The security of current public-key cryptosystems relies on the hardness of factoring large integers or solving discrete logarithm problems. However, these mathematical problems can be solved in polynomial time using a quantum computer. This vulnerability has prompted research into post-quantum cryptography using alternative mathematical problems that are secure in the era of quantum computers. In this regard, the National Institute of Standards and Technology (NIST) began to standardize post-quantum cryptography in 2016. In this expository article, we give an overview of recent research on post-quantum cryptography. In particular, we describe the construction and security of multivariate polynomial cryptosystems and lattice-based cryptosystems, which are the main candidates of post-quantum cryptography.

To aim to achieve a high-performance computation for microwave simulations with low cost, small size machine and low energy consumption, a method of the FDTD dedicated computer has been investigated. It was shown by VHDL logical circuit simulations that the FDTD dedicated computer with a dataflow architecture has much higher performance than that of high-end PC and GPU. Then the remaining task of this work is large scale computations by the dedicated computer, since microwave simulations for only 18×18×Z grid space (Z is the number of girds for z direction) can be executed in a single FPGA at most. To treat much larger numerical model size for practical applications, this paper considers an implementation of a domain decomposition method operation of the FDTD dedicated computer in a single FPGA.

SIMON is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original SIMON has rotation constants of (1,8,2), and Kölbl et al. regarded the constants as a parameter (a,b,c), and analyzed the security of SIMON block cipher variants against differential and linear attacks for all the choices of (a,b,c). This paper complements the result of Kölbl et al. by considering integral and impossible differential attacks. First, we search the number of rounds of integral distinguishers by using a supercomputer. Our search algorithm follows the previous approach by Wang et al., however, we introduce a new choice of the set of plaintexts satisfying the integral property. We show that the new choice indeed extends the number of rounds for several parameters. We also search the number of rounds of impossible differential characteristics based on the miss-in-the-middle approach. Finally, we make a comparison of all parameters from our results and the observations by Kölbl et al. Interesting observations are obtained, for instance we find that the optimal parameters with respect to the resistance against differential attacks are not stronger than the original parameter with respect to integral and impossible differential attacks. Furthermore, we consider the security against differential attacks by considering differentials. From the result, we obtain a parameter that is potential to be better than the original parameter with respect to security against these four attacks.

Among various indoor positioning technologies, impulse-radio UWB is a promising technique to provide indoor positioning and tracking services with high precision. Because UWB regulations turned to imposing restrictions on UWB low band, UWB high band becomes attractive for enabling simple and low cost implementation. However, UWB high band endures much larger propagation loss than UWB low band. In this paper, we propose two separated methods to compensate the deficiency of high band in propagation. With the first method, we bundle several IR-UWB modules to increase the average transmission power, while an adaptive detection threshold is introduced at the receiver to raise receiving sensitivity with the second method. We respectively implement each of these two proposed methods and evaluate their performance through measurements in laboratory. The results show that each of them achieves about 7dB gains in signal power. Furthermore, positioning performance of these two proposed methods are evaluated and compared through field measurements in an indoor sports land.

ZHFE, proposed by Porras et al. at PQCrypto'14, is one of the very few existing multivariate encryption schemes and a very promising candidate for post-quantum cryptosystems. The only one drawback is its slow key generation. At PQCrypto'16, Baena et al. proposed an algorithm to construct the private ZHFE keys, which is much faster than the original algorithm, but still inefficient for practical parameters. Recently, Zhang and Tan proposed another private key generation algorithm, which is very fast but not necessarily able to generate all the private ZHFE keys. In this paper we propose a new efficient algorithm for the private key generation and estimate the number of possible keys generated by all existing private key generation algorithms for the ZHFE scheme. Our algorithm generates as many private ZHFE keys as the original and Baena et al.'s ones and reduces the complexity from O(n2ω+1) by Baena et al. to O(nω+3), where n is the number of variables and ω is a linear algebra constant. Moreover, we also analyze when the decryption of the ZHFE scheme does not work.

This study investigates whether learners consider constraints while posing arithmetic word problems. Through log data from an interactive learning environment, we analyzed actions of 39 first grade elementary school students and conducted correlation analysis between the frequency of actions and validity of actions. The results show that the learners consider constraints while posing arithmetic word problems.

High-dynamic-range imaging (HDRI) technologies aim to extend the dynamic range of luminance against the limitation of camera sensors. Irradiance information of a scene can be reconstructed by fusing multiple low-dynamic-range (LDR) images with different exposures. The key issue is removing ghost artifacts caused by motion of moving objects and handheld cameras. This paper proposes a robust ghost-free HDRI algorithm by visual salience based bilateral motion detection and stack extension based exposure fusion. For ghost areas detection, visual salience is introduced to measure the differences between multiple images; bilateral motion detection is employed to improve the accuracy of labeling motion areas. For exposure fusion, the proposed algorithm reduces the discontinuity of brightness by stack extension and rejects the information of ghost areas to avoid artifacts via fusion masks. Experiment results show that the proposed algorithm can remove ghost artifacts accurately for both static and handheld cameras, remain robust to scenes with complex motion and keep low complexity over recent advances including rank minimization based method and patch based method by 63.6% and 20.4% time savings averagely.

We present a smart steering wheel that detects the gripping position and area, as well as the distance to the approaching driver's hands by measuring the resonant frequency and its resistance value in an LCR circuit composed of the floating capacitance between the gripping hand and the electrode of the steering, and the body resistance. The resonant frequency measurement provides a high sensitivity that enables the estimation of the distance to the approaching hand, the gripping area of a gloved hand, and for covering the steering surface with any type of insulating material. This system can be applied for drowsiness detection, driving technique improvements, and for customization of the driving settings.

Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im)possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security.

Bloom Filter is a bit array (a one-dimensional storage structure) that provides a compact representation for a set of data, which can be used to answer the membership query in an efficient manner with a small number of false positives. It has a lot of applications in many areas. In this paper, we extend the design of Bloom Filter by using a multi-dimensional matrix to replace the one-dimensional structure with three different implementations, namely OFFF, WOFF, FFF. We refer the extended Bloom Filter as Feng Filter. We show the false positive rates of our method. We compare the false positive rate of OFFF with that of the traditional one-dimensional Bloom Filter and show that under certain condition, OFFF has a lower false positive rate. Traditional Bloom Filter can be regarded as a special case of our Feng Filter.

To suppress intercell interference for three-cell half-duplex relay systems, joint interference suppression and multiuser detection (MUD) schemes that estimate weight coefficients by the recursive least-squares (RLS) algorithm have been proposed but show much worse bit error rate (BER) performance than maximum likelihood detection (MLD). To improve the BER performance, this paper proposes a joint interference suppression and MUD scheme that estimates the weight coefficients by eigenvalue decomposition. The proposed scheme carries the same advantages as the conventional RLS based schemes; it does not need channel state information (CSI) feedback while incurring much less amount of computational complexity than MLD. In addition, it needs to know only two out of three preambles used in the system. Computer simulations of orthogonal frequency-division multiplexing (OFDM) transmission under three-cell and frequency selective fading conditions are conducted. It is shown that the eigendecomposition-based scheme overwhelmingly outperforms the conventional RLS-based scheme although requiring higher computational complexity.

Constant composition codes (CCCs) are a special class of constant-weight codes. They include permutation codes as a subclass. The study and constructions of CCCs with parameters meeting certain bounds have been an interesting research subject in coding theory. A bridge from zero difference balanced (ZDB) functions to CCCs with parameters meeting the Luo-Fu-Vinck-Chen bound has been established by Ding (IEEE Trans. Information Theory 54(12) (2008) 5766-5770). This provides a new approach for obtaining optimal CCCs. The objective of this letter is to construct two classes of ZDB functions whose parameters not covered in the literature, and then obtain two classes of optimal CCCs meeting the Luo-Fu-Vinck-Chen bound from these new ZDB functions.

This paper proposes a method for human pose estimation in still images. The proposed method achieves occlusion-aware appearance modeling. Appearance modeling with less accurate appearance data is problematic because it adversely affects the entire training process. The proposed method evaluates the effectiveness of mitigating the influence of occluded body parts in training sample images. In order to improve occlusion evaluation by a discriminatively-trained model, occlusion images are synthesized and employed with non-occlusion images for discriminative modeling. The score of this discriminative model is used for weighting each sample in the training process. Experimental results demonstrate that our approach improves the performance of human pose estimation in contrast to base models.

With the increasing demand of Internet-of-Things applicability in various devices and location-based services (LBSs) with positioning capabilities, we proposed simple and effective post-processing techniques to reduce positioning error and provide more precise navigation to users in a pedestrian environment in this letter. The proposed positioning error reduction techniques (Technique 1-minimum range securement and bounce elimination, Technique 2-direction vector-based error correction) were studied considering low complexity and wide applicability to various types of positioning systems, e.g., global positioning system (GPS). Through the real field tests in urban areas, we have verified that an average positioning error of the proposed techniques is significantly decreased compared to that of a GPS-only environment.

In this paper, we study partial key exposure attacks on RSA where the number of unexposed blocks of the private key is greater than or equal to one. This situation, called generalized framework of partial key exposure attack, was first shown by Sarkar [22] in 2011. Under a certain condition for the values of exposed bits, we present a new attack which needs fewer exposed bits and thus improves the result in [22]. Our work is a generalization of [28], and the approach is based on Coppersmith's method and the technique of unravelled linearization.

In video coding, layered coding is beneficial for applications, because it can encode a number of input sources efficiently and achieve scalability functions. However, in order to achieve the functions, some specific codecs are needed. Meanwhile, although the coding efficiency is insufficient, simulcast that encodes a number of input sources independently is versatile. In this paper, we propose postprocessing for simulcast video coding that can improve picture quality and coding efficiency without using any layered coding. In particular, with a view to achieving spatial scalability, we show that the overlapped filtering (OLF) improves picture quality of the high-resolution layer by using the low-resolution layer.

A bi-dimensional empirical mode decomposition (BEMD) is one of the powerful methods for decomposing non-linear and non-stationary signals without a prior function. It can be applied in many applications such as feature extraction, image compression, and image filtering. Although modified BEMDs are proposed in several approaches, computational cost and quality of their bi-dimensional intrinsic mode function (BIMF) still require an improvement. In this paper, an iteration-free computation method for bi-dimensional empirical mode decomposition, called iBEMD, is proposed. The locally partial correlation for principal component analysis (LPC-PCA) is a novel technique to extract BIMFs from an original signal without using extrema detection. This dramatically reduces the computation time. The LPC-PCA technique also enhances the quality of BIMFs by reducing artifacts. The experimental results, when compared with state-of-the-art methods, show that the proposed iBEMD method can achieve the faster computation of BIMF extraction and the higher quality of BIMF image. Furthermore, the iBEMD method can clearly remove an illumination component of nature scene images under illumination change, thereby improving the performance of text localization and recognition.

Index generation functions model content-addressable memory, and are useful in virus detectors and routers. Linear decompositions yield simpler circuits that realize index generation functions. This paper proposes a balanced decision tree based heuristic to efficiently design linear decompositions for index generation functions. The proposed heuristic finds a good linear decomposition of an index generation function by using appropriate cost functions and a constraint to construct a balanced tree. Since the proposed heuristic is fast and requires a small amount of memory, it is applicable even to large index generation functions that cannot be solved in a reasonable time by existing heuristics. This paper shows time and space complexities of the proposed heuristic, and experimental results using some large examples to show its efficiency.

Midori128 is a lightweight block cipher proposed at ASIACRYPT 2015 to achieve low energy consumption per bit. Currently, the best published impossible differential attack on Midori128 covers 10 rounds without the pre-whitening key. By exploiting the special structure of the S-boxes and the binary linear transformation layer in Midori128, we present impossible differential distinguishers that cover 7 full rounds including the mix column operations. Then, we exploit four of these distinguishers to launch multiple impossible differential attack against 11 rounds of the cipher with the pre-whitening and post-whitening keys.

This paper presents a method to realize index generation functions using multiple Index Generation Units (IGUs). The architecture implements index generation functions more efficiently than a single IGU when the number of registered vectors is very large. This paper proves that independent linear transformations are necessary in IGUs for efficient realization. Experimental results confirm this statement. Finally, it shows a fast update method to IGUs.