We introduce a notion of watermarking for cryptographic functions and propose a concrete scheme for watermarking cryptographic functions. Informally speaking, a digital watermarking scheme for cryptographic functions embeds information, called a mark, into functions such as one-way functions and decryption functions of public-key encryption. There are two basic requirements for watermarking schemes. A mark-embedded function must be functionally equivalent to the original function. It must be difficult for adversaries to remove the embedded mark without damaging the original functionality. In spite of its importance and usefulness, there have only been a few theoretical works on watermarking for functions (or programs). Furthermore, we do not have rigorous definitions of watermarking for cryptographic functions and concrete constructions. To solve the problem above, we introduce a notion of watermarking for cryptographic functions and define its security. Furthermore, we present a lossy trapdoor function (LTF) based on the decisional bilinear Diffie-Hellman problem problem and a watermarking scheme for the LTF. Our watermarking scheme is secure under the symmetric external Diffie-Hellman assumption in the standard model. We use techniques of dual system encryption and dual pairing vector spaces (DPVS) to construct our watermarking scheme. This is a new application of DPVS.

In the model of no-dictionary searchable symmetric encryption (SSE) schemes, the client does not need to keep the list of keywords W. In this paper, we first show a generic method to transform any passively secure SSE scheme to a no-dictionary SSE scheme such that the client can verify search results even if w ∉ W. In particular, it takes only O(1) time for the server to prove that w ∉ W. We next present a no-dictionary SSE scheme such that the client can hide even the search pattern from the server.

IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.

In order to improve an imaging performance of a sparse array radar system we propose an optimization method to find a new antenna array layout. The method searches for a minimum of the cost function based on a 3D point spread function of the array. We found a solution for the simulated problem in a form of the new layout for the antenna array with more sparse middle-point distribution comparing with initial one.

A design method of the differential N-path filter with sampling computation is proposed. It enables the scale of the whole filter to be reduced by approximately half for easier realization. On top of that, the proposed method offers the ability to eliminate the harmonic passbands of the clock frequency and an increase of harmonic rejection. By using the proposed method, previous work involving an 8-path filter can be reduced to 5-path. The proposed differential 5-path filter reduces the scale of the circuit and at the same time has the performance of a 10-path filter from previous work. An example of differential 7-path filter using the same proposed design method is also stated in comparison of the differential 5-path filter. The differential 7-path filter offers the ability to eliminate all the passbands below 10 times the clock frequency with a tradeoff of an increase in circuit scale.

Topological inference is the foundation of network performance analysis and optimization. Due to the difficulty of obtaining prior topology information of wireless sensor networks, we propose routing topology inference, RTI, which reconstructs the routing topology from source nodes to sink based on marking packets and probing locally. RTI is not limited to any specific routing protocol and can adapt to a dynamic and lossy networks. We select topological distance and reconstruction time to evaluate the correctness and effectiveness of RTI and then compare it with PathZip and iPath. Simulation results indicate that RTI maintains adequate reconstruction performance in dynamic and packet loss environments and provides a global routing topology view for wireless sensor networks at a lower reconstruction cost.

Bilinear-type conversion is to translate a cryptographic scheme designed over symmetric bilinear groups into one that works over asymmetric bilinear groups with small overhead regarding the size of objects concerned in the target scheme. In this paper, we address scalability for converting complex cryptographic schemes. Our contribution is threefold. Investigating complexity of bilinear-type conversion. We show that there exists no polynomial-time algorithm for worst-case inputs under standard complexity assumption. It means that bilinear-type conversion in general is an inherently difficult problem. Presenting a new scalable conversion method. Nevertheless, we show that large-scale conversion is indeed possible in practice when the target schemes are built from smaller building blocks with some structure. We present a novel conversion method, called IPConv, that uses 0-1 Integer Programming instantiated with a widely available IP solver. It instantly converts schemes containing more than a thousand of variables and hundreds of pairings. Application to computer-aided design. Our conversion method is also useful in modular design of middle to large scale cryptographic applications; first construct over simpler symmetric bilinear groups and run over efficient asymmetric groups. Thus one can avoid complication of manually allocating variables over asymmetric bilinear groups. We demonstrate its usefulness by somewhat counter-intuitive examples where converted DLIN-based Groth-Sahai proofs are more compact than manually built SXDH-based proofs. Though the early purpose of bilinear-type conversion is to save existing schemes from attacks against symmetric bilinear groups, our new scalable conversion method will find more applications beyond the original goal. Indeed, the above computer-aided design can be seen as a step toward automated modular design of cryptographic schemes.

We propose new key recovery attacks on the two-round single-key n-bit Even-Mansour ciphers (2SEM) that are secure up to 22n/3 queries against distinguishing attacks proved by Chen et al. Our attacks are based on the meet-in-the-middle technique which can significantly reduce the data complexity. In particular, we introduce novel matching techniques which enable us to compute one of the two permutations without knowing a part of the key information. Moreover, we present two improvements of the proposed attack: one significantly reduces the data complexity and the other reduces the time complexity. Compared with the previously known attacks, our attack first breaks the birthday barrier on the data complexity although it requires chosen plaintexts. When the block size is 64 bits, our attack reduces the required data from 245 known plaintexts to 226 chosen plaintexts with keeping the time complexity required by the previous attacks. Furthermore, by increasing the time complexity up to 262, the required data is further reduced to 28, and DT=270, where DT is the product of data and time complexities. We show that our data-optimized attack requires DT=2n+6 in general cases. Since the proved lower bound on DT for the single-key one-round n-bit Even-Mansour ciphers is 2n, our results imply that adding one round to one-round constructions does not sufficiently improve the security against key recovery attacks. Finally, we propose a time-optimized attacks on 2SEM in which, we aim to minimize the number of the invocations of internal permutations.

An ASIC crypto processor optimized for the 254-bit prime-field optimal-ate pairing over Barreto-Naehrig (BN) curve is proposed. The data path of the proposed crypto processor is designed to compute five Fp2 operations, a multiplication, three addition/subtractions, and an inversion, simultaneously. We further propose a design methodology to automate the instruction scheduling by using a combinatorial optimization solver, with which the total cycle count is reduced to 1/2 compared with ever reported. The proposed crypto processor is designed and fabricated by using a 65nm silicon-on-thin-box (SOTB) CMOS process. The chip measurement result shows that the fabricated chip successfully computes a pairing in 0.185ms when a typical operating voltage of 1.20V is applied, which corresponds to 2.8× speed up compared to the current state-of-the-art pairing implementation on ASIC platform.

In this paper, we propose an online antenna-pulse selection method in space time adaptive processing, while maintaining considerable performance and low computational complexity. The proposed method considers the antenna-pulse selection and covariance matrix estimation at the same time by exploiting the structured clutter covariance matrix. Such prior knowledge can enhance the covariance matrix estimation accuracy and thus can provide a better objective function for antenna-pulse selection. Simulations also validate the effectiveness of the proposed method.

The potential transmission capacity of a standard single-mode fiber peaks at around 100Tb/s owing to fiber nonlinearity and the bandwidth limitation of amplifiers. As the last frontier of multiplexing, space-division multiplexing (SDM) has been studied intensively in recent years. Although there is still time to deploy such a novel fiber communication infrastructure; basic research on SDM has been carried out. Therefore, a comprehensive review is worthwhile at this time toward further practical investigations.

This paper proposes a radio propagation prediction method that uses point cloud data based on a hybrid of the ray-tracing (RT) method and an effective roughness (ER) model in urban environments for the fifth generation mobile communications system using high frequency bands. The proposed prediction method incorporates propagation characteristics that consider diffuse scattering from surface irregularities. The validity of the proposed method is confirmed by comparisons of measurement and prediction results gained from the proposed method and a conventional RT method based on power delay and angular profiles. From predictions based on the power delay and angular profiles, we find that the proposed method, assuming the roughness of σh=1mm, accurately predicts the propagation characteristics in the 20GHz band for urban line-of-sight environments. The prediction error for the delay spread is 2.1ns to 9.7ns in an urban environment.

Traffic matrix (TM) estimation has been extensively studied for decades. Although conventional estimation techniques assume that traffic volumes are unchanged between origins and destinations, packets are often lost on a path due to traffic burstiness, silent failures, etc. Counting every path at every link, we could easily get the traffic volumes with their change, but this approach significantly increases the measurement cost since counters are usually implemented using expensive memory structures like a SRAM. This paper proposes a mathematical model to estimate TMs including volume changes. The method is established on a Boolean fault localization technique; the technique requires fewer counters as it simply determines whether each link is lossy. This paper extends the Boolean technique so as to deal with traffic volumes with error bounds that requires only a few counters. In our method, the estimation errors can be controlled through parameter settings, while the minimum-cost counter placement is determined with submodular optimization. Numerical experiments are conducted with real network datasets to evaluate our method.

An autoencoder has the potential ability to compress and decompress information. In this work, we consider the process of generating a stego-image from an original image and watermarks as compression, and the process of recovering the original image and watermarks from the stego-image as decompression. We propose embedder and extractor neural networks based on the autoencoder. The embedder network learns mapping from the DCT coefficients of the original image and a watermark to those of the stego-image. The extractor network learns mapping from the DCT coefficients of the stego-image to the watermark. Once the proposed neural network has been trained, the network can embed and extract the watermark into unlearned test images. We investigated the relation between the number of neurons and network performance by computer simulations and found that the trained neural network could provide high-quality stego-images and watermarks with few errors. We also evaluated the robustness against JPEG compression and found that, when suitable parameters were used, the watermarks were extracted with an average BER lower than 0.01 and image quality over 35 dB when the quality factor Q was over 50. We also investigated how to represent the watermarks in the stego-image by our neural network. There are two possibilities: distributed representation and sparse representation. From the results of investigation into the output of the stego layer (3rd layer), we found that the distributed representation emerged at an early learning step and then sparse representation came out at a later step.

Side scan sonar using low frequency can quickly search a wide range, but the images acquired are of low quality. The image super resolution (SR) method can mitigate this problem. The SR method typically uses sparse coding, but accurately estimating sparse coefficients incurs substantial computational costs. To reduce processing time, we propose a region-selective sparse coding based SR system that emphasizes object regions. In particular, the region that contains interesting objects is detected for side scan sonar based underwater images so that the subsequent sparse coding based SR process can be selectively applied. Effectiveness of the proposed method is verified by the reduced processing time required for image reconstruction yet preserving the same level of visual quality as conventional methods.

Device-to-device (D2D) communication in cellular networks is defined as direct communication between two mobile users without traversing the base station (BS) or core network. D2D communication can occur on the cellular frequencies (i.e., inband) or unlicensed spectrum (i.e., outband). A high capacity IEEE 802.11-based outband device-to-device communication system for cellular networks is introduced in this paper. Transmissions in device-to-device connections are managed using our proposed medium access control (MAC) protocol. In the proposed MAC protocol, backoff window size is adjusted dynamically considering the current network status and utilizing an appropriate transmission attempt rate. We have considered both cases that the request to send/clear to send (RTS/CTS) mechanism is and is not used in our protocol design. Describing mechanisms for guaranteeing quality of service (QoS) and enhancing reliability of the system is another part of our work. Moreover, performance of the system in the presence of channel impairments is investigated analytically and through simulations. Analytical and simulation results demonstrate that our proposed system has high throughput, and it can provide different levels of QoS for its users.

It is a hot issue that speeding up the network layers and decreasing the network parameters in convolutional neural networks (CNNs). In this paper, we propose a novel method, namely, symmetric decomposition of convolution kernels (SDKs). It symmetrically separates k×k convolution kernels into (k×1 and 1×k) or (1×k and k×1) kernels. We conduct the comparison experiments of the network models designed by SDKs on MNIST and CIFAR-10 datasets. Compared with the corresponding CNNs, we obtain good recognition performance, with 1.1×-1.5× speedup and more than 30% reduction of network parameters. The experimental results indicate our method is useful and effective for CNNs in practice, in terms of speedup performance and reduction of parameters.

Detecting anomalies, such as network failure or intentional attack in Internet, is a vital but challenging task. Although numerous techniques have been developed based on Internet traffic, detecting anomalies from the perspective of Internet topology structure is going to be possible because the anomaly detection of structured datasets based on complex network theory has become a focus of attention recently. In this paper, an anomaly detection method for the large-scale Internet topology is proposed to detect local structure crashes caused by the cascading failure. In order to quantify the dynamic changes of Internet topology, the network path changes coefficient (NPCC) is put forward which highlights the Internet abnormal state after it is attacked continuously. Furthermore, inspired by Fibonacci Sequence, we proposed the decision function that can determine whether the Internet is abnormal or not. That is the current Internet is abnormal if its NPCC is out of the normal domain calculated using the previous k NPCCs of Internet topology. Finally the new Internet anomaly detection method is tested against the topology data of three Internet anomaly events. The results show that the detection accuracy of all events are over 97%, the detection precision for three events are 90.24%, 83.33% and 66.67%, when k=36. According to the experimental values of index F1, larger values of k offer better detection performance. Meanwhile, our method has better performance for the anomaly behaviors caused by network failure than those caused by intentional attack. Compared with traditional anomaly detection methods, our work is more simple and powerful for the government or organization in items of detecting large-scale abnormal events.

This paper intends to reduce duration times in typical collective communications. We introduce logical addressing system apart from the physical one and, by rearranging the logical node addresses properly, we intend to reduce communication overheads so that ideal communication is performed. One of the key issues is rearrangement of the logical addressing system. We introduce genetic algorithm (GA) as meta-heuristic solution as well as the random search strategy. Our GA-based method achieves at most 2.50 times speedup in three-traffic-pattern cases.

This paper proposes a block-permutation-based encryption (BPBE) scheme for the encryption-then-compression (ETC) system that enhances the color scrambling. A BPBE image can be obtained through four processes, positional scrambling, block rotation/flip, negative-positive transformation, and color component shuffling, after dividing the original image into multiple blocks. The proposed scheme scrambles the R, G, and B components independently in positional scrambling, block rotation/flip, and negative-positive transformation, by assigning different keys to each color component. The conventional scheme considers the compression efficiency using JPEG and JPEG 2000, which need a color conversion before the compression process by default. Therefore, the conventional scheme scrambles the color components identically in each process. In contrast, the proposed scheme takes into account the RGB-based compression, such as JPEG-LS, and thus can increase the extent of the scrambling. The resilience against jigsaw puzzle solver (JPS) can consequently be increased owing to the wider color distribution of the BPBE image. Additionally, the key space for resilience against brute-force attacks has also been expanded exponentially. Furthermore, the proposed scheme can maintain the JPEG-LS compression efficiency compared to the conventional scheme. We confirm the effectiveness of the proposed scheme by experiments and analyses.