiatives across the variety of engineering is essential to solve the problems of practical social systems, it is difficult to collaborate among engineering. Based on the joint research of the Japan Society of Civil Engineers and the Institute of Electrical Engineers held at the Great East Japan Earthquake, this paper discusses about necessity of collaboration among academies on ITS R&D. International collaboration is also important for ITS R&D. Asian countries could share the same problems and solutions, since many of mega cities exist in Asia region and they suffers from heavy traffics. Therefore, we need to discuss the common solution to our problems.
View full abstract
-
Naohisa HASHIMOTO, Shin KATO, Sadayuki TSUGAWA
Article type: PAPER
2015 Volume E98.A Issue 1 Pages
267-274
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Energy conservation is one of the hot topics within the domain of traffic problems. It is well known that shortening the distance between vehicles reduces the aerodynamic drag of the lagging (or following) vehicle and leads to energy savings, which benefits the drivers. Recently, systems have been developed in which trucks or vehicles travel in a platoon with reduced headway from the preceding vehicle by using automated driving or driver assistance systems. The objective of the present study is to investigate how human factors, such as driving style, a driver's condition, or a driver's personal characteristics, influence the decision of a driver to close the gap with a preceding vehicle and obtain the benefit of aerodynamic drag reduction. We developed a realistic experimental paradigm for investigating the relationship between distance and several factors including the driver's personal characteristics and the size of preceding vehicle. Our experimental setup made use of real vehicles on a test track, as opposed to a vehicle simulator. We examined behavior of subjects that drove the following vehicle as well as subjects that sat in the passenger seat in the following vehicle. The experimental results demonstrate that all subjects attempted to reduce the distance to the preceding vehicle in order to gain the benefit. Based on the experimental and questionnaire results, we conclude that there are relationships between the category of subjects and subject's following distances.
View full abstract
-
Hiroyuki HATANO, Tomoya KITANI, Masahiro FUJII, Atsushi ITO, Yu WATANA ...
Article type: PAPER
2015 Volume E98.A Issue 1 Pages
275-283
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
For estimating user's location, Global Navigation Satellite System (GNSS) is very useful. Especially, Global Positioning System (GPS) by USA is very popular. A GPS receiver needs multiple satellites (usually 4 and more satellites). Propagation to the satellites needs line-of-sight. However, in urban area, there are many buildings. Received signals tend to become bad quality. Such signals are often called as non-line-of-sight (NLOS) or multipath signals. The problem is that the receiver cannot get line-of-sight signals from adequate number of the satellites coinstantaneously. This case leads to degradation of estimation quality or impossibility of estimation. In this paper, we will introduce a novel estimation algorithm, which can estimate own position with as low number of satellites as possible. The proposal achieves the estimation by only two satellites. The proposal also uses a traveling distance sensor which is often equipped on vehicles. By recorded satellite data, we will confirm our effectiveness.
View full abstract
-
Li-Ta HSU, Feiyu CHEN, Shunsuke KAMIJO
Article type: PAPER
2015 Volume E98.A Issue 1 Pages
284-293
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Highly accurate pedestrian position information is required in many applications, especially in automatic driving system. Global Positioning System (GPS) developed by American has proven itself reliability in most of the environments. Unfortunately, urban areas contain the signal reflection, known as multipath and non-line-of-sight (NLOS) effects. In addition, the lake of line-of-sight (LOS) satellites caused by the blockage of skyscrapers also severely degrades the accuracy and availability of the GPS positioning. To solve these problems, a solution that interoperated several Global Navigation Satellite Systems (GNSSs) is proposed. However, the actual difficulty of satellite positioning in urban area is the distorted satellite distribution. This paper proposes a GPS with 3D map ray tracing positioning method to conquer the difficulty. The proposed method takes the advantage of the non-LOS (NLOS) and uses it as an additional measurement. Significantly, these measurements are sourced from the satellites that should be blocked. Thus, the dilution of precision (DOP) can be greatly improved. To verify the performance of the proposed method, real data is collected at Tokyo urban area. This paper compares the performance of GPS/GLONASS and the proposed GPS with 3D map ray tracing methods. The results reveals the proposed method is capable of identifying which side of street the pedestrian stands and the GPS+GLONASS method is not.
View full abstract
-
Tomotaka WADA, Yusuke SHIKIJI, Keita WATARI, Hiromi OKADA
Article type: PAPER
2015 Volume E98.A Issue 1 Pages
294-303
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In recent years, there are many collision accidents between vehicles due to human errors. As one of countermeasures against the collision accidents, automotive radar systems have been supporting vehicle drivers. By the automotive radar mounted on the vehicle, it is possible to recognize the situation around the vehicle. The ranging with automotive infrared laser radar is very accurate, and able to understand the object existence in the observation around the vehicle. However, in order to grasp the situation around the vehicle, it is necessary to be aware of the attribute of the detected object. The information obtained by the automotive radar vehicle is only the direction and the distance of the object. Thus, the recognition of the attribute of the detected object is very difficult. In this paper, we propose a novel vehicle information acquisition method by using 2D reflector code. Through experiments, we show that the proposed method is able to detect 2D reflector code and is effective for vehicle information acquisition.
View full abstract
-
Xiaojin ZHU, Jingping BI, Jianhang LIU
Article type: PAPER
2015 Volume E98.A Issue 1 Pages
304-312
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Video streaming uploading over vehicular ad hoc networks (VANETs) can support many interesting applications. Due to the high mobility and dynamic topology of VANETs, how to support video streaming using wireless communications between vehicles and road-side access points still remains an open issue. In this paper, we propose a geographical uploading scheme, called MPVUS, which uses the moving prediction to keep the stable forwarding and reduce the high link failure probability over VANETs. The scheme also decides the AP switch opportunity by traffic flow estimation, so as to adjust the forwarding direction timely to avoid the short-sighted switch decision. Simulation results demonstrate the effectiveness of our scheme, which can achieve good performance in terms of the start-up delay, playback interruption ratio and video frame distortion.
View full abstract
-
Noriaki KAKIUCHI, Kenichi SUNAGAWA, Shunsuke KAMIJO
Article type: PAPER
2015 Volume E98.A Issue 1 Pages
313-322
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Pedestrian dead reckoning (PDR) is an effective positioning means that can be used in urban-canyon environments where the accuracy of GPS is significantly degraded. Magnetic disturbances caused by artificial objects affect the accuracy of positioning if the PDR system uses a magnetometer to estimate the heading direction. Conventional PDR systems consider magnetic disturbances as unpredictable error sources, but the error becomes predictable and removable if the amount of the deviation in the magnetic field can be calculated at any position. In this study, we propose a method to correct the heading direction by referring to a map of magnetic deviation. The experimental results show that our method reduced the error in the heading direction caused by magnetic disturbances. Our approach removed the error components that differ depending on the position, and consequently, the resultant trajectory represented better the shape of the true trajectory.
View full abstract
-
Tatsuya YOSHIMOTO, Toshimitsu USHIO, Takuya AZUMI
Article type: PAPER
Subject area: Systems and Control
2015 Volume E98.A Issue 1 Pages
323-330
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Computing and power resources are often limited in real-time embedded control systems. In this paper, we resolve the trade-off problem between control performance and power consumption in a real-time embedded control system with a dynamic voltage and frequency scaling (DVFS) uniprocessor implementing multiple control tasks. We formulate an optimization problem whose cost function depends on both the control performance and the power consumption. We introduce an adapter into the real-time embedded control system that adaptively assigns deadlines of jobs and clock frequencies according to the plant's stability and schedulability by solving the optimization problem. In numerical simulations, we show that the proposed adapter can reduce the power consumption while maintaining the control performance.
View full abstract
-
Hanh Thi-My NGUYEN, Tadashi TSUBONE
Article type: PAPER
Subject area: Nonlinear Problems
2015 Volume E98.A Issue 1 Pages
331-339
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
A dynamic controller, based on the Stability Transformation Method (STM), has been used to stabilize unknown and unstable periodic orbits (UPOs) in dynamical systems. An advantage of the control method is that it can stabilize unknown UPOs. In this study, we introduce a novel control method, based on STM, to stabilize UPOs in DC-DC switching power converters. The idea of the proposed method is to apply temporal perturbations to the switching time. These perturbations are calculated without information of the locations of the target orbits. The effectiveness of the proposed method is verified by numerical simulations and laboratory measurements.
View full abstract
-
Keisuke SUZUKI, Tadashi TSUBONE
Article type: PAPER
Subject area: Nonlinear Problems
2015 Volume E98.A Issue 1 Pages
340-353
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In this paper, we consider synchronization phenomena in coupled systems of piecewise constant oscillators. Both in-phase and anti-phase synchronization phenomena are observed in the oscillators, which are coupled by a voltage controlled current source (VCCS) with Signum-like characteristic. On the other hand, their co-existence is observed in the oscillators coupled by a VCCS with hysteresis characteristic. We analyze the stability of the synchronization phenomena in the coupled systems by using a fast calculation algorithm for the rigorous solutions. And we clarify the parameter regions of in-phase and anti-phase synchronization by deriving correlation coefficients. We suggest that the synchronization phenomena of the proposed systems qualitatively correspond to one of van der Pol oscillators coupled by passive elements. Some theoretical results are verified in the experimental circuits.
View full abstract
-
Hatsuhiro KATO, Hatsuyoshi KATO, Takaaki ISHII
Article type: PAPER
Subject area: Numerical Analysis and Optimization
2015 Volume E98.A Issue 1 Pages
354-361
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Resonant scattering of flexural waves in acoustic waveguide is analysed by using the recursive transfer method (RTM). Because flexural waves are governed by a fourth-order differential equation, a localized wave tends to be induced around the scattering region and dampening wave tails from the localized wave may reach the ends of a simulation domain. A notable feature of RTM is its ability to extract the localized wave even if the dampening tail reaches the end of the simulation domain. Using RTM, the enhanced reflection caused by a localized wave is predicted and the shape of the localized wave is explored at its resonance with the incident wave.
View full abstract
-
Shuaiqun WANG, Shangce GAO, Aorigele, Yuki TODO, Zheng TANG
Article type: PAPER
Subject area: Numerical Analysis and Optimization
2015 Volume E98.A Issue 1 Pages
362-377
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
The emergence of nature-inspired algorithms (NIA) is a great milestone in the field of computational intelligence community. As one of the NIAs, the artificial immune algorithm (AIS) mimics the principles of the biological immune system, and has exhibited its effectiveness, implicit parallelism, flexibility and applicability when solving various engineering problems. Nevertheless, AIS still suffers from the issues of evolution premature, local minima trapping and slow convergence due to its inherent stochastic search dynamics. Much effort has been made to improve the search performance of AIS from different aspects, such as population diversity maintenance, adaptive parameter control, etc. In this paper, we propose a novel multi-learning operator into the AIS to further enrich the search dynamics of the algorithm. A framework of embedding multiple commonly used mutation operators into the antibody evolution procedure is also established. Four distinct learning operators including baldwinian learning, cauchy mutation, gaussian mutation and lateral mutation are selected to merge together as a multi-learning operator. It can be expected that the multi-learning operator can effectively balance the exploration and exploitation of the search by enriched dynamics. To verify its performance, the proposed algorithm, which is called multi-learning immune algorithm (MLIA), is applied on a number of benchmark functions. Experimental results demonstrate the superiority of the proposed algorithm in terms of convergence speed and solution quality.
View full abstract
-
Sun-Mi PARK, Ku-Young CHANG, Dowon HONG, Changho SEO
Article type: PAPER
Subject area: Algorithms and Data Structures
2015 Volume E98.A Issue 1 Pages
378-383
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In several important applications, we often encounter with the computation of a Toeplitz matrix vector product (TMVP). In this work, we propose a
k-way splitting method for a TMVP over any field F, which is a generalization of that over
GF(2) presented by Hasan and Negre. Furthermore, as an application of the TMVP method over F, we present the first subquadratic space complexity multiplier over any finite field
GF(
pn) defined by an irreducible trinomial.
View full abstract
-
Chia-Jung CHANG, Takeyuki TAMURA, Kun-Mao CHAO, Tatsuya AKUTSU
Article type: PAPER
Subject area: Algorithms and Data Structures
2015 Volume E98.A Issue 1 Pages
384-390
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
The Boolean network can be used as a mathematical model for gene regulatory networks. An attractor, which is a state of a Boolean network repeating itself periodically, can represent a stable stage of a gene regulatory network. It is known that the problem of finding an attractor of the shortest period is NP-hard. In this article, we give a fixed-parameter algorithm for detecting a singleton attractor (SA) for a Boolean network that has only AND and OR Boolean functions of literals and has bounded treewidth
k. The algorithm is further extended to detect an SA for a constant-depth nested canalyzing Boolean network with bounded treewidth. We also prove the fixed-parameter intractability of the detection of an SA for a general Boolean network with bounded treewidth.
View full abstract
-
Xiaoning BIAN, Quanlong WANG
Article type: PAPER
Subject area: Information Theory
2015 Volume E98.A Issue 1 Pages
391-399
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
We introduce a graphical calculus for multi-qutrit systems (the qutrit ZX-calculus) based on the framework of dagger symmetric monoidal categories. This graphical calculus consists of generators for building diagrams and rules for transforming diagrams, which is obviously different from the qubit ZX-calculus. As an application of the qutrit ZX-calculus, we give a graphical description of a (2, 3) threshold quantum secret sharing scheme. In this way, we prove the correctness of the secret sharing scheme in a intuitively clear manner instead of complicated linear algebraic operations.
View full abstract
-
Kai PAN, Weiyang LIU, Dongcheng WU, Hui LI
Article type: PAPER
Subject area: Communication Theory and Signals
2015 Volume E98.A Issue 1 Pages
400-410
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Lossy communication networks may be one of the most challenging issues for Transmission Control Protocol (TCP), as random loss could be erroneously interpreted into congestion due to the original mechanism of TCP. Network coding (NC) promises significant improvement in such environment thanks to its ability to mix data across time and flows. Therefore, it has been proposed to combine with TCP called TCP-NC by MIT. In this paper, we dedicated to quantifying the
R, a key parameter for redundant packets, and make it close to the loss rate as much as possible, which has not been considered in the previous research. All of these are done by the sender who is completely unconscious of the network situation. Simulation results by NS2 under both wired and wireless networks showed that our method retains all the advantages of TCP-NC, and meanwhile outperforms TCP-NC and the other TCP variants in time-varying lossy networks.
View full abstract
-
Ann-Chen CHANG, Chih-Chang SHEN
Article type: LETTER
Subject area: Digital Signal Processing
2015 Volume E98.A Issue 1 Pages
411-414
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In this letter, an iterative carrier frequency offset (CFO) estimation approach is presented which finds a new CFO vector based on first order Taylor series expansion of the one initially given for interleaved orthogonal frequency division multiple access uplink systems. The problem of finding the new CFO vector is formulated as the closed form of a generalized eigenvalue problem, which allows one to readily solve it. The proposed estimator combined center-symmetric trimmed correlation matrix and orthogonal projection technique, which doesn't require eigenvalue decomposition and it only needs single data block.
View full abstract
-
Seokjin LEE, Hee-Suk PANG
Article type: LETTER
Subject area: Digital Signal Processing
2015 Volume E98.A Issue 1 Pages
415-420
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
The development of multichannel audio systems has increased the need for multichannel contents. However, the supply of multichannel audio contents is not sufficient for advanced multichannel systems. Therefore, home entertainment manufacturers need upmixing systems, including systems that utilize monaural time-frequency domain information. Therefore, a monaural ambience extraction algorithm based on nonnegative matrix factorization (NMF) has been developed recently. Ambience signals refer to sound components that do not have obvious spatial images, e.g., wind, rain, and diffuse sound. The developed algorithm provides good upmixing performance; however, the algorithm is a batch process and therefore, it cannot be used by home audio manufacturers. In this paper, we propose an on-line monaural ambience extraction algorithm. The proposed algorithm analyzes the dominant components with an on-line NMF algorithm, and extracts the remaining sound as ambience components. Experiments were performed with artificial mixed signals and real music signals, and the performance of the proposed algorithm was compared with the performance of the conventional batch algorithm as a reference. The experimental results show that the proposed algorithm extracts the ambience components as well as the batch algorithm, despite the on-line constraints.
View full abstract
-
Chenhui WANG, Yumin YUAN
Article type: LETTER
Subject area: Cryptography and Information Security
2015 Volume E98.A Issue 1 Pages
421-423
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
An aggregate signature scheme,which is an extension of ordinary signature, allows anyone to compress
n signatures of
n messages from
n signers into a single short signature for reducing the size multiple individual signatures. Recently, Liu et al. proposed an efficient certificateless aggregate signature scheme with shorter public key size, constant AS size and with constant pairing computations. Although they proved that the scheme has existential unforgeability against adaptive chosen messages attacks. However, in this paper, two concrete attacks are proposed to show that Liu et al.'s scheme actually does not reach the security as they claimed.
View full abstract
-
Junghyun NAM, Kim-Kwang Raymond CHOO, Juryon PAIK, Dongho WON
Article type: LETTER
Subject area: Cryptography and Information Security
2015 Volume E98.A Issue 1 Pages
424-427
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Although password-only authenticated key exchange (PAKE) in the three-party setting has been widely studied in recent years, it remains a challenging area of research. A key challenge in designing three-party PAKE protocols is to prevent insider dictionary attacks, as evidenced by the flaws discovered in many published protocols. In this letter, we revisit Abdalla and Pointcheval's three-party PAKE protocol from FC 2005 and demonstrate that this protocol, named 3PAKE, is vulnerable to a previously unpublished insider offline dictionary attack. Our attack is dependant on the composition of 3PAKE and the higher-level protocol that uses the established session key.
View full abstract
-
SeongHan SHIN, Kazukuni KOBARA
Article type: LETTER
Subject area: Cryptography and Information Security
2015 Volume E98.A Issue 1 Pages
428-433
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Hidden Credential Retrieval (HCR) protocols are designed for access credentials management where users who remember short passwords can retrieve his/her various credentials (access keys and tokens) with the help of a remote storage server over insecure networks (e.g., the Internet). In this paper, we revisit two HCR protocols, both of which are based on blind signature schemes: one (we call it B-HCR) was proposed in ASIACCS 2009 and the other (we call it MRS-HCR) was in WISA 2010. In particular, we show that the B-HCR protocol is
insecure against an outside attacker who impersonates server
S. Specifically, the attacker can find out the user's password
pw with off-line dictionary attacks by eavesdropping the communications between the user and a third-party online service provider. Also, we show that the MRS-HCR protocol does not work
correctly itself. In other words, user
U can not retrieve the plaintext Msg (i.e., credentials) even if he/she has a knowledge of the password.
View full abstract
-
Zhiqiang LIN, Lishan KE, Dongdai LIN, Jian GAO
Article type: LETTER
Subject area: Cryptography and Information Security
2015 Volume E98.A Issue 1 Pages
434-440
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
Feedback with carry shift registers (FCSRs) implemented using Galois representation have been found to have a weakness called LFSRization. It leads to powerful attacks against the stream ciphers based on them. A new representation called ring representation has been proposed to avoid the attacks. It was considered to circumvent the weaknesses of Galois FCSRs. This correspondence presents a class of ring FCSRs, which meet the implementation criteria, but are still possible to maintain linear behavior for several clock cycles. Their LFSRization probability and how to improve their security are also mentioned.
View full abstract
-
Soohyun JANG, Jaeyoung ROH, Seongjoo LEE, Yunho JUNG
Article type: LETTER
Subject area: Communication Theory and Signals
2015 Volume E98.A Issue 1 Pages
441-444
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
In this letter, a robust time synchronization algorithm is proposed for MIMO-OFDM based WLAN systems. IEEE 802.11ac MIMO-OFDM WLAN standard specifies that the preamble with cyclic shift diversity (CSD) scheme is used for time and frequency synchronization. However, since the CSD scheme introduces multiple cross-correlation peaks at the receiver, serious performance degradation appears if the conventional cross-correlation based algorithm is applied. In the proposed algorithm, the time synchronization error due to multiple peaks is compensated by adding the cross-correlation value to its reverse cyclic-shifted version. Simulation results show that the proposed algorithm achieves an SNR gain of 1.5 to 4.5dB for the synchronization failure rate of 10
-2 compared with the existing algorithms.
View full abstract
-
Zhe LIU, Feng LI, WenLei DUAN
Article type: LETTER
Subject area: Communication Theory and Signals
2015 Volume E98.A Issue 1 Pages
445-449
Published: 2015
Released on J-STAGE: January 01, 2015
JOURNAL
RESTRICTED ACCESS
This letter studies the problem of cooperative spectrum sensing in wideband cognitive radio networks. Based on the basis expansion model (BEM), the problem of estimation of power spectral density (PSD) is transformed to estimation of BEM coefficients. The sparsity both in frequency domain and space domain is used to construct a sparse estimation structure. The theory of
L1/2 regularization is used to solve the compressed sensing problem. Simulation results demonstrate the effectiveness of the proposed method.
View full abstract