We present a new keystream generator (KSG) MUGI, which is a variant of PANAMA proposed at FSE '98. MUGI has a 128-bit secret key and a 128-bit initial vector as parameters and generates a 64-bit string per round. The design is particularly suited for efficient hardware implementations, but the software performance of MUGI is excellent as well. A speed optimized implementation in hardware achieves about 3 Gbps with 26 Kgates, which is several times faster than AES. On the other hand, the security of MUGI has been evaluated by analyzing the applicability of re-synchronization attacks, related-key attacks, and attacks that exploit the linear correlation of an output sequence. Our analysis confirms that MUGI is a secure KSG.

The present paper introduces the construction of quadriphase sequences having a zero-correlation zone. For a zero-correlation zone sequence set of N sequences, each of length l, the cross-correlation function and the side lobe of the autocorrelation function of the proposed sequence set are zero for the phase shifts τ within the zero-correlation zone z, such that |τ|≤z (τ ≠ 0 for the autocorrelation function). The ratio $rac{N(z+1)}{ell}$ is theoretically limited to one. When l=N(z+1), the sequence set is called an optimal zero-correlation sequence set. The proposed zero-correlation zone sequence set can be generated from an arbitrary Hadamard matrix of order n. The length of the proposed sequence set can be extended by sequence interleaving, where m times interleaving can generate 4n sequences, each of length 2m+3n. The proposed sequence set is optimal for m=0,1 and almost optimal for m>1.

The present paper introduces a novel construction of structured ternary sequences having a zero-correlation zone (ZCZ) for both periodic and aperiodic correlation functions. The cross-correlation function and the side lobe of the auto-correlation function of the proposed sequence set are zero for phase shifts within the ZCZ. The proposed ZCZ sequence set can be generated from an arbitrary Hadamard matrix of order n. The sequence set of order 0 is identical to the r-th row of the Hadamard matrix. For m≥0, the sequence set of order (m+1) is constructed from the sequence set of order m by sequence concatenation and interleaving. The sequence set of order m has 2m subsets of size n. The length of the sequence is equal to n4m+2m+1(2m-1); The phase shift of the ZCZ for the whole sequence set is from -(2m-1) to (2m-1). The sequence set of order 0 is coincident with the rows of the given Hadamard sequence with no ZCZ. The subsets can be associated with a perfect binary tree of height m with 2m leaves. The r-th sequence subset consists of from the nr-th sequence to the ((n+1)r-1)-th sequence. The r-th subset is assigned to the r-th leaf of the perfect binary tree. For a longer distance between the corresponding leaves to the r-th and s-th sequences, the ZCZ of the r-th and s-th sequences is wider. This tree-structured width of ZCZ of a pair of the proposed sequences enables flexible design in applications of the proposed sequence set. The proposed sequence is suitable for a heterogeneous wireless network, which is one of the candidates for the fifth generation of radio access networks.

To analyze the structure of a set of high-dimensional perfect sequences over a composition algebra over R, we developed the theory of Fourier transforms of the set of such sequences. We define the discrete cosine transform and the discrete sine transform, and we show that there exists a relationship between these transforms and a convolution of sequences. By applying this property to a set of perfect sequences, we obtain a parameterization theorem. Using this theorem, we show the equivalence between the left perfectness and right perfectness of sequences. For sequences of real numbers, we obtain the parameterization without restrictions on the parameters.

Cryptography is now popularized and is widely used anywhere for many aims such as data confidentiality and integrity. The cryptographic key has a limited lifetime. For example, the National Institute of Standards and Technology published SP800-57 in order to provide cryptographic key management guidance, and it strictly limits the lifetime of the cryptographic key and the lifetime of encrypted data. That means, the data encryption key is required to be periodically updated and the associated encrypted data is required to be re-encrypted with the new key each time. The cost, especially network traffic, is crucial if the encrypted data is away from the key. In this paper we discuss what to be achieved by key updating and propose a key update mechanism reducing the communication and computation cost of re-encryption.

SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.

Enocoro-128v2 is a lightweight stream cipher submitted to Cryptography Research and Evaluation Committees (CRYPTREC). In this paper, we first describe a side channel attack on Enocoro-128v2. We show that all secret key bytes of Enocoro-128v2 can be recovered by correlation power analysis, and it is shown by an experiment that around 6000 traces are needed to recover the secret key on SASEBO-GII (Side-channel Attack Standard Evaluation Board). We second propose a countermeasure with threshold implementation technique, which allows Enocoro-128v2 to be resistant against correlation power analysis as long as less than 105 traces are used.

This paper introduces a new digital ATC (Automatic Train Control device) system. In the current ATC, the central ATC logic device calculates permissive speed of each blocking section and controls speed of all trains. On the other hand, in the new digital ATC, the central logic controller calculates each position to which a train can move safely, and sends the information on positions to all trains. On each train, the on-board equipment calculates an appropriate braking pattern with the information, and controls velocity of the train. That is, in the new system, the device on each train autonomously calculates permissive speed of that train. These special features realize ideal speed control of each train making full use of its performance for acceleration and deceleration, which in turns allows high-density train operations.

The present paper introduces a novel method for the construction of a class of sequences that have a zero-correlation zone. For the proposed sequence set, both the cross-correlation function and the side lobe of the auto-correlation function are zero for phase shifts within the zero-correlation zone. The proposed scheme can generate a set of sequences of length 8n2 from an arbitrary Hadamard matrix of order n and a set of 2n trigonometric-like function sequences of length 4n. The proposed sequence construction can generate an optimal zero-correlation zone sequence set that satisfies the theoretical bound on the number of members for the given zero-correlation zone and sequence period. The auto-correlation function of the proposed sequence is equal to zero for all nonzero phase shifts. The peak factor of the proposed sequence set is √2, and the peak factor of a single trigonometric function is equal to √2. Assigning the sequences of the proposed set to a synthetic aperture ultrasonic imaging system would improve the S/N of the obtained image. The proposed sequence set can also improve the performance of radar systems. The performance of the applications of the proposed sequence sets are evaluated.

In many cryptographic protocols, a common-key encryption is used to provide a secure data-transmission channel. More precisely, the general idea of protocols is to have an encryption provide data authenticity as well as data confidentiality. In fact, there are known to be quite a few ways to provide both forms of security, however none of them are optimized enough to be efficient. We present a new encryption mode that uses a random number generator (RNG). Assuming the security of the RNG, we can prove not only perfect secrecy, but also message authentication. The proven probability of a successful forgery is (n-1)/(2b-1), where b is the number of bits in a block and n is the number of ciphertext blocks. The proposed scheme achieves very high practicality due to the potential advantages in efficiency. When we use a computationally secure RNG, such as instance a pseudorandom number generator PRNG, we have advantages in efficiency; in addition to the PRNG parallel computation, the scheme requires only a single-path process on the data stream so that even a limited hardware resource can operate an encryption of a very long data stream. We demonstrate the practicality of our scheme, by showing a realistic parameter set and the evaluations of its performance.