In this work, template attacks that aimed to leak the nonce were performed on 256-bit ECDSA hardware to evaluate the resistance against side-channel attacks. The target hardware was an ASIC and was revealed to be vulnerable to the combination of template attacks and lattice attacks. Furthermore, the attack result indicated it was not enough to fix the MSB of the nonce to 1 which is a common countermeasure. Also, the success rate of template attacks was estimated by simulation. This estimation does not require actual hardware and enables us to test the security of the implementation in the design phase. To clarify the acceptable amount of the nonce leakage, the computational cost of lattice attacks was compared to that of ρ method which is a cryptanalysis method. As a result, the success rate of 2-bit leakage of the nonce must be under 62% in the case of 256-bit ECDSA. In other words, SNR must be under 2-4 in our simulation model.

The Graph Coloring Problem (GCP) is a fundamental combinatorial optimization problem that has many practical applications. Degree of SATURation (DSATUR) and Recursive Largest First (RLF) are well known as typical solution construction algorithms for GCP. It is necessary to update the vertex degree in the subgraph induced by uncolored vertices when selecting vertices to be colored in both DSATUR and RLF. There is an issue that the higher the edge density of a given graph, the longer the processing time. The purposes of this paper are to propose a degree updating method called Adaptive Degree Updating (ADU for short) that improves the issue, and to evaluate the effectiveness of ADU for DSATUR and RLF on DIMACS benchmark graphs as well as random graphs having a wide range of sizes and densities. Experimental results show that the construction algorithms with ADU are faster than the conventional algorithms for many graphs and that the ADU method yields significant speed-ups relative to the conventional algorithms, especially in the case of large graphs with higher edge density.

Recently, broadband wireless communication has been significantly enhanced; thus, frequency spectrum scarcity has become an extremely serious problem. Spatial frequency reuse based on spectrum databases has attracted significant attention. The spectrum database collects wireless environment information, such as the radio signal strength indicator (RSSI), estimates the propagation coefficient for the propagation loss and shadow effect, and finds a vacant area where the secondary system uses the frequency spectrum without harmful interference to the primary system. Wireless sensor networks are required to collect the RSSI from a radio environmental monitor. However, a large number of RSSI values should be gathered because numerous sensors are spread over the wireless environment. In this study, a data compression technique based on spatial features, such as buildings and houses, is proposed. Using computer simulation and experimental evaluation, we confirm that the proposed compression method successfully reduces the size of the RSSI and restores the original RSSI in the recovery process.

Let us consider a situation where someone wants to encrypt his/her will on an existing blockchain, e.g. Bitcoin, and allow an encrypted will to be decryptable only if designated members work together. At a first glance, such a property seems to be easily provided by using conventional threshold encryption. However, this idea cannot be straightforwardly implemented since key pairs for an encryption mechanism is additionally required. In this paper, we propose a new threshold encryption scheme in which key pairs for ECDSA that are already used in the Bitcoin protocol can be directly used as they are. Namely, a unique key pair can be simultaneously used for both ECDSA and our threshold encryption scheme without losing security. Furthermore, we implemented our scheme on the Bitcoin regtest network, and show that it is fairly practical. For example, the execution time of the encryption algorithm Enc (resp., the threshold decryption algorithm Dec) is 0.2sec. (resp., 0.3sec.), and the total time is just only 3sec. including all the cryptographic processes and network communications for a typical parameter setting. Also, we discuss several applications of our threshold encryption scheme in detail: Claiming priority of intellectual property, sealed-bid auction, lottery, and coin tossing service.

Pre-weighting based Contention Resolution Diversity Slotted ALOHA-like (PW-CRDSA-like) schemes with joint multi-user multi-slot detection (JMMD) algorithm are proposed to improve the throughput of random access (RA) in geostationary earth orbit (GEO) satellite networks. The packet and its replicas are weighted by different pre-weighting factors at each user terminal, and are sent in randomly selected slots within a frame. The correlation of channels between user terminals and satellite node in different slots are removed by using pre-weighting factors. At the gateway station, after the decoding processing of CRDSA, the combinations of remained signals in slots that can construct virtual multiple-input multiple-output (MIMO) signal models are found and decoded by the JMMD algorithm. Deadlock problems that can be equivalent to virtual MIMO signal models in the conventional CRDSA-like schemes can be effectively resolved, which improves the throughput of these CRDSA-like schemes. Simulation results show that the PW-CRDSA-like schemes with the JMMD significantly outperform the conventional CRDSA-like schemes in terms of the throughput under equal packet loss ratio (PLR) conditions (e.g. PLR =10-2), and as the number of the transmitted replicas increases, the throughput of the PW-CRDSA-like schemes also increases, and the normalized maximum throughput of the PW-CRDSA-5 (i.e., PW-CRDSA with 5 replicas) scheme can reach 0.95.

A 256-bit $mathbb{F}_p$ ECDSA crypto processor featuring low latency, low energy consumption and capability of changing the Elliptic curve parameters is designed and fabricated in SOTB 65nm CMOS process. We have demonstrated the lowest ever reported signature generation time of 31.3 μs at 238MHz clock frequency. Energy consumption is 3.28 μJ/signature-generation, which is same as the lowest reported till date. We have also derived addition formulae on Elliptic curve useful for reduce the number of registers and operation cycles.

In the ordinary security model for signature schemes, we consider an adversary that tries to forge a signature on a new message using only his knowledge of other valid message and signature pairs. To take into account side channel attacks such as tampering or fault-injection attacks, Bellare and Kohno (Eurocrypt 2003) formalized related-key attacks (RKA), where stronger adversaries are considered. In the RKA security model for signature schemes, we consider an adversary that can also manipulate the signing key and obtain signatures computed under the modified key. RKA security is defined with respect to the related-key deriving functions which are used by an adversary to manipulate the signing key. This paper considers RKA security of three established signature schemes: the Schnorr signature scheme, a variant of DSA, and a variant of ElGamal signature scheme. First, we show that these signature schemes are secure against a weak notion of RKA with respect to polynomial functions. Second, we demonstrate that, on the other hand, none of the Schnorr signature scheme, DSA, nor the ElGamal signature scheme achieves the standard notion of RKA security with respect to linear functions, by showing concrete attacks on these. Lastly, we show that slight modifications of the Schnorr signature scheme, (the considered variant of) DSA, and the variant of ElGamal signature scheme yield fully RKA secure schemes with respect to polynomial functions.

This paper presents the optimal implementation methods for 256-bit elliptic curve digital signature algorithm (ECDSA) signature generation processors with high speed Montgomery multipliers. We have explored the radix of the data path of the Montgomery multiplier from 2-bit to 256-bit operation and proposed the use of pipelined Montgomery multipliers for signature generation speed, area, and energy optimization. The key factor in the design optimization is how to perform modular multiplication. The high radix Montgomery multiplier is known to be an efficient implementation for high-speed modular multiplication. We have implemented ECDSA signature generation processors with high radix Montgomery multipliers using 65-nm SOTB CMOS technology. Post-layout results show that the fastest ECDSA signature generation time of 63.5µs with radix-256-bit, a two-module four-streams pipeline architecture, and an area of 0.365mm2 (which is the smallest) with a radix-16-bit zero-pipeline architecture, and the smallest signature generation energy of 9.51µJ with radix-256-bit zero-pipeline architecture.

In this paper, an imaging components transmission scheme for the improvement of multipath delay resolution in a Fractional Sampling (FS) OFDM receiver is proposed. FS has been proposed as a diversity scheme and achieves path diversity by enlarging the bandwidth of the baseband filters in order to transmit the imaging components of the desired signal. However, FS is not able to achieve diversity with very short delay multipaths because of its low multipath delay resolution. Wider bandwidth of the transmission signal is required to improve the resolution of the delay. On the other hand, cognitive radio is an emerging technology to utilize frequency spectrum flexibly through dynamic spectrum access (DSA). To resolve the small delay multipaths and to use the spectrum flexibly with DSA, this paper investigates the FS path diversity with the imaging components on the separated frequency channel. The correlation between the 2 FS branches is analyzed theoretically on the 2 path channel under the conditions of sampling interval, delay spread, and frequency separation. Numerical results through computer simulation show that the proposed scheme improves the multipath resolution and the bit error rate (BER) performance under the existence of small delay multipaths.

Dynamic spectrum allocation (DSA) based on secondary spectrum market is considered a promising technology to improve spectrum utilization efficiency and to relieve the wireless spectrum shortage problem. We propose a dynamic spectrum allocation algorithm named market equilibrium and game (MEG), and construct a complete secondary spectrum market. The market based on the MEG algorithm consists of two submarkets: multiple primary services providers (PSPs) and a dynamic spectrum allocation server (DSAS) form the high submarket, while the low submarket is composed of the DSAS and a number of secondary users. In the low submarket, the MEG algorithm provides a game type selection strategy. By this strategy, the DSAS can win more payoffs with lower unit spectrum price, which encourages secondary users to use more spectrum. A secondary user can also choose its preferable game type between dynamic game and Nash bargaining flexibly. On the other hand, a bargaining procedure in the high submarket is designed in the MEG algorithm to ensure that market equilibrium is quickly reached. A performance analysis shows that the strategy of game type selection is fair and feasible for both the DSAS and the secondary users. Moreover, the bargaining procedure is better than the existing algorithm which adjusts price step by step in the high submarket. Simulation results also demonstrate that the market fluctuation in the low submarket is passed to the high submarket by way of the DSAS. The MEG algorithm can effectively satisfy the highly-fluctuating demands from the secondary users. In addition, the MEG algorithm can improve the payoffs of all players and increase spectrum utilization efficiency.

This paper addresses the coexistence issue of distributed heterogeneous networks where the network nodes are cognitive radio terminals. These nodes, operating as secondary users (SUs), might interfere with primary users (PUs) who are licensed to use a given frequency band. Further, due to the lack of coordination and the dissimilarity of the radio access technologies (RATs) among these wireless nodes, they might interfere with each other. To solve this coexistence problem, we propose an architecture that enables coordination among the distributed nodes. The architecture provides coexistence solutions and sends reconfiguration commands to SU networks. As an example, time sharing is considered as a solution. Further, the time slot allocation ratios and transmit powers are parameters encapsulated in the reconfiguration commands. The performance of the proposed scheme is evaluated in terms of the coexistence between PUs and SUs, as well as the coexistence among SUs. The former addresses the interference from SUs to PUs, whereas the latter addresses the sharing of an identified spectrum opportunity among heterogeneous SU networks for achieving an efficient spectrum usage. In this study, we first introduce a new parameter named as quality of coexistence (QoC), which is defined as the ratio between the quality of SU transmissions and the negative interference to PUs. In this study we assume that the SUs have multiple antennas and employ fixed transmit power control (fixed-TPC). By using the approximation to the distribution of a weighted sum of chi-square random variables (RVs), we develop an analytical model for the time slot allocation among SU networks. Using this analytical model, we obtain the optimal time slot allocation ratios as well as transmit powers of the SU networks by maximizing the QoC. This leads to an efficient spectrum usage among SUs and a minimized negative influence to the PUs. Results show that in a particular scenario the QoC can be increased by 30%.

Spectrum sensing is an important function for dynamic spectrum access (DSA) type cognitive radio systems to detect opportunities for sharing the spectrum with a primary system. The key requirements for spectrum sensing are stability in controlling the probability of false alarm as well as detection performance of the primary signals. However, false alarms can be triggered by noise uncertainty at the secondary devices or unknown interference signals from other secondary systems in realistic radio environments. This paper proposes a robust spectrum sensing method against such uncertainties; it is a kind of cyclostationary feature detection (CFD) approaches. Our proposed method, referred to as maximum cyclic autocorrelation selection (MCAS), compares the peak and non-peak values of the cyclic autocorrelation function (CAF) to detect primary signals, where the non-peak value is the CAF value calculated at cyclic frequencies between the peaks. In MCAS, the desired probability of false alarm can be obtained by setting the number of the non-peak values. In addition, the multiple peak values are combined in MCAS to obtain noise reduction effect and coherent combining gain. Through computer simulations, we show that MCAS can control the probability of false alarm under the condition of noise uncertainty and interference. Furthermore, our method achieves better performance with much less computational complexity in comparison to conventional CFD methods.

Wide area ubiquitous wireless networks, which consist of access points (APs) connected to the fixed network and a great many wireless terminals (WTs), can offer a wide range of applications everywhere. In order to enhance network performance, we need to collect different kinds of data from as many WTs as possible; each AP must be capable of accommodating more than 103 WTs. This requirement can be achieved by employing DSA, a typical centralized media access control scheme, since it has high resource utilization efficiency. In this paper, we propose a novel DSA scheme that employs three new techniques to enhance throughput performance; (1) considering that most terminals tend to send data periodically, it employs both polling-based schemes, i.e. request-polling and data-polling, and a random access scheme. (2) In order to enhance bandwidth utilization effectiveness by polling, the polling timing is decided according to the data generation timing. (3) The AP decides the polled data size according to the latest distribution of data size and polls the WT for the data directly. If the data-polling size can not be determined with confidence, the AP uses request-polling instead of data-polling. Simulations verify that the proposed scheme offers better transmission performance than the existing schemes.

Most of previous works have presented the dynamic spectrum allocation (DSA) gain achieved by utilizing the time or regional variations in traffic demand between multi-network operators (NOs). In this paper, we introduce the functionalities required for the entities related with the spectrum sharing and allocation and propose a spectrum allocation algorithm while considering the long-term priority between NOs, the priority between multiple class services, and the urgent bandwidth request. To take into account the priorities among the NOs and the priorities of multiple class services, a spectrum sharing metric (SSM) is proposed, while a negotiation procedure is proposed to treat the urgent bandwidth request.

In this paper, we will report practical modifications of the side-channel analysis to (EC)DSA [1],[2],[5],[34] that Leadbitter et al. have proposed in [16]. To apply the analyses, we assume that the window method is used in the exponentiation or elliptic curve (EC) scalar multiplication and the side-channel information described in Sect. 3.2 can be collected. So far, the method in [16] hasn't been effective when the size q of a cyclic group used in (EC)DSA is 160 bit long and the window size w < 9. We show that the modified method we propose in this paper is effective even when q is 160 bit long and w=4. This shows that our method is effective for various practical implementations, e.g., that in resource restricted environment like IC card devises. First, we estimate the window size w necessary for the proposed analyses (attacks) to succeed. Then by experiment of the new method, we show that private keys of (EC)DSA can be obtained under the above assumptions, in practical time and with sufficient success rate. The result raises the necessity of countermeasures against the analyses (attacks) in the window method based implementation of (EC)DSA.

This paper proposes a new polling-based dynamic slot assignment (DSA) scheme. With the rapid progress of wireless access systems, wireless data communication will become more and more attractive. In wireless data communication, an efficient DSA scheme is required to enhance system throughput, since the capacity of radio links is often smaller than that of wired links. A polling-based DSA scheme is typically used in centralized slot assignment control systems. It, however, is difficult to assign the slots to the targeted mobile terminals in a fair-share manner if only a polling-based scheme is used, especially in unbalanced-traffic circumstances, as revealed later. To solve this problem, we propose the exponential decreasing and proportional increasing rate control as is employed in available bit rate (ABR) service in ATM so that fair slot assignment is achieved even in heavily-unbalanced-traffic circumstances. Moreover, so that an AP operating with a large number of MTs can avoid long transmission delays, a polling-based resource request scheme with random access is featured in a new algorithm. Simulations verify that the proposed scheme offers fair slot assignment for each user while maintaining high throughput and short delay performance.

This paper proposes an adaptive microphone array using blind deconvolution. The method realizes an signal enhancement based on the combination of blind deconvolution, synchronized summation and DSA (Delay-and-Sum Array) method. The proposed method improves performance of estimation by the iterative operation of blind deconvolution using a cost-function based on the coherency function.

In this paper, a scheme to remove clouds and their shadows from remotely sensed images of Landsat TM over land has been proposed. The scheme uses the image fusion technique to automatically recognize and remove contamination of clouds and their shadows, and integrate complementary information into the composite image from multitemporal images. The cloud regions can be detected on the basis of the reflectance differences with the other regions. Based on the fact that shadows smooth the brightness changes of the ground, the shadow regions can be detected successfully by means of wavelet transform. Further, an area-based detection rule is developed in this paper and the multispectral characteristics of Landsat TM images are used to alleviate the computational load. Because the wavelet transform is adopted for the image fusion, artifacts are invisible in the fused images. Finally, the performance of the proposed scheme is demonstrated experimentally.

The security of the ElGamal-type signature scheme is based on the difficulty of solving a discrete logarithm problem. If a random value that is introduced in the signing procedure is small, then the time for generating signature can be reduced. This strategy is particularly advantageous when a signer uses a smart card. In this paper, we show that the secret key can be computed efficiently if the random value is less than O(q) where q is the order of the generator.

This letter derives the theoretical lower bound on image correlation coefficient that judges the extent of image degradation. It is shown that the correlation coefficient depends on phase-error variance in antenna aperture domain. Thereby, one can predict image quality before image formation. The theoretical bound is verified by experimental data where the dominant scatterer algorithm (DSA) is used for phase synchronization.