In this work, template attacks that aimed to leak the nonce were performed on 256-bit ECDSA hardware to evaluate the resistance against side-channel attacks. The target hardware was an ASIC and was revealed to be vulnerable to the combination of template attacks and lattice attacks. Furthermore, the attack result indicated it was not enough to fix the MSB of the nonce to 1 which is a common countermeasure. Also, the success rate of template attacks was estimated by simulation. This estimation does not require actual hardware and enables us to test the security of the implementation in the design phase. To clarify the acceptable amount of the nonce leakage, the computational cost of lattice attacks was compared to that of ρ method which is a cryptanalysis method. As a result, the success rate of 2-bit leakage of the nonce must be under 62% in the case of 256-bit ECDSA. In other words, SNR must be under 2-4 in our simulation model.

Let us consider a situation where someone wants to encrypt his/her will on an existing blockchain, e.g. Bitcoin, and allow an encrypted will to be decryptable only if designated members work together. At a first glance, such a property seems to be easily provided by using conventional threshold encryption. However, this idea cannot be straightforwardly implemented since key pairs for an encryption mechanism is additionally required. In this paper, we propose a new threshold encryption scheme in which key pairs for ECDSA that are already used in the Bitcoin protocol can be directly used as they are. Namely, a unique key pair can be simultaneously used for both ECDSA and our threshold encryption scheme without losing security. Furthermore, we implemented our scheme on the Bitcoin regtest network, and show that it is fairly practical. For example, the execution time of the encryption algorithm Enc (resp., the threshold decryption algorithm Dec) is 0.2sec. (resp., 0.3sec.), and the total time is just only 3sec. including all the cryptographic processes and network communications for a typical parameter setting. Also, we discuss several applications of our threshold encryption scheme in detail: Claiming priority of intellectual property, sealed-bid auction, lottery, and coin tossing service.

A 256-bit $mathbb{F}_p$ ECDSA crypto processor featuring low latency, low energy consumption and capability of changing the Elliptic curve parameters is designed and fabricated in SOTB 65nm CMOS process. We have demonstrated the lowest ever reported signature generation time of 31.3 μs at 238MHz clock frequency. Energy consumption is 3.28 μJ/signature-generation, which is same as the lowest reported till date. We have also derived addition formulae on Elliptic curve useful for reduce the number of registers and operation cycles.

This paper presents the optimal implementation methods for 256-bit elliptic curve digital signature algorithm (ECDSA) signature generation processors with high speed Montgomery multipliers. We have explored the radix of the data path of the Montgomery multiplier from 2-bit to 256-bit operation and proposed the use of pipelined Montgomery multipliers for signature generation speed, area, and energy optimization. The key factor in the design optimization is how to perform modular multiplication. The high radix Montgomery multiplier is known to be an efficient implementation for high-speed modular multiplication. We have implemented ECDSA signature generation processors with high radix Montgomery multipliers using 65-nm SOTB CMOS technology. Post-layout results show that the fastest ECDSA signature generation time of 63.5µs with radix-256-bit, a two-module four-streams pipeline architecture, and an area of 0.365mm2 (which is the smallest) with a radix-16-bit zero-pipeline architecture, and the smallest signature generation energy of 9.51µJ with radix-256-bit zero-pipeline architecture.

This study looks at how an e-Health System can reduce morbidity (poor health) in unreached communities. The e-Health system combines affordable sensors and Body Area Networking technology with mobile health concepts and is called a Portable Health Clinic. The health clinic is portable because all the medical devices fit inside a briefcase and are carried to unreached communities by a healthcare assistants. Patient morbidity is diagnosed using software stratification algorithm and categorized according to triage color-coding scheme within the briefcase. Morbid patients are connected to remote doctor in a telemedicine call center using the mobile network coverage. Electronic Health Records (EHR) are used for the medical consultancy and e-Prescription is generated. The effectiveness of the portable health clinic system to target morbidity was tested on 8690 patients in rural and urban areas of Bangladesh during September 2012 to January 2013. There were two phases to the experiment: the first phase identified the intensity of morbidity and the second phase re-examined the morbid patients, two months later. The experiment results show a decrease in patients to identify as morbid among those who participated in telemedicine process.

In this paper, two techniques for implementing a low-power pipelined analog-to-digital converter (ADC) are proposed. First, the time-interleaved correlated double sampling (CDS) technique is proposed to compensate the finite gain error of operational amplifiers in switched-capacitor circuits without a half-rate front-end sample-and-hold amplifier (SHA). Therefore, low-gain amplifiers and the SHA-less architecture can be used to effectively reduce power consumption of a pipelined ADC. Second, the back-end pipelined stages of a pipelined ADC are implemented using a low-power time-interleaved successive approximation (SA) ADC rather than operational amplifiers to further reduce the power consumption of the proposed pipelined ADC. A 9-bit, 100-MS/s hybrid pipelined-SA ADC is implemented in the TSMC 0.13 µm triple-well 1P8M CMOS process. The ADC achieves a spurious free dynamic range (SFDR) of 62.15 dB and a signal-to-noise distortion ratio (SNDR) of 50.85-dB for 2-MHz input frequency at a 100-MS/s sampling rate. The power consumption is 21.2 mW from a 1.2 V supply. The core area of the ADC is 1.6 mm2.

We investigate the enhancement of the optical nonlinearity and the limit of the improvement of the response speed in CdSxSe1-x microcrystallites by measuring the effective optical nonlinear cross section (σeff), the energy decay time (T1) and the dephasing time in two kinds of semiconductor microcrystallites of CdS0.12Se0.8 microcrystallites embedded in alkaline multi-component glasses (CdSSeMs) and CdSe microcrystallites embedded in SiO2 thin film (CdSeMs). As the average radius of CdSSeMs decreases from 10 to 1 nm, the values of σeff and T1 gradually change from 2.610-16 to 1.110-16 cm2 and from dozens picoseconds to 4 psec, respectively. The size dependence of CdSSEMs shows that the energy level structure in the microcrystallite with a radius of less than a few nanometers is a two-level system, in which σeff is proportional to T2. The carrier recombination time (τ) of CdSSeMs with the average radius of 1 nm is estimated to 2 psec. As the average radius of a CdS0.12Se0.8 microcrystallite decreases from 9 to 3 nm, the values of T2 gradually change from 640 to 230 fsec at 18 K, respectively. The size and temperature dependences of T2 for the CdSSeMs show that there is the discrepancy between the theory and the measured T2. The discrepancy showes the presence of the acoustic-phonon-assisted relaxation processes other than the pure-dephasing processes. It is indicated that T2 becomes long by reducing the excessive acoustic-phonon-assisted relaxation processes, and that the longer T2 might enhance σeff. We investigate the enhancement of σeff in CdSeMs by making T2 longer. The τ, σeff, and T2 of CdSeM an average radius of 3 nm are 40 psec, 4.510-15 cm2, and 150 fsec at room temperature. The σeff is ten times as large as that of CdSSeM sample at the same average radius and the enhancement of σeff can be considered to be caused by the longer T2.

The Minimum Connected Dominating Set (MCDS) reduces the number of messages to destinations and the finding MCDS is considered as a NP-hard problem. Alzoubi's approximation algorithm is known as the best in terms of message-optimal CDS construction, but not for mobility management. We present a message-efficient mobility management scheme based on distributed spanning trees. The proposed method may generate more messages than Alzoubi's for message delivery, but it consumes significantly fewer messages for mobility management (to the ratio of 2.5). Thus, when highly mobile networks are assumed, the proposed scheme outperforms Alzoubi's in terms of total number of messages.

This paper presents a practical implementation scheme of the variable gain amplifier (VGA) using a Cds photo coupler (Cds PC) as a variable resister at the feedback loop. The fundamental design policies of IF amplifier stage in superheterodyne receiver were described. We demonstrated the VGA's experimental results. The results indicated the excellent IIP3 of +25 dBm achieved by a gain of 15 dB, and the reasonable thermal stability and variable gain range. Third-order intermodulation distortion (IMD3) comparison between the proposed VGA and conventional PIN diode attenuation type VGA was evaluated and the result indicated that the proposed VGA surpassed the PIN VGA. The proposed VGA was practically fabricated in 455 kHz IF amplifier stage for an airborne VHF communication receiver in order to improve the large signal handling capability to eliminate numerous interferences resulting from the collocated airborne VHF communication systems on the aircraft.

Photonic crystals have optical properties characterized by photonic bandgap, large anisotropy and high dispersion, which can be applied to various optical devices. We have proposed an autocloning method for fabricating 2D or 3D photonic crystals and are developing novel structures and functions in photonic crystals. The autocloning is an easy process based on the combination of sputter deposition and sputter etching and is suitable for industry. We have already demonstrated devices or functions such as polarization splitters and surface-normal waveguides. In this paper, we describe our latest work on photonic crystals utilizing the autocloning technology. Phase plates and polarization selective gratings for optical pick-ups are demonstrated utilizing TiO2/SiO2 photonic crystals. The technology to introduce CdS into 3D photonic crystals is also developed and photoluminescence from the introduced CdS is observed, which is the first step to realize luminescent devices with 3D confinement or high polarization controllability.

II-VI laser diode was fabricated using a ZnCdSe/ZnS0.06Se0.94/ZnMgSSe SCH structure on GaAs, in which ZnMgSSe was originally proposed by our group. ZnMgSSe is lattice-matched to GaAs and the bandgap energy of ZnMgSSe is larger than that of ZnSe and ZnS0.06Se0.94 lattice-matched to GaAs. As for the crystal growth mechanism, the composition of ZnMgSSe is not changed and the RHEED pattern becomes spotty in group II-rich growth conditions and S incorporation is difficult in group VI-rich growth conditions. From these results, we consider that the optimized growth condition of ZnMgSSe is in the stoichiometric region (both (21) and c(22) were observed). As for the device quality, although the current density of this device is minimized to 500 A/cm2, it was difficult to improve the reliability of the electrode and the active layer ZnCdSe. We found that the thin ZnTe and thick ZnSSe based electrode is necessary for reliability of the electrode, and that an optimized VI/II ratio is necessary for the reliability of the active region. To fabricate a relatively low-operating-voltage device, the stripe width is also an important parameter. In spite of relatively weak covalent bond of II-VI compounds, we can produce a device lifetime as long as 400 h.