In 2005, Nandi introduced a class of double-block-length compression functions hπ(x) := (h(x), h(π(x))), where h is a random oracle with an n-bit output and π is a non-cryptographic public permutation. Nandi demonstrated that the collision resistance of hπ is optimal if π has no fixed point in the classical setting. Our study explores the collision resistance of hπ and the Merkle-Damgård hash function using hπ in the quantum random oracle model. Firstly, we reveal that the quantum collision resistance of hπ may not be optimal even if π has no fixed point. If π is an involution, then a colliding pair of inputs can be found for hπ with only O(2n/2) queries by the Grover search. Secondly, we present a sufficient condition on π for the optimal quantum collision resistance of hπ. This condition states that any collision attack needs Ω(22n/3) queries to find a colliding pair of inputs. The proof uses the recent technique of Zhandry’s compressed oracle. Thirdly, we show that the quantum collision resistance of the Merkle-Damgård hash function using hπ can be optimal even if π is an involution. Finally, we discuss the quantum collision resistance of double-block-length compression functions using a block cipher.

In recent years, blockchain has been widely applied in the Internet of Things (IoT). Blockchain oracle, as a bridge for data communication between blockchain and off-chain, has also received significant attention. However, the numerous and heterogeneous devices in the IoT pose great challenges to the efficiency and security of data acquisition for oracles. We find that the matching relationship between data sources and oracle nodes greatly affects the efficiency and service quality of the entire oracle system. To address these issues, this paper proposes a distributed and efficient oracle solution tailored for the IoT, enabling fast acquisition of real-time off-chain data. Specifically, we first design a distributed oracle architecture that combines both Trusted Execution Environment (TEE) devices and ordinary devices to improve system scalability, considering the heterogeneity of IoT devices. Secondly, based on the trusted node information provided by TEE, we determine the matching relationship between nodes and data sources, assigning appropriate nodes for tasks to enhance system efficiency. Through simulation experiments, our proposed solution has been shown to effectively improve the efficiency and service quality of the system, reducing the average response time by approximately 9.92% compared to conventional approaches.

This paper presents a power amplifier (PA) designed as a part of a transceiver front-end fabricated in 130-nm SiGe BiCMOS. The PA shares its output antenna port with a low noise amplifier using a low-loss transmission/reception switch. The output matching network of the PA is designed to provide high output power, low AM-AM distortion, and uniform performance over frequencies in the range of 24.25-29.5GHz. Measurements of the front-end in TX mode demonstrate peak S21 of 30.3dB at 26.7GHz, S21 3-dB bandwidth of 9.8GHz from 22.2to 32.0GHz, and saturated output power (Psat) above 20dBm with power-added efficiency (PAE) above 22% from 24 to 30GHz. For a 64-QAM 400MHz bandwidth orthogonal frequency division multiplexing (OFDM) signal, -25dBc error vector magnitude (EVM) is measured at an average output power of 12.3dBm and average PAE of 8.8%. The PA achieves a competitive ITRS FoM of 92.9.

With the growing global demand for seafood, sustainable aquaculture is attracting more attention than conventional natural fishing, which causes overfishing and damage to the marine environment. However, a major problem facing the aquaculture industry is the cost of feeding, which accounts for about 60% of a fishing expenditure. Excessive feeding increases costs, and the accumulation of residual feed on the seabed negatively impacts the quality of water environments (e.g., causing red tides). Therefore, the importance of raising fishes efficiently with less food by optimizing the timing and quantity of feeding becomes more evident. Thus, we developed a system to quantitate the amount of fish activity for the optimal feeding time and feed quantity based on the images taken. For quantitation, optical flow that is a method for tracking individual objects was used. However, it is difficult to track individual fish and quantitate their activity in the presence of many fishes. Therefore, all fish in the filmed screen were considered as a single school and the amount of change in an entire screen was used as the amount of the school activity. We divided specifically the entire image into fixed regions and quantitated by vectorizing the amount of change in each region using optical flow. A vector represents the moving distance and direction. We used the numerical data of a histogram as the indicator for the amount of fish activity by dividing them into classes and recording the number of occurrences in each class. We verified the effectiveness of the indicator by quantitating the eating and not eating movements during feeding. We evaluated the performance of the quantified indicators by the support vector classification, which is a form of machine learning. We confirmed that the two activities can be correctly classified.

When confirming the ACLR (adjacent channel leakage power ratio), which are representative indicators of distortion in the design of PA (power amplifier), it is well known how to calculate the AM-AM/PM characteristics of PA, input time series data of modulated signals, and analyze the output by Fourier analysis. In 5G (5th generation) mobile phones, not only QPSK (quadrature phase shift keying) modulation but also 16QAM (quadrature modulation), 64QAM, and 256QAM are becoming more multivalued as modulation signals. In addition, the modulation band may exceed 100MHz, and the amount of time series data increases, and the increase in calculation time becomes a problem. In order to shorten the calculation time, calculating the total amount of distortion generated by PA from the probability density of the modulation signal and the AM (amplitude modulation)-AM/PM (phase modulation) characteristics of PA is considered. For the AM-AM characteristics of PA, in this paper, IMD3 (inter modulation distortion 3) obtained from probability density and IMD3 by Fourier analysis, which are often used so long, are compared. As a result, it was confirmed that the result of probability density analysis is similar to that of Fourier analysis, when the nonlinearity is somewhat small. In addition, the agreement between the proposed method and the conventional method was confirmed with an error of about 2.0dB of ACLR using the modulation waves with a bandwidth of 5MHz, RB (resource block) being 25, and QPSK modulation.

New services can use fog nodes to distribute Internet of Things (IoT) data. To distribute IoT data, we apply the publish/subscribe messaging model to a fog computing system. A service provider assigns a unique identifier, called a Tag ID, to a player who owes data. A Tag ID matches multiple IDs and resolves the naming rule for data acquisition. However, when users configure their fog node and distribute IoT data to multiple players, the distributed data may contain private information. We propose a table-based access control list (ACL) to manage data transmission permissions to address this issue. It is possible to avoid unnecessary transmission of private data by using a table-based ACL. Furthermore, because there are fewer data transmissions, table-based ACL reduces traffic. Consequently, the overall system's average processing delay time can be reduced. The proposed method's performance was confirmed by simulation results. Table-based ACL, particularly, could reduce processing delay time by approximately 25% under certain conditions. We also concentrated on system security. The proposed method was used, and a qualitative evaluation was performed to demonstrate that security is guaranteed.

As a kind of marine vehicles, Unmanned Surface Vehicles (USV) are widely used in military and civilian fields because of their low cost, good concealment, strong mobility and high speed. High-precision detection of obstacles plays an important role in USV autonomous navigation, which ensures its subsequent path planning. In order to further improve obstacle detection performance, we propose an encoder-decoder architecture named Fusion Refinement Network (FRN). The encoder part with a deeper network structure enables it to extract more rich visual features. In particular, a dilated convolution layer is used in the encoder for obtaining a large range of obstacle features in complex marine environment. The decoder part achieves the multiple path feature fusion. Attention Refinement Modules (ARM) are added to optimize features, and a learnable fusion algorithm called Feature Fusion Module (FFM) is used to fuse visual information. Experimental validation results on three different datasets with real marine images show that FRN is superior to state-of-the-art semantic segmentation networks in performance evaluation. And the MIoU and MPA of the FRN can peak at 97.01% and 98.37% respectively. Moreover, FRN could maintain a high accuracy with only 27.67M parameters, which is much smaller than the latest obstacle detection network (WaSR) for USV.

The Schnorr signature is one of the representative signature schemes and its security was widely discussed. In the random oracle model (ROM), it is provable from the DL assumption, whereas there is negative circumstantial evidence in the standard model. Fleischhacker, Jager, and Schröder showed that the tight security of the Schnorr signature is unprovable from a strong cryptographic assumption, such as the One-More DL (OM-DL) assumption and the computational and decisional Diffie-Hellman assumption, in the ROM via a generic reduction as long as the underlying cryptographic assumption holds. However, it remains open whether or not the impossibility of the provable security of the Schnorr signature from a strong assumption via a non-tight and reasonable reduction. In this paper, we show that the security of the Schnorr signature is unprovable from the OM-DL assumption in the non-programmable ROM as long as the OM-DL assumption holds. Our impossibility result is proven via a non-tight Turing reduction.

Aggregate signature (AS) schemes enable anyone to compress signatures under different keys into one. In sequential aggregate signature (SAS) schemes, the aggregate signature is computed incrementally by the sighers. Several trapdoor-permutation-based SAS have been proposed. In this paper, we give a constructions of SAS based on the first SAS scheme with lazy verification proposed by Brogle et al. in ASIACRYPT 2012. In Brogle et al.'s scheme, the size of the aggregate signature is linear of the number of the signers. In our scheme, the aggregate signature has constant length which satisfies the original ideal of compressing the size of signatures.

IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.

Multisignatures are digital signatures for a group consisting of multiple signers where each signer signs common documents via interaction with its co-signers and the data size of the resultant signatures for the group is independent of the number of signers. In this work, we propose a multisignature scheme, whose security can be tightly reduced to the CDH problem in bilinear groups, in the strongest security model where nothing more is required than that each signer has a public key, i.e., the plain public key model. Loosely speaking, our main idea for a tight reduction is to utilize a three-round interaction in a full-domain hash construction. Namely, we surmise that a full-domain hash construction with three-round interaction will become tightly secure under the CDH problem. In addition, we show that the existing scheme by Zhou et al. (ISC 2011) can be improved to a construction with a tight security reduction as an application of our proof framework.

Deterministic ID-based signatures are digital signatures where secret keys are probabilistically generated by a key generation center while the signatures are generated deterministically. Although the deterministic ID-based signatures are useful for both systematic and cryptographic applications, to the best of our knowledge, there is no scheme with a tight reduction proof. Loosely speaking, since the security is downgraded through dependence on the number of queries by an adversary, a tighter reduction for the security of a scheme is desirable, and this reduction must be as close to the difficulty of its underlying hard problem as possible. In this work, we discuss mathematical features for a tight reduction of deterministic ID-based signatures, and show that the scheme by Selvi et al. (IWSEC 2011) is tightly secure by our new proof framework under a selective security model where a target identity is designated in advance. Our proof technique is versatile, and hence a reduction cost becomes tighter than the original proof even under an adaptive security model. We furthermore improve the scheme by Herranz (The Comp. Jour., 2006) to prove tight security in the same manner as described above. We furthermore construct an aggregate signature scheme with partial aggregation, which is a key application of deterministic ID-based signatures, from the improved scheme.

In recent years, Fischlin and Fleischhacker showed the impossibility of proving the security of specific types of FS-type signatures, the signatures constructed by the Fiat-Shamir transformation, via a single-instance reduction in the non-programmable random oracle model (NPROM, for short). In this paper, we pose a question whether or not the impossibility of proving the security of any FS-type signature can be shown in the NPROM. For this question, we show that each FS-type signature cannot be proven to be secure via a key-preserving reduction in the NPROM from the security against the impersonation of the underlying identification scheme under the passive attack, as long as the identification scheme is secure against the impersonation under the active attack. We also show the security incompatibility between the security of some FS-type signatures in the NPROM via a single-instance key-preserving reduction and the underlying cryptographic assumptions. By applying this result to the Schnorr signature, one can prove the incompatibility between the security of the Schnorr signature in this situation and the discrete logarithm assumption, whereas Fischlin and Fleischhacker showed that such an incompatibility cannot be proven via a non-key-preserving reduction.

Rational proofs, introduced by Azar and Micali (STOC 2012), are a variant of interactive proofs in which the prover is rational, and may deviate from the protocol for increasing his reward. Guo et al. (ITCS 2014) demonstrated that rational proofs are relevant to delegation of computation. By restricting the prover to be computationally bounded, they presented a one-round delegation scheme with sublinear verification for functions computable by log-space uniform circuits with logarithmic depth. In this work, we study rational proofs in which the verifier is also rational, and may deviate from the protocol for decreasing the prover's reward. We construct a three-message delegation scheme with sublinear verification for functions computable by log-space uniform circuits with polylogarithmic depth in the random oracle model.

Structured signatures are digital signatures where relationship between signers is guaranteed in addition to the validity of individually generated data for each signer, and have been expected for the digital right management. Nevertheless, we mention that there is no scheme with a tight security reduction, to the best of our knowledge. Loosely speaking, it means that the security is downgraded against an adversary who obtains a large amount of signatures. Since contents are widely utilized in general, achieving a tighter reduction is desirable. Based on this background, we propose the first structured signature scheme with a tight security reduction in the conventional public key cryptography and the one with a rigorous reduction proof in the ID-based cryptography via our new proof method. Moreover, the security of our schemes can be proven under the CDH assumption which is the most standard. Our schemes are also based on bilinear maps whose implementation can be provided via well-known cryptographic libraries.

In this paper, the performance of a vehicle information sharing (VIS) system for an intersection collision warning system (ICWS) is analyzed. The on-board unit (OBU) of the ICWS sharing obstacle detection sensor information (ICWS-ODSI) is mounted on a vehicle, and it obtains information about the surrounding vehicles, such as their position and velocity, by its in-vehicle obstacle detection sensors. These information are shared with other vehicles via an intervehicle communication network. In this analysis, a T-junction is assumed as the road environment for the theoretical analysis of the VIS performance in terms of the mean of entire vehicle information acquiring probability (MEVIAP). The MEVIAP on OBU penetration rate indicated that the ICWS-ODSI is superior to the conventional VIS system that only shares its own individual driving information via an intervehicle communication network. Furthermore, the MEVIAP on the sensing range of the ICWS-ODSI is analyzed, and it was found that the ISO15623 sensor used for the forward vehicle collision warning system becomes a candidate for the in-vehicle detection sensor of ICWS-ODSI.

Two new authenticated key agreement protocols in the certificateless setting are presented in this paper. Both are proved secure in the extended Canetti-Krawczyk model, under the BDH assumption. The first one is more efficient than the Lippold et al.'s (LBG) protocol, and is proved secure in the same security model. The second protocol is proved secure under the Swanson et al.'s security model, a weaker model. As far as we know, our second proposed protocol is the first one proved secure in the Swanson et al.'s security model. If no pre-computations are done, the first protocol is about 26% faster than LBG, and the second protocol is about 49% faster than LBG, and about 31% faster than the first one. If pre-computations of some operations are done, our two protocols remain faster.

This paper proposes an enhancement to a previously reported adaptive peak-to-average power ratio (PAPR) reduction method based on clipping and filtering (CF) for eigenmode multiple-input multiple-output (MIMO) — orthogonal frequency division multiplexing (OFDM) signals. We enhance the method to accommodate the case with adaptive modulation and channel coding (AMC). Since the PAPR reduction process degrades the signal-to-interference and noise power ratio (SINR), the AMC should take into account this degradation before PAPR reduction to select accurately the modulation scheme and coding rate (MCS) for each spatial stream. We use the lookup table-based prediction of SINR after PAPR reduction, in which the interference caused by the PAPR reduction is obtained as a function of the stream index, frequency block index, clipping threshold for PAPR reduction, and input backoff (IBO) of the power amplifier. Simulation results show that the proposed PAPR reduction method increases the average throughput compared to the conventional CF method for a given adjacent channel leakage power ratio (ACLR) when we assume practical AMC.

In this paper, we propose an identity-based authenticated key exchange (ID-AKE) protocol that is secure in the identity-based extended Canetti-Krawczyk (id-eCK) model in the random oracle model under the gap Bilinear Diffie-Hellman assumption. The proposed ID-AKE protocol is the most efficient among the existing ID-AKE protocols that is id-eCK secure, and it can be extended to use in asymmetric pairing.

This paper provides a sufficient condition to construct timed-release public-key encryption (TRPKE), where the constructed TRPKE scheme guarantees strong security against malicious time servers, proposed by Chow et al., and strong security against malicious receivers, defined by Cathalo et al., in the random oracle model if the component IBE scheme is IND-ID-CPA secure, the component PKE scheme is IND-ID-CPA secure, and the PKE scheme satisfies negligible γ-uniformity for every public key. Although Chow et al. proposed a strongly secure TRPKE scheme, which is concrete in the standard model, to the best of our knowledge, the proposed construction is the first generic one for TRPKE that guarantees strong security even in the random oracle model.