Latin squares are a classical and well-studied topic of discrete mathematics, and recently Takeuti and Adachi (IACR ePrint, 2023) proposed (2, n)-threshold secret sharing based on mutually orthogonal Latin squares (MOLS). Hence efficient constructions of as large sets of MOLS as possible are also important from practical viewpoints. In this letter, we determine the maximum number of MOLS among a known class of Latin squares defined by weighted sums. We also mention some known property of Latin squares interpreted via the relation to secret sharing and a connection of Takeuti-Adachi’s scheme to Shamir’s secret sharing scheme.

Secret sharing is a cryptographic scheme to encode a secret to multiple shares being distributed to participants, so that only qualified sets of participants can restore the original secret from their shares. When we encode a secret by a secret sharing scheme and distribute shares, sometimes not all participants are accessible, and it is desirable to distribute shares to those participants before a secret information is determined. Secret sharing schemes for classical secrets have been known to be able to distribute some shares before a given secret. Lie et al. found a ((2, 3))-threshold secret sharing for quantum secrets can distribute some shares before a given secret. However, it is unknown whether distributing some shares before a given secret is possible with other access structures of secret sharing for quantum secrets. We propose a quantum secret sharing scheme for quantum secrets that can distribute some shares before a given secret with other access structures.

This letter studies the secrecy outage probability (SOP) and the secrecy diversity order of Alamouti STBC with decision feedback (DF) detection over the time-selective fading channels. For given temporal correlations, we have derived the exact SOPs and their asymptotic approximations for all possible combinations of detection schemes including joint maximum likehood (JML), zero-forcing (ZF), and DF at Bob and Eve. We reveal that the SOP is mainly influenced by the detection scheme of the legitimate receiver rather than eavesdropper and the achievable secrecy diversity order converges to two and one for JML only at Bob (i.e., JML-JML/ZF/DF) and for the other cases (i.e., ZF-JML/ZF/DF, DF-JML/ZF/DF), respectively. Here, p-q combination pair indicates that Bob and Eve adopt the detection method p ∈ {JML, ZF, DF} and q ∈ {JML, ZF, DF}, respectively.

Stabilizer-based quantum secret sharing has two methods to reconstruct a quantum secret: The erasure correcting procedure and the unitary procedure. It is known that the unitary procedure has a smaller circuit width. On the other hand, it is unknown which method has smaller depth and fewer circuit gates. In this letter, it is shown that the unitary procedure has smaller depth and fewer circuit gates than the erasure correcting procedure which follows a standard framework performing measurements and unitary operators according to the measurements outcomes, when the circuits are designed for quantum secret sharing using the [[5, 1, 3]] binary stabilizer code. The evaluation can be reversed if one discovers a better circuit for the erasure correcting procedure which does not follow the standard framework.

Quantum key distribution or secret key distribution (SKD) has been studied to deliver a secrete key for secure communications, whose security is physically guaranteed. For practical deployment, such systems are desired to be overlaid onto existing wavelength-multiplexing transmission systems, without using a dedicated transmission line. This study analytically investigates the feasibility of the intensity-modulation/direction-detection (IM/DD) SKD scheme being wavelength-multiplexed with conventional wavelength-division-multiplexed (WDM) signals, concerning spontaneous Raman scattering light from conventional optical signals. Simulation results indicate that IM/DD SKD systems are not degraded when they are overlaid onto practically deployed dense WDM transmission systems in the C-band, owing to the feature of the IM/DD SKD scheme, which uses a signal light with an intensity level comparable to conventional optical signals unlike conventional quantum key distribution schemes.

Reconfigurable intelligent surface (RIS) has the capability of boosting system performance by manipulating the wireless propagation environment. This paper investigates a downlink RIS-aided non-orthogonal multiple access (NOMA) system, where a RIS is deployed to enhance physical-layer security (PLS) in the presence of an eavesdropper. In order to improve the main link's security, the RIS is deployed between the source and the users, in which a reflecting element separation scheme is developed to aid data transmission of both the cell-center and the cell-edge users. Additionally, the closed-form expressions of secrecy outage probability (SOP) are derived for the proposed RIS-aided NOMA scheme. To obtain more deep insights on the derived results, the asymptotic performance of the derived SOP is analyzed. Moreover, the secrecy diversity order is derived according to the asymptotic approximation in the high signal-to-noise ratio (SNR) and main-to-eavesdropper ratio (MER) regime. Furthermore, based on the derived results, the power allocation coefficient and number of elements are optimized to minimize the system SOP. Simulations demonstrate that the theoretical results match well with the simulation results and the SOP of the proposed scheme is clearly less than that of the conventional orthogonal multiple access (OMA) scheme obviously.

Ramp secret sharing is a variant of secret sharing which can achieve better information ratio than perfect schemes by allowing some partial information on a secret to leak out. Strongly secure ramp schemes can control the amount of leaked information on the components of a secret. In this paper, we reduce the construction of strongly secure ramp secret sharing for general access structures to a linear algebraic problem. As a result, we show that previous results on strongly secure network coding imply two linear transformation methods to make a given linear ramp scheme strongly secure. They are explicit or provide a deterministic algorithm while the previous methods which work for any linear ramp scheme are non-constructive. In addition, we present a novel application of strongly secure ramp schemes to symmetric PIR in a multi-user setting. Our solution is advantageous over those based on a non-strongly secure scheme in that it reduces the amount of communication between users and servers and also the amount of correlated randomness that servers generate in the setup.

We propose a biometric identification system where the chosen- and generated-secret keys are used simultaneously, and investigate its fundamental limits from information theoretic perspectives. The system consists of two phases: enrollment and identification phases. In the enrollment phase, for each user, the encoder uses a secret key, which is chosen independently, and the biometric identifier to generate another secret key and a helper data. In the identification phase, observing the biometric sequence of the identified user, the decoder estimates index, chosen- and generated-secret keys of the identified user based on the helper data stored in the system database. In this study, the capacity region of such system is characterized. In the problem settings, we allow chosen- and generated-secret keys to be correlated. As a result, by permitting the correlation of the two secret keys, the sum rate of the identification, chosen- and generated-secret key rates can achieve a larger value compared to the case where the keys do not correlate. Moreover, the minimum amount of the storage rate changes in accordance with both the identification and chosen-secret key rates, but that of the privacy-leakage rate depends only on the identification rate.

In secure multiparty computation (MPC), floating-point numbers should be handled in many potential applications, but these are basically expensive. In particular, for MPC based on secret sharing (SS), the floating-point addition takes many communication rounds though the addition is the most fundamental operation. In this paper, we propose an SS-based two-party protocol for floating-point addition with 13 rounds (for single/double precision numbers), which is much fewer than the milestone work of Aliasgari et al. in NDSS 2013 (34 and 36 rounds, respectively) and also fewer than the state of the art in the literature. Moreover, in contrast to the existing SS-based protocols which are all based on “roundTowardZero” rounding mode in the IEEE 754 standard, we propose another protocol with 15 rounds which is the first result realizing more accurate “roundTiesToEven” rounding mode. We also discuss possible applications of the latter protocol to secure Validated Numerics (a.k.a. Rigorous Computation) by implementing a simple example.

In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.

The extended visual cryptography scheme (EVCS) proposed by Ateniese et al. is one of variations of the visual cryptography scheme such that a secret image is recovered by superimposition of certain qualified collections of shares, where cover images are visible on respective shares. In this paper, we give a new definition of the EVCS for improving visibility of the recovered secret image as well as the cover images. We formulate the problem to construct the basis matrices of the EVCS with the minimum pixel expansion as an integer programming problem. We solve the integer programming problem for general access structures with less than or equal to five participants and show that basis matrices with a smaller pixel expansion can be obtained for certain cases. We also analyze security of the EVCS meeting the new definition from an information-theoretic viewpoint. We give a condition under which any forbidden collection of shares does not reveal any additional information on not only a secret image but also the cover images that are not visible on the other shares.

Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao's scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem have strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem. In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao's scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.

In this paper, we put forward the notion of a token-based multi-input functional encryption (token-based MIFE) scheme - a notion intended to give encryptors a mechanism to control the decryption of encrypted messages, by extending the encryption and decryption algorithms to additionally use tokens. The basic idea is that a decryptor must hold an appropriate decryption token in addition to his secrete key, to be able to decrypt. This type of scheme can address security concerns potentially arising in applications of functional encryption aimed at addressing the problem of privacy preserving data analysis. We firstly formalize token-based MIFE, and then provide two basic schemes; both are based on an ordinary MIFE scheme, but the first additionally makes use of a public key encryption scheme, whereas the second makes use of a pseudorandom function (PRF). Lastly, we extend the latter construction to allow decryption tokens to be restricted to specified set of encryptions, even if all encryptions have been done using the same encryption token. This is achieved by using a constrained PRF.

In this paper, a deep learning-based secret key generation scheme is proposed for FDD multiple-input and multiple-output (MIMO) systems. We built an encoder-decoder based convolutional neural network to characterize the wireless environment to learn the mapping relationship between the uplink and downlink channel. The designed neural network can accurately predict the downlink channel state information based on the estimated uplink channel state information without any information feedback. Random secret keys can be generated from downlink channel responses predicted by the neural network. Simulation results show that deep learning based SKG scheme can achieve significant performance improvement in terms of the key agreement ratio and achievable secret key rate.

In this study, we investigate fundamental trade-off among identification, secrecy, template, and privacy-leakage rates in biometric identification system. Ignatenko and Willems (2015) studied this system assuming that the channel in the enrollment process of the system is noiseless and they did not consider the template rate. In the enrollment process, however, it is highly considered that noise occurs when bio-data is scanned. In this paper, we impose a noisy channel in the enrollment process and characterize the capacity region of the rate tuples. The capacity region is proved by a novel technique via two auxiliary random variables, which has never been seen in previous studies. As special cases, the obtained result shows that the characterization reduces to the one given by Ignatenko and Willems (2015) where the enrollment channel is noiseless and there is no constraint on the template rate, and it also coincides with the result derived by Günlü and Kramer (2018) where there is only one individual.

Machine learning models inherently memorize significant amounts of information, and thus hiding not only prediction processes but also trained models, i.e., model obliviousness, is desirable in the cloud setting. Several works achieved model obliviousness with the MNIST dataset, but datasets that include complicated samples, e.g., CIFAR-10 and CIFAR-100, are also used in actual applications, such as face recognition. Secret sharing-based secure prediction for CIFAR-10 is difficult to achieve. When a deep layer architecture such as CNN is used, the calculation error when performing secret calculation becomes large and the accuracy deteriorates. In addition, if detailed calculations are performed to improve accuracy, a large amount of calculation is required. Therefore, even if the conventional method is applied to CNN as it is, good results as described in the paper cannot be obtained. In this paper, we propose two approaches to solve this problem. Firstly, we propose a new protocol named Batch-normalizedActivation that combines BatchNormalization and Activation. Since BatchNormalization includes real number operations, when performing secret calculation, parameters must be converted into integers, which causes a calculation error and decrease accuracy. By using our protocol, calculation errors can be eliminated, and accuracy degradation can be eliminated. Further, the processing is simplified, and the amount of calculation is reduced. Secondly, we explore a secret computation friendly and high accuracy architecture. Related works use a low-accuracy, simple architecture, but in reality, a high accuracy architecture should be used. Therefore, we also explored a high accuracy architecture for the CIFAR10 dataset. Our proposed protocol can compute prediction of CIFAR-10 within 15.05 seconds with 87.36% accuracy while providing model obliviousness.

In this paper, we study a radio frequency (RF)-powered backscatter assisted cognitive radio network (CRN), where an eavesdropper exists. This network includes a primary transmitter, a pair of secondary transmitter and receiver, a friendly jammer and an eavesdropper. We assume that the secondary transmitter works in ambient backscatter (AmBack) mode and the friendly jammer works in harvest-then-transmit (HTT) mode, where the primary transmitter serves as energy source. To enhance the physical layer security of the secondary user, the friendly jammer uses its harvested energy from the primary transmitter to transmit jamming noise to the eavesdropper. Furthermore, for maximizing the secrecy rate of secondary user, the optimal time allocation including the energy harvesting and jamming noise transmission phases is obtained. Simulation results verify the superiority of the proposed scheme.

Since the owner's data might be leaked from the centralized server storage, the distributed storage schemes with the server storage have been investigated. To ensure the owner's data in those schemes, they use Reed Solomon code. However, those schemes occur the burden of data capacity since the parity data are increased by how much the disconnected data can be restored. Moreover, the calculation time for the restoration will be higher since many parity data are needed to restore the disconnected data. In order to reduce the burden of data capacity and the calculation time, we proposed the server-based distributed storage using Secret Sharing with AES-256 for lightweight safety restoration. Although we use Secret Sharing, the owner's data will be safely kept in the distributed storage since all of the divided data are divided into two pieces with the AES-256 and stored in the peer storage and the server storage. Even though the server storage keeps the divided data, the server and the peer storages might know the pair of divided data via Secret Sharing, the owner's data are secure in the proposed scheme from the inner attack of Secret Sharing. Furthermore, the owner's data can be restored by a few parity data. The evaluations show that our proposed scheme is improved for lightweight, stability, and safety.

We have investigated the in-situ N2-plasma nitridation for high-k HfN gate insulator formed by electron cyclotron resonance (ECR) plasma sputtering to improve the electrical characteristics. It was found that the increase of nitridation gas pressure for the deposited HfN1.1 gate insulator, such as 98 mPa, decreased both the hysteresis width in C-V characteristics and leakage current. Furthermore, the 2-step nitiridation process with the nitridation gas pressure of 26 mPa followed by the nitridation at 98 mPa realized the decrease of equivalent oxide thickness (EOT) to 0.9 nm with decreasing the hysteresis width and leakage current. The fabricated metal-insulator-semiconductor field-effect transistor (MISFET) with 2-step nitridation showed a steep subthreshold swing of 87 mV/dec.

This paper investigates the secrecy energy efficiency maximization (SEEM) problem in a simultaneous wireless information and power transfer (SWIPT) system, wherein a legitimate user (LU) exploits the power splitting (PS) scheme for simultaneous information decoding (ID) and energy harvesting (EH). To prevent interference from eavesdroppers on the LU, artificial noise (AN) is incorporated into the confidential signal at the transmitter. We maximize the secrecy energy efficiency (SEE) by joining the power of the confidential signal, the AN power, and the PS ratio, while taking into account the minimum secrecy rate requirement of the LU, the required minimum harvested energy, the allowed maximum radio frequency transmission power, and the PS ratio. The formulated SEEM problem involves nonconvex fractional programming and is generally intractable. Our solution is Lagrangian relaxation method than can transform the original problem into a two-layer optimization problem. The outer layer problem is a single variable optimization problem with a Lagrange multiplier, which can be solved easily. Meanwhile, the inner layer one is fractional programming, which can be transformed into a subtractive form solved using the Dinkelbach method. A closed-form solution is derived for the power of the confidential signal. Simulation results verify the efficiency of the proposed SEEM algorithm and prove that AN-aided design is an effective method for improving system SEE.