The hardness in solving the shortest vector problem (SVP) is a fundamental assumption for the security of lattice-based cryptographic algorithms. In 2010, Micciancio and Voulgaris proposed an algorithm named the Gauss Sieve, which is a fast and heuristic algorithm for solving the SVP. Schneider presented another algorithm named the Ideal Gauss Sieve in 2011, which is applicable to a special class of lattices, called ideal lattices. The Ideal Gauss Sieve speeds up the Gauss Sieve by using some properties of the ideal lattices. However, the algorithm is applicable only if the dimension of the ideal lattice n is a power of two or n+1 is a prime. Ishiguro et al. proposed an extension to the Ideal Gauss Sieve algorithm in 2014, which is applicable only if the prime factor of n is 2 or 3. In this paper, we first generalize the dimensions that can be applied to the ideal lattice properties to when the prime factor of n is derived from 2, p or q for two primes p and q. To the best of our knowledge, no algorithm using ideal lattice properties has been proposed so far with dimensions such as: 20, 44, 80, 84, and 92. Then we present an algorithm that speeds up the Gauss Sieve for these dimensions. Our experiments show that our proposed algorithm is 10 times faster than the original Gauss Sieve in solving an 80-dimensional SVP problem. Moreover, we propose a rotation-based Gauss Sieve that is approximately 1.5 times faster than the Ideal Gauss Sieve.

This paper presents an image super-resolution technique using a convolutional neural network (CNN) and multi-task learning for multiple image categories. The image categories include natural, manga, and text images. Their features differ from each other. However, several CNNs for super-resolution are trained with a single category. If the input image category is different from that of the training images, the performance of super-resolution is degraded. There are two possible solutions to manage multi-categories with conventional CNNs. The first involves the preparation of the CNNs for every category. This solution, however, requires a category classifier to select an appropriate CNN. The second is to learn all categories with a single CNN. In this solution, the CNN cannot optimize its internal behavior for each category. Therefore, this paper presents a super-resolution CNN architecture for multiple image categories. The proposed CNN has two parallel outputs for a high-resolution image and a category label. The main CNN for the high-resolution image is a normal three convolutional layer-architecture, and the sub neural network for the category label is branched out from its middle layer and consists of two fully-connected layers. This architecture can simultaneously learn the high-resolution image and its category using multi-task learning. The category information is used for optimizing the super-resolution. In an applied setting, the proposed CNN can automatically estimate the input image category and change the internal behavior. Experimental results of 2× image magnification have shown that the average peak signal-to-noise ratio for the proposed method is approximately 0.22 dB higher than that for the conventional super-resolution with no difference in processing time and parameters. We have ensured that the proposed method is useful when the input image category is varying.

This paper presents a conformal retrodirective metagrating with multi-azimuthal-angle operating ability. First, a flat metagrating composed of a periodic array of single rectangular patch elements, two-layer stacked substrates, and a ground plane is implemented to achieve one-directional retroreflection at a specific angle. The elevation angle of the retroreflection is manipulated by precisely tuning the value of the period. To control the energy coupling to the retrodirective mode, the dimensions of the length and width of the rectangular patch are investigated under the effect of changing the substrate thickness. Three values of the length, width, and thickness are then chosen to obtain a high retroreflection power efficiency. Next, to create a conformal design operating simultaneously at multiple azimuthal angles, the rectangular patch array using a flexible ultra-thin guiding layer is conformed to a dielectric cylindrical substrate backed by a perfect electric conductor ground plane. Furthermore, to further optimize the retroreflection efficiency, two circular metallic plates are added at the two ends of the cylindrical substrate to eliminate the specular reflection inside the space of the cylinder. The measured radar cross-section shows a power efficiency of the retrodirective metagrating of approximately 91% and 93% for 30° retrodirected elevation angle at the azimuthal angles of 0° and 90°, respectively, at 5.8GHz.

A method is presented for increasing wireless LAN (WLAN) capacity in high-density environments with IEEE 802.11ax systems. We propose using coordinated scheduling of trigger frames based on our mobile cooperative control concept. High-density WLAN systems are managed by a management server, which gathers wireless environmental information from user equipment through cellular access. Hierarchical clustering of basic service sets is used to form synchronized clusters to reduce interference and increase throughput of high-density WLAN systems based on mobile cooperative control. This method increases uplink capacity by up to 19.4% and by up to 11.3% in total when WLAN access points are deployed close together. This control method is potentially effective for IEEE 802.11ax WLAN systems utilized as 5G mobile network components.

A model extraction attack is a security issue in deep neural networks (DNNs). Information on a trained DNN model is an attractive target for an adversary not only in terms of intellectual property but also of security. Thus, an adversary tries to reveal the sensitive information contained in the trained DNN model from machine-learning services. Previous studies on model extraction attacks assumed that the victim provides a machine-learning cloud service and the adversary accesses the service through formal queries. However, when a DNN model is implemented on an edge device, adversaries can physically access the device and try to reveal the sensitive information contained in the implemented DNN model. We call these physical model extraction attacks model reverse-engineering (MRE) attacks to distinguish them from attacks on cloud services. Power side-channel analyses are often used in MRE attacks to reveal the internal operation from power consumption or electromagnetic leakage. Previous studies, including ours, evaluated MRE attacks against several types of DNN processors with power side-channel analyses. In this paper, information leakage from a systolic array which is used for the matrix multiplication unit in the DNN processors is evaluated. We utilized correlation power analysis (CPA) for the MRE attack and reveal weight parameters of a DNN model from the systolic array. Two types of the systolic array were implemented on field-programmable gate array (FPGA) to demonstrate that CPA reveals weight parameters from those systolic arrays. In addition, we applied an extended analysis approach called “chain CPA” for robust CPA analysis against the systolic arrays. Our experimental results indicate that an adversary can reveal trained model parameters from a DNN accelerator even if the DNN model parameters in the off-chip bus are protected with data encryption. Countermeasures against side-channel leaks will be important for implementing a DNN accelerator on a FPGA or application-specific integrated circuit (ASIC).

ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).

Replayable chosen ciphertext (RCCA) security was introduced by Canetti, Krawczyk, and Nielsen (CRYPTO'03) in order to handle an encryption scheme that is “non-malleable except tampering which preserves the plaintext.” RCCA security is a relaxation of CCA security and a useful security notion for many practical applications such as authentication and key exchange. Canetti et al. defined non-malleability against RCCA (NM-RCCA), indistinguishability against RCCA (IND-RCCA), and universal composability against RCCA (UC-RCCA). Moreover, they proved that these three security notions are equivalent when considering a PKE scheme whose plaintext space is super-polynomially large. Among these three security notions, NM-RCCA seems to play the central role since RCCA security was introduced in order to capture “non-malleability except tampering which preserves the plaintext.” However, their definition of NM-RCCA is not a natural extension of that of original non-malleability, and it is not clear whether their NM-RCCA captures the requirement of original non-malleability. In this paper, we propose definitions of indistinguishability-based and simulation-based non-malleability against RCCA by extending definitions of original non-malleability. We then prove that these two notions of non-malleability and IND-RCCA are equivalent regardless of the size of plaintext space of PKE schemes.

The membership check of a group is an important operation to implement discrete logarithm-based cryptography in practice securely. Since this check requires costly scalar multiplication or exponentiation operation, several efficient methods have been investigated. In the case of pairing-based cryptography, this is an extended research area of discrete logarithm-based cryptography, Barreto et al. (LATINCRYPT 2015) proposed a parameter choice called subgroup-secure elliptic curves. They also claimed that, in some schemes, if an elliptic curve is subgroup-secure, costly scalar multiplication or exponentiation operation can be omitted from the membership check of bilinear groups, which results in faster schemes than the original ones. They also noticed that some schemes would not maintain security with this omission. However, they did not show the explicit condition of what schemes become insecure with the omission. In this paper, we show a concrete example of insecurity in the sense of subgroup security to help developers understand what subgroup security is and what properties are preserved. In our conclusion, we recommend that the developers use the original membership check because it is a general and straightforward method to implement schemes securely. If the developers want to use the subgroup-secure elliptic curves and to omit the costly operation in a scheme for performance reasons, it is critical to carefully analyze again that correctness and security are preserved with the omission.

Resource limitations require that bugs be resolved efficiently. The bug modification process uses bug reports, which are generated from service user reports. Developers read these reports and fix bugs. Developers discuss bugs by posting comments directly in bug reports. Although several studies have investigated the initial report in bug reports, few have researched the comments. Our research focuses on bug reports. Currently, everyone is free to comment, but the bug fixing time may be affected by how to comment. Herein we investigate the topic of comments in bug reports. Mixed topics do not affect the bug fixing time. However, the bug fixing time tends to be shorter when the discussion length of the phenomenon is short.

This paper reports our new communication components and downlink tests for realizing 2.65Gbps by utilizing two circular polarizations. We have developed an on-board X-band transmitter, an on-board dual circularly polarized-wave antenna, and a ground station. In the on-board transmitter, we optimized the bias conditions of GaN High Power Amplifier (HPA) to linearize AM-AM performance. We have also designed and fabricated a dual circularly polarized-wave antenna for low-crosstalk polarization multiplexing. The antenna is composed of a corrugated horn antenna and a septum-type polarizer. The antenna achieves Cross Polarization Discrimination (XPD) of 37-43dB in the target X-band. We also modify an existing 10m ground station antenna by replacing its primary radiator and adding a polarizer. We put the polarizer and Low Noise Amplifiers (LNAs) in a cryogenic chamber to reduce thermal noise. Total system noise temperature of the antenna is 58K (maximum) for 18K physical temperature when the angle of elevation is 90° on a fine winter day. The dual circularly polarized-wave ground station antenna has 39.0dB/K of Gain - system-noise Temperature ratio (G/T) and an XPD higher than 37dB. The downlinked signals are stored in a data recorder at the antenna site. Afterwards, we decoded the signals by using our non-real-time software demodulator. Our system has high frequency efficiency with a roll-off factor α=0.05 and polarization multiplexing of 64APSK. The communication bits per hertz corresponds to 8.41bit/Hz (2.65Gbit/315MHz). The system is demonstrated in orbit on board the RAPid Innovative payload demonstration Satellite (RAPIS-1). RAPIS-1 was launched from Uchinoura Space Center on January 19th, 2019. We decoded 1010 bits of downlinked R- and L-channel signals and found that the downlinked binary data was error free. Consequently, we have achieved 2.65Gbps communication speed in the X-band for earth observation satellites at 300 Mega symbols per second (Msps) and polarization multiplexing of 64APSK (coding rate: 4/5) for right- and left-hand circular polarizations.

Multivariate public key cryptosystem (MPKC) is one of the major post quantum cryptosystems (PQC), and the National Institute of Standards and Technology (NIST) recently selected four MPKCs as candidates of their PQC. The security of MPKC depends on the hardness of solving systems of algebraic equations over finite fields. In particular, the multivariate quadratic (MQ) problem is that of solving such a system consisting of quadratic polynomials and is regarded as an important research subject in cryptography. In the Fukuoka MQ challenge project, the hardness of the MQ problem is discussed, and algorithms for solving the MQ problem and the computational results obtained by these algorithms are reported. Algorithms for computing Gröbner basis are used as the main tools for solving the MQ problem. For example, the F4 algorithm and M4GB algorithm have succeeded in solving many instances of the MQ problem provided by the project. In this paper, based on the F4-style algorithm, we present an efficient algorithm to solve the MQ problems with dense polynomials generated in the Fukuoka MQ challenge project. We experimentally show that our algorithm requires less computational time and memory for these MQ problems than the F4 algorithm and M4GB algorithm. We succeeded in solving Type II and III problems of Fukuoka MQ challenge using our algorithm when the number of variables was 37 in both problems.

Web-based social engineering (SE) attacks manipulate users to perform specific actions, such as downloading malware and exposing personal information. Aiming to effectively lure users, some SE attacks, which we call multi-step SE attacks, constitute a sequence of web pages starting from a landing page and require browser interactions at each web page. Also, different browser interactions executed on a web page often branch to multiple sequences to redirect users to different SE attacks. Although common systems analyze only landing pages or conduct browser interactions limited to a specific attack, little effort has been made to follow such sequences of web pages to collect multi-step SE attacks. We propose STRAYSHEEP, a system to automatically crawl a sequence of web pages and detect diverse multi-step SE attacks. We evaluate the effectiveness of STRAYSHEEP's three modules (landing-page-collection, web-crawling, and SE-detection) in terms of the rate of collected landing pages leading to SE attacks, efficiency of web crawling to reach more SE attacks, and accuracy in detecting the attacks. Our experimental results indicate that STRAYSHEEP can lead to 20% more SE attacks than Alexa top sites and search results of trend words, crawl five times more efficiently than a simple crawling module, and detect SE attacks with 95.5% accuracy. We demonstrate that STRAYSHEEP can collect various SE attacks, not limited to a specific attack. We also clarify attackers' techniques for tricking users and browser interactions, redirecting users to attacks.

Artificial intelligence (AI), especially deep learning (DL), has been remarkable and applied to various industries. However, adversarial examples (AE), which add small perturbations to input data of deep neural networks (DNNs) for misclassification, are attracting attention. In this paper, we propose a novel black-box attack to craft AE using only processing time which is side-channel information of DNNs, without using training data, model architecture and parameters, substitute models or output probability. While, several existing black-box attacks use output probability, our attack exploits a relationship between the number of activated nodes and the processing time of DNNs. The perturbations for AE are decided by the differential processing time according to input data in our attack. We show experimental results in which our attack's AE increase the number of activated nodes and cause misclassification to one of the incorrect labels effectively. In addition, the experimental results highlight that our attack can evade gradient masking countermeasures which mask output probability to prevent crafting AE against several black-box attacks.

A fully homomorphic encryption (FHE) would be the important cryptosystem as the basic scheme for the cloud computing. Since Gentry discovered in 2009 the first fully homomorphic encryption scheme, some fully homomorphic encryption schemes were proposed. In the systems proposed until now the bootstrapping process is the main bottleneck and the large complexity for computing the ciphertext is required. In 2011 Zvika Brakerski et al. proposed a leveled FHE without bootstrapping. But circuit of arbitrary level cannot be evaluated in their scheme while in our scheme circuit of any level can be evaluated. The existence of an efficient fully homomorphic cryptosystem would have great practical implications in the outsourcing of private computations, for instance, in the field of the cloud computing. In this paper, IND-CCA1secure FHE based on the difficulty of prime factorization is proposed which does not need the bootstrapping and it is thought that our scheme is more efficient than the previous schemes. In particular the computational overhead for homomorphic evaluation is O(1).

Dense deployments of wireless local area network (WLAN) access points (APs) are accelerating to accommodate the massive wireless traffic from various mobile devices. The AP densification improves the received power at mobile devices; however, total throughput in a target area is saturated by inter-cell interference (ICI) because of the limited number of frequency channels available for WLANs. To substantially mitigate ICI, we developed and described a distributed smart antenna system (D-SAS) proposed for dense WLAN AP deployment in this paper. We also describe a system configuration based on our D-SAS approach. In this approach, the distributed antennas externally attached to each AP can be switched so as to make the transmit power match the mobile device's conditions (received power and packet type). The gains obtained by the antenna switching effectively minimize the transmission power required of each AP. We also describe experimental measurements taken in a stadium using a system prototype, the results show that D-SAS offers double the total throughput attained by a centralized smart antenna system (C-SAS).

Multimodal embedding is a crucial research topic for cross-modal understanding, data mining, and translation. Many studies have attempted to extract representations from given entities and align them in a shared embedding space. However, because entities in different modalities exhibit different abstraction levels and modality-specific information, it is insufficient to embed related entities close to each other. In this study, we propose the Target-Oriented Deformation Network (TOD-Net), a novel module that continuously deforms the embedding space into a new space under a given condition, thereby providing conditional similarities between entities. Unlike methods based on cross-modal attention applied to words and cropped images, TOD-Net is a post-process applied to the embedding space learned by existing embedding systems and improves their performances of retrieval. In particular, when combined with cutting-edge models, TOD-Net gains the state-of-the-art image-caption retrieval model associated with the MS COCO and Flickr30k datasets. Qualitative analysis reveals that TOD-Net successfully emphasizes entity-specific concepts and retrieves diverse targets via handling higher levels of diversity than existing models.

Information leakage in Wyner's wiretap channel model is usually defined as the mutual information between the secret message and the eavesdropper's received signal. We define a new quantity called “conditional information leakage given the eavesdropper's received signals,” which expresses the amount of information that an eavesdropper gains from his/her received signal. A benefit of introducing this quantity is that we can develop a fast algorithm for computing the conditional information leakage, which has linear complexity in the code length n, while the complexity for computing the usual information leakage is exponential in n. Validity of such a conditional information leakage as a security criterion is confirmed by studying the cases of binary symmetric channels and binary erasure channels.

To be suitable in practice, pairings are typically carried out by two steps, which consist of the Miller loop and final exponentiation. To improve the final exponentiation step of a pairing on the BLS family of pairing-friendly elliptic curves with embedding degree 15, the authors provide a new representation of the exponent. The proposal can achieve a more reduction of the calculation cost of the final exponentiation than the previous method by Fouotsa et al.

This letter proposes a load balance and power transfer scheme among small cell base stations (SBSs) to maximize the sum rate of small cell network. In the proposed scheme, small cell users (SUEs) are firstly associated with their nearest SBSs, then the overloaded SBSs can be determined. Further, the methods, i.e., Case 1: SUEs of overloaded SBSs are offloaded to their neighbor underloaded SBSs or Case 2: SUEs of overloaded SBSs are served by their original associated SBSs through obtaining power from their nearby SBSs that can provide higher data rate is selected. Finally, numerical simulations demonstrate that the proposed scheme has better performance.