A method for bandwidth enhancement of radar cross section (RCS) reduction by metasurfaces was studied. Scattering cancellation is one of common methods for reducing RCS of target scatterers. It occurs when the wave scattered by the target scatterer and the wave scattered by the canceling scatterer are the same amplitude and opposite phase. Since bandwidth of scattering cancellation is usually narrow, we proposed the bandwidth enhancement method using metasurfaces, which can control the frequency dependence of the scattering phase. We designed and fabricated a metasurface composed of a patch array on a grounded dielectric substrate. Numerical and experimental evaluations confirmed that the metasurface enhances the bandwidth of 10dB RCS reduction by 52% bandwidth ratio of the metasurface from 34% bandwidth ratio of metallic cancelling scatterers.

This paper presents the design and implementation of an automated multi-phase facilitation agent based on LLM to realize inclusive facilitation and efficient use of a large language model (LLM) to facilitate realistic discussions. Large-scale discussion support systems have been studied and implemented very widely since they enable a lot of people to discuss remotely and within 24 hours and 7 days. Furthermore, automated facilitation artificial intelligence (AI) agents have been realized since they can efficiently facilitate large-scale discussions. For example, D-Agree is a large-scale discussion support system where an automated facilitation AI agent facilitates discussion among people. Since the current automated facilitation agent was designed following the structure of the issue-based information system (IBIS) and the IBIS-based agent has been proven that it has superior performance. However, there are several problems that need to be addressed with the IBIS-based agent. In this paper, we focus on the following three problems: 1) The IBIS-based agent was designed to only promote other participants' posts by replying to existing posts accordingly, lacking the consideration of different behaviours taken by participants with diverse characteristics, leading to a result that sometimes the discussion is not sufficient. 2) The facilitation messages generated by the IBIS-based agent were not natural enough, leading to consequences that the participants were not sufficiently promoted and the participants did not follow the flow to discuss a topic. 3) Since the IBIS-based agent is not combined with LLM, designing the control of LLM is necessary. Thus, to solve the problems mentioned above, the design of a phase-based facilitation framework is proposed in this paper. Specifically, we propose two significant designs: One is the design for a multi-phase facilitation agent created based on the framework to address problem 1); The other one is the design for the combination with LLM to address problem 2) and 3). Particularly, the language model called “GPT-3.5” is used for the combination by using corresponding APIs from OPENAI. Furthermore, we demonstrate the improvement of our facilitation agent framework by presenting the evaluations and a case study. Besides, we present the difference between our framework and LangChain which has generic features to utilize LLMs.

Despite the increasing use of conversational artificial intelligence (AI) in online discussion environments, few studies explore the application of AI as a facilitator in forming problem-solving debates and influencing opinions in cross-venue scenarios, particularly in diverse and war-ravaged countries. This study aims to investigate the impact of AI on enhancing participant engagement and collaborative problem-solving in online-mediated discussion environments, especially in diverse and heterogeneous discussion settings, such as the five cities in Afghanistan. We seek to assess the extent to which AI participation in online conversations succeeds by examining the depth of discussions and participants' contributions, comparing discussions facilitated by AI with those not facilitated by AI across different venues. The results are discussed with respect to forming and changing opinions with and without AI-mediated communication. The findings indicate that the number of opinions generated in AI-facilitated discussions significantly differs from discussions without AI support. Additionally, statistical analyses reveal quantitative disparities in online discourse sentiments when conversational AI is present compared to when it is absent. These findings contribute to a better understanding of the role of AI-mediated discussions and offer several practical and social implications, paving the way for future developments and improvements.

A circular string formed by connecting the first and the last symbols of a string is one of the simplest sequence forms, and it has been used for many applications such as data compression and fragment assembly problem. A sufficient condition on the lengths of substrings with frequencies for reconstruction of an input circular binary string is shown. However, there are no detailed descriptions on the proof of the sufficient condition and reconstruction algorithm. In this paper, we prove a necessary and sufficient condition on the lengths of substrings with frequencies for reconstruction of the circular string. We show the length is shorter than that of previous study for some circular strings. For improving the length, we use minimal absent words (MAWs) for given substrings of length k, and we propose a new construction algorithm of MAWs of length h(>k) while a conventional construction algorithm of MAWs can construct MAWs of length l(≤k). Moreover, we propose reconstruction algorithm of an input circular string for given substrings satisfying the new condition.

Multi-signatures have seen renewed interest due to their application to blockchains, e.g., BIP 340 (one of the Bitcoin improvement proposals), which has triggered the proposals of several new schemes with improved efficiency. However, many previous works have a “loose” security reduction (a large gap between the difficulty of the security assumption and breaking the scheme) or depend on strong idealized assumptions such as the algebraic group model (AGM). This makes the achieved level of security uncertain when instantiated in groups typically used in practice, and it becomes unclear for developers how secure a given scheme is for a given choice of security parameters. Thus, this leads to the question “what kind of schemes can we construct that achieves tight security based on standard assumptions?”. In this paper, we show a simple two-round tightly-secure pairing-based multi-signature scheme based on the computation Diffie-Hellman problem in the random oracle model. This proposal is the first two-round multi-signature scheme that achieves tight security based on a computational assumption and supports key aggregation. Furthermore, our scheme reduce the signature bit size by 19% compared with the shortest existing tightly-secure DDH-based multi-signature scheme. Moreover, we implemented our scheme in C++ and confirmed that it is efficient in practice; to complete the verification takes less than 1[ms] with a total (computational) signing time of 13[ms] for under 100 signers. The source code of the implementation is published as OSS.

Homomorphic encryption (HE) is public key encryption that enables computation over ciphertexts without decrypting them. To overcome an issue that HE cannot achieve IND-CCA2 security, the notion of keyed-homomorphic encryption (KH-PKE) was introduced (Emura et al., PKC 2013), which has a separate homomorphic evaluation key and can achieve stronger security named KH-CCA security. The contributions of this paper are twofold. First, recall that the syntax of KH-PKE assumes that homomorphic evaluation is performed for single operations, and KH-CCA security was formulated based on this syntax. Consequently, if the homomorphic evaluation algorithm is enhanced in a way of gathering up sequential operations as a single evaluation, then it is not obvious whether or not KH-CCA security is preserved. In this paper, we show that KH-CCA security is in general not preserved under such modification, while KH-CCA security is preserved when the original scheme additionally satisfies circuit privacy. Secondly, Catalano and Fiore (ACM CCS 2015) proposed a conversion method from linearly HE schemes into two-level HE schemes, the latter admitting addition and a single multiplication for ciphertexts. In this paper, we extend the conversion to the case of linearly KH-PKE schemes to obtain two-level KH-PKE schemes. Moreover, based on the generalized version of Catalano-Fiore conversion, we also construct a similar conversion from d-level KH-PKE schemes into 2d-level KH-PKE schemes.

Secure two-party computation is a cryptographic tool that enables two parties to compute a function jointly without revealing their inputs. It is known that any function can be realized in the correlated randomness (CR) model, where a trusted dealer distributes input-independent CR to the parties beforehand. Sometimes we can construct more efficient secure two-party protocol for a function g than that for a function f, where g is a restriction of f. However, it is not known in which case we can construct more efficient protocol for domain-restricted function. In this paper, we focus on the size of CR. We prove that we can construct more efficient protocol for a domain-restricted function when there is a “good” structure in CR space of a protocol for the original function, and show a unified way to construct a more efficient protocol in such case. In addition, we show two applications of the above result: The first application shows that some known techniques of reducing CR size for domain-restricted function can be derived in a unified way, and the second application shows that we can construct more efficient protocol than an existing one using our result.

Identity-based encryption with equality test (IBEET) is a variant of identity-based encryption (IBE), in which any user with trapdoors can check whether two ciphertexts are encryption of the same plaintext. Although several lattice-based IBEET schemes have been proposed, they have drawbacks in either security or efficiency. Specifically, most IBEET schemes only satisfy selective security, while public keys of adaptively secure schemes in the standard model consist of matrices whose numbers are linear in the security parameter. In other words, known lattice-based IBEET schemes perform poorly compared to the state-of-the-art lattice-based IBE schemes (without equality test). In this paper, we propose a semi-generic construction of CCA-secure lattice-based IBEET from a certain class of lattice-based IBE schemes. As a result, we obtain the first lattice-based IBEET schemes with adaptive security and CCA security in the standard model without sacrificing efficiency. This is because, our semi-generic construction can use several state-of-the-art lattice-based IBE schemes as underlying schemes, e.g. Yamada's IBE scheme (CRYPTO'17).

Information-theoretic security and computational security are fundamental paradigms of security in the theory of cryptography. The two paradigms interact with each other but have shown different progress, which motivates us to explore the intersection between them. In this paper, we focus on Multi-Party Computation (MPC) because the security of MPC is formulated by simulation-based security, which originates from computational security, even if it requires information-theoretic security. We provide several equivalent formalizations of the security of MPC under a semi-honest model from the viewpoints of information theory and statistics. The interpretations of these variants are so natural that they support the other aspects of simulation-based security. Specifically, the variants based on conditional mutual information and sufficient statistics are interesting because security proofs for those variants can be given by information measures and factorization theorem, respectively. To exemplify this, we show several security proofs of BGW (Ben-Or, Goldwasser, Wigderson) protocols, which are basically proved by constructing a simulator.

In this study, we consider the data compression with side information available at both the encoder and the decoder. The information source is assigned to a variable-length code that does not have to satisfy the prefix-free constraints. We define several classes of codes whose codeword lengths and error probabilities satisfy worse-case criteria in terms of side-information. As a main result, we investigate the exact first-order asymptotics with second-order bounds scaled as Θ(√n) as blocklength n increases under the regime of nonvanishing error probabilities. To get this result, we also derive its one-shot bounds by employing the cutoff operation.

Stabilizer-based quantum secret sharing has two methods to reconstruct a quantum secret: The erasure correcting procedure and the unitary procedure. It is known that the unitary procedure has a smaller circuit width. On the other hand, it is unknown which method has smaller depth and fewer circuit gates. In this letter, it is shown that the unitary procedure has smaller depth and fewer circuit gates than the erasure correcting procedure which follows a standard framework performing measurements and unitary operators according to the measurements outcomes, when the circuits are designed for quantum secret sharing using the [[5, 1, 3]] binary stabilizer code. The evaluation can be reversed if one discovers a better circuit for the erasure correcting procedure which does not follow the standard framework.

We have realized a design automation platform of hardware accelerator for pairing operation over multiple elliptic curve parameters. Pairing operation is one of the fundamental operations to realize functional encryption. However, known as a computational complexity-heavy algorithm. Also because there have been not yet identified standard parameters, we need to choose curve parameters based on the required security level and affordable hardware resources. To explore this design optimization for each curve parameter is essential. In this research, we have realized an automated design platform for pairing hardware for such purposes. Optimization results show almost equivalent to those prior-art designs by hand.

Logic circuits based on a photonic integrated circuit (PIC) have attracted significant interest due to their ultra-high-speed operation. However, they have a fundamental disadvantage that a large amount of the optical signal power is discarded in the path from the optical source to the optical output, which results in significant power consumption. This optical signal power loss is called a garbage output. To address this issue, this paper considers a circuit design without garbage outputs. Although a method for synthesizing an optical logic circuit without garbage outputs is proposed, this synthesis method can not obtain the optimal solution, such as a circuit with the minimum number of gates. This paper proposes a cross-bar gate logic (CBGL) as a new logic structure for optical logic circuits without garbage outputs, moreover enumerates the CBGLs with the minimum number of gates for all three input logic functions by an exhaustive search. Since the search space is vast, our enumeration algorithm incorporates a technique to prune it efficiently. Experimental results for all three-input logic functions demonstrate that the maximum number of gates required to implement the target function is five. In the best case, the number of gates in enumerated CBGLs is one-half compared to the existing method for optical logic circuits without garbage outputs.

In this work, template attacks that aimed to leak the nonce were performed on 256-bit ECDSA hardware to evaluate the resistance against side-channel attacks. The target hardware was an ASIC and was revealed to be vulnerable to the combination of template attacks and lattice attacks. Furthermore, the attack result indicated it was not enough to fix the MSB of the nonce to 1 which is a common countermeasure. Also, the success rate of template attacks was estimated by simulation. This estimation does not require actual hardware and enables us to test the security of the implementation in the design phase. To clarify the acceptable amount of the nonce leakage, the computational cost of lattice attacks was compared to that of ρ method which is a cryptanalysis method. As a result, the success rate of 2-bit leakage of the nonce must be under 62% in the case of 256-bit ECDSA. In other words, SNR must be under 2-4 in our simulation model.

In recent years, to meet strict time-to-market constraints, it has become difficult for only one semiconductor design company to design a VLSI. Thus, design companies purchase IP cores from third-party IP vendors and design only the necessary parts. On the other hand, since IP cores have the disadvantage that copyright infringement can be easily performed, logic locking has to be applied to them. Functional logic locking methods using TTLock are resilient to SAT attacks however vulnerable to FALL attacks. Additionally, it is difficult to design logic locking based on TTLock at the gate level. This paper proposes a logic locking method, CRLock, based on SAT attack and FALL attack resistance at the register transfer level. The CRLock is a logic locking method for controllers at RTL in which the designer selects a protected input pattern and modifies the controller based on the protection input pattern. In experimental results, we applied CRLock to MCNC'91 benchmark circuits and showed that all circuits are resistant to SAT and FALL attacks.

This letter presents a technique that observes system call mapping behavior of the proxy kernel layer of secure container runtimes. We applied it to file system operations of a secure container runtime, gVisor. We found that gVisor's operations can become more expensive than the native by 48× more syscalls for open, and 6× for read and write.

In practice, even a well-trained neural machine translation (NMT) model can still make biased inferences on the training set due to distribution shifts. For the human learning process, if we can not reproduce something correctly after learning it multiple times, we consider it to be more difficult. Likewise, a training example causing a large discrepancy between inference and reference implies higher learning difficulty for the MT model. Therefore, we propose to adopt the inference discrepancy of each training example as the difficulty criterion, and according to which rank training examples from easy to hard. In this way, a trained model can guide the curriculum learning process of an initial model identical to itself. We put forward an analogy to this training scheme as guiding the learning process of a curriculum NMT model by a pretrained vanilla model. In this paper, we assess the effectiveness of the proposed training scheme and take an insight into the influence of translation direction, evaluation metrics and different curriculum schedules. Experimental results on translation benchmarks WMT14 English ⇒ German, WMT17 Chinese ⇒ English and Multitarget TED Talks Task (MTTT) English ⇔ German, English ⇔ Chinese, English ⇔ Russian demonstrate that our proposed method consistently improves the translation performance against the advanced Transformer baseline.

The increasing demand for high-performance computing in recent years has led to active research on massively parallel systems. The interconnection network in a massively parallel system interconnects hundreds of thousands of processing elements so that they can process large tasks while communicating among others. By regarding the processing elements as nodes and the links between processing elements as edges, respectively, we can discuss various problems of interconnection networks in the framework of the graph theory. Many topologies have been proposed for interconnection networks of massively parallel systems. The hypercube is a very popular topology and it has many variants. The cross-cube is such a topology, which can be obtained by adding one extra edge to each node of the hypercube. The cross-cube reduces the diameter of the hypercube, and allows cycles of odd lengths. Therefore, we focus on the cross-cube and propose an algorithm that constructs disjoint paths from a node to a set of nodes. We give a proof of correctness of the algorithm. Also, we show that the time complexity and the maximum path length of the algorithm are O(n3 log n) and 2n - 3, respectively. Moreover, we estimate that the average execution time of the algorithm is O(n2) based on a computer experiment.

Ising machines can find optimum or quasi-optimum solutions of combinatorial optimization problems efficiently and effectively. It is known that, when a good initial solution is given to an Ising machine, we can finally obtain a solution closer to the optimal solution. However, several Ising machines cannot directly accept an initial solution due to its computational nature. In this paper, we propose a method to give quasi-initial solutions into Ising machines that cannot directly accept them. The proposed method gives the positive or negative external magnetic field coefficients (magnetic field controlling term) based on the initial solutions and obtains a solution by using an Ising machine. Then, the magnetic field controlling term is re-calculated every time an Ising machine repeats the annealing process, and hence the solution is repeatedly improved on the basis of the previously obtained solution. The proposed method is applied to the capacitated vehicle routing problem with an additional constraint (constrained CVRP) and the max-cut problem. Experimental results show that the total path distance is reduced by 5.78% on average compared to the initial solution in the constrained CVRP and the sum of cut-edge weight is increased by 1.25% on average in the max-cut problem.

Technological devices have become deeply embedded in people's lives, and their demand is growing every year. It has been indicated that outsourcing the design and manufacturing of integrated circuits, which are essential for technological devices, may lead to the insertion of malicious circuitry, called hardware Trojans (HTs). This paper proposes an HT detection method at gate-level netlists based on XGBoost, one of the best gradient boosting decision tree models. We first propose the optimal set of HT features among many feature candidates at a netlist level through thorough evaluations. Then, we construct an XGBoost-based HT detection method with its optimized hyperparameters. Evaluation experiments were conducted on the netlists from Trust-HUB benchmarks and showed the average F-measure of 0.842 using the proposed method. Also, we newly propose a Trojan probability propagation method that effectively corrects the HT detection results and apply it to the results obtained by XGBoost-based HT detection. Evaluation experiments showed that the average F-measure is improved to 0.861. This value is 0.194 points higher than that of the existing best method proposed so far.