This paper presents a new non-interactive multi-trapdoor commitment scheme from the standard RSA assumption. Multi-trapdoor commitment is a stronger variant of trapdoor commitment. Its notion was introduced by Gennaro at CRYPTO 2004. Multi-trapdoor commitment schemes are very useful because we can convert a non-interactive multi-trapdoor commitment scheme into a non-interactive and reusable non-malleable commitment scheme by using one-time signature and transform any proof of knowledge into a concurrently non-malleable one (this can be used as concurrently secure identification). Gennaro gave concrete constructions of multi-trapdoor commitment, but its security relies on stronger assumptions, such as the strong RSA assumption and the q-strong Diffie-Hellman assumption as opposed to our construction based on the standard RSA assumption. As a corollary of our results, we constructed a non-interactive and reusable non-malleable commitment scheme from the standard RSA assumption. Our scheme is based on the Hohenberger-Waters (weak) signature scheme presented at CRYPTO 2009. Several non-interactive and reusable non-malleable commitment schemes (in the common reference string model) have been proposed, but they all rely on stronger assumptions (such as the strong RSA assumption). Thus, we give the first construction of a non-interactive and reusable non-malleable commitment scheme from the standard RSA assumption.

This paper proposes a differential fault analysis on the stream cipher MUGI, which uses two kinds of update functions of an intermediate state. MUGI was proposed by Hitachi, Ltd. in 2002 and is specified as ISO/IEC 18033-4 for keystream generation. Differential fault analysis (DFA) is a type of fault analysis, which is considered to be a serious threat against secure devices such as smart cards. DFA on MUGI was first proposed at ICISC 2010 [25]; however, the attack condition for the successful attack such as the position into which the fault is injected was restricted. In this paper, we extend the attack methods which are more practical, based on a one-byte and a multi-byte fault models using the relationship between two kinds of update functions that are mutually dependent. In the proposed attack, the attacker can know the position affected by the fault injection even if he has no control of the timing of the fault injection. As a result, a 128-bit secret key can be recovered using 13 pairs of correct and faulty outputs on average.

This paper firstly provides the extended Canetti-Krawzcyk (eCK) security model for predicate-based authenticated key exchange (AKE) that guarantees resistance to leakage of ephemeral secret keys. Moreover, we propose two-pass key-policy (resp. session-policy) attribute-based AKE protocol secure in the proposed predicate-based eCK security model based on key-policy (resp. ciphertext-policy) attribute-based encryption. The proposed protocols have advantages in security against leakage of ephemeral secret keys and the round complexity compared to the previous predicate-based AKE protocols.

This paper analyzes security of sequential multiple encryptions based on asymmetric key encryptions, and shows that a sequential construction of secure multiple encryptions exists. The sequential multiple encryption scheme can be proved to be indistinguishable against chosen ciphertext attacks for multiple encryptions (IND-ME-CCA), where the adversary can access to the decryption oracle of the multiple encryption, even when all the underlying encryptions of the multiple encryption are indistinguishable against chosen plaintext attacks (IND-CPA). We provide an extended security notion of sequential multiple encryptions, in which the adversary is allowed to access decryption oracles of the underlying encryptions in addition to the multiple encryption, and show that our constructed scheme satisfies the security notion when all the underlying encryptions are indistinguishable against chosen ciphertext attacks (IND-CCA).

This paper proposes the countermeasures against an improved fault sensitivity analysis. Our countermeasure is proposed based on the WDDL technique due to its built-in resistance against both the power-based attack and differential fault analysis. At CHES 2010, Li et al. proposed the FSA attack on WDDL-AES. The vulnerability of WDDL-AES in their attack mainly comes from the implementation deficiency rather than the WDDL technique itself. This paper first proposes an improved fault sensitive analysis that can threat a well-implemented WDDL-AES based on the input-data dependency for the critical path delay of WDDL S-box. Then we discuss the possibility of efficient countermeasures by modifying the WDDL circuit with a limited overhead. The countermeasures are discussed based on either modifying the dual-rail to single-rail converter or the introduction of the enable signal.

Handoff plays an important role in vehicular networks due to high movement of vehicles. To provide seamless connectivity under Access Points (AP), this paper proposes an adaptive handoff triggering method to minimize communication time for a vehicle with an AP switch (i.e., whether and when to trigger a handoff process). In the proposed method, combined with an improved data transmission rate based trigger, handoff triggering decision is executed based on three different communication methods (called C-Dire, C-Relay and C-ALLRelay) to minimize the transmission delay when a vehicle moves from an AP to another. Transmission delay is derived through considering vehicle mobility and transmission rate diversity. The simulation results show that the proposed method is proven to be adaptive to vehicular networks.

We consider the position estimation system for targets which exist in near wide area. The system has multiple sensors and estimates the position with multiple receivers. In the past, if receivers were arranged on a straight line, the large position error in the same direction of the line is generated. In order to reduce the error, we propose a novel estimation algorithm using transmitter's directivity information. Our system use directional emission made by an array of antennas in a transmitter. In this paper, the error characteristic which should be solved is introduced firstly. After that, our algorithm is presented. Finally the performance of the error reduction is shown by computer simulations. And we also confirm the reduction by experimental trials. The results indicate good reduction of the error.

In this paper, we present a maximum a posteriori probability (MAP) approach to the problem of blind estimation of single-input, multiple-output (SIMO), finite impulse response (FIR) channels. A number of methods have been developed to date for this blind estimation problem. Some of those utilize prior knowledge on input signal statistics. However, there are very few that utilize channel statistics too. In this paper, the unknown channel to be estimated is assumed as the frequency-selective Rayleigh fading channel, and we incorporate the channel prior distributions (and hyperprior distributions) into our model in two different ways. Then for each case an iterative MAP estimator is derived approximately. Performance comparisons over existing methods are conducted via numerical simulation on randomly generated channel coefficients according to the Rayleigh fading channel model. It is shown that improved estimation performance can be achieved through the MAP approaches, especially for such channel realizations that have resulted in large estimation error with existing methods.

As the fundamental component of dynamic spectrum access, implementing spectrum sensing is one of the most important goals in cognitive radio networks due to its key functions of protecting licensed primary users from harmful interference and identifying spectrum holes for the improvement of spectrum utilization. However, its performance is generally compromised by the interference from adjacent primary channels. To cope with such interference and improve detection performance, this paper proposes a non-coherent power decomposition-based energy detection method for cooperative spectrum sensing. Due to its use of power decomposition, interference cancellation can be applied in energy detection. The proposed power decomposition does not require any prior knowledge of the primary signals. The power detection with its interference cancellation can be implemented indirectly by solving a non-homogeneous linear equation set with a coefficient matrix that involves only the distances between primary transmitters and cognitive secondary users (SUs). The optimal number of SUs for sensing a single channel and the number of channels that can be sensed simultaneously are also derived. The simulation results show that the proposed method is able to cope with the expected interference variation and achieve higher probability of detection and lower probability of false alarm than the conventional method in both hard combining and soft combining scenarios.

This paper presents the iterative progressive numerical methods (IPNMs) based on the induced dimension reduction (IDR) theorem. The IDR theorem is mainly utilized for the development of new nonstationary linear iterative solvers. On the other hand, the use of the IDR theorem enables to revise the classical linear iterative solvers like the Jacobi, the Gauss-Seidel (GS), the relaxed Jacobi, the successive overrelaxation (SOR), and the symmetric SOR (SSOR) methods. The new IPNMs are based on the revised solvers because the original one is similar to the Jacobi method. In the new IPNMs, namely the IDR-based IPNMs, we repeatedly solve linear systems of equations by using a nonstationary linear iterative solver. An initial guess and a stopping criterion are discussed in order to realize a fast computation. We treat electromagnetic wave scattering from 27 perfectly electric conducting spheres and reports comparatively the performance of the IDR-based IPNMs. However, the IDR-based SOR- and the IDR-based SSOR-type IPNMs are not subject to the above numerical test in this paper because of the problem with an optimal relaxation parameter. The performance evaluation reveals that the IDR-based IPNMs are better than the conventional ones in terms of the net computation time and the application range for the distance between objects. The IDR-based GS-type IPNM is the best among the conventional and the IDR-based IPNMs and converges 5 times faster than a standard computation by way of the boundary element method.

Error analysis of the multilevel fast multipole algorithm is studied for electromagnetic scattering problems. We propose novel error prediction and control methods and verify that the computational error for scattering problems with over one million unknowns can be precisely controlled under desired digits of accuracy. Optimum selection of truncation numbers to minimize computational error also will be discussed.

An iterative inter-track interference (ITI) cancelling scheme is described for multi-track signal detection in nonbinary (NB)-LDPC-coded two-dimensional magnetic recording. The multi-track iterative ITI canceller that we propose consists of multi-track soft interference cancellers (SICs), two-dimensional partial response (TDPR) filters, noise-predictive max-log-MAP detectors, and an NB-LDPC decoder. TDPR filters using an ITI-suppressing tap-weight vector mitigate ITI in the first iteration. Multi-track SICs and TDPR filters adjusted to the residual two-dimensional ISI signals efficiently detect multi-track signals in the latter iterations. The simulation results demonstrated that our proposed iterative multi-track ITI canceller achieves frame error rates close to those obtained in a non-ITI case in media-noise-dominant environments when the both-side off-track ratio is up to 50%.

Epidemic Routing is a data delivery scheme based on the store-carry-forward routing paradigm for sparsely populated mobile ad hoc networks. In Epidemic Routing, each node copies packets in its buffer into any other node that comes within its communication range. Although Epidemic Routing has short delay performance, it causes excessive buffer space utilization at nodes because many packet copies are disseminated over the network. In this paper, aiming at efficient buffer usage, we propose an XOR-based delivery scheme for Epidemic Routing, where nodes encode packets by XORing them when their buffers are full. Note that existing delivery schemes with coding are active coding, where source nodes always encode packets before transmitting them. On the other hand, the proposed scheme is passive coding, where source nodes encode packets only when buffer overflow would occur. Therefore, the behavior of the proposed scheme depends on the buffer utilization. More specifically, if sufficient buffer space is available, the proposed scheme delivers packets by the same operation as Epidemic Routing. Otherwise, it avoids buffer overflow by encoding packets. Simulation experiments show that the proposed scheme improves the packet delivery ratio.

In dense passive radio frequency identification (RFID) systems, code division multiple access (CDMA) techniques can be used to alleviate severe collisions and thus enhance the system performance. However, conventional CDMA techniques are challenging to implement, especially for passive tags due to cost and power constraints. In this paper, we design a CDMA-based multi-reader passive ultra high frequency (UHF) RFID system in which a reader detects only the strongest tag signal and a tag uses Gold codes only on the preamble and the data bits of RN16 without increasing its clock frequency. We present a new communication procedure based on dynamic framed slotted ALOHA (DFSA). In order to optimize the system, we theoretically analyze the system performance in terms of slot capacity and identification rate, and formally show how the code length and the number of readers affect the identification rate. Furthermore, we propose an effective method for tag estimation and frame size adjustment, and validate it via simulations. Through an example, we demonstrate how the analysis-based technique can be used to optimize the system configurations with respect to the number of readers and the number and length of Gold codes.

In this paper, we present known-key attacks on block cipher Rijndael for 192-bit block and 256-bit block. Our attacks work up to 8 rounds for 192-bit block and 9 rounds for 256-bit block, which are one round longer than the previous best known-key attacks. We then search for the parameters for the ShiftRow operation which is stronger against our attacks than the one in the Rijndael specification. Finally, we show a parameter for 192-bit block which forces attackers to activate more bytes to generate a truncated differential path, and thus enhances the security against our attacks.

This article discusses the provable security of block-cipher-based hash functions. It introduces a new model called a weak ideal cipher model. In this model, an adversary is allowed to make key-disclosure queries to the oracle as well as encryption and decryption queries. A key-disclosure query is a pair of a plaintext and a ciphertext, and the reply is a corresponding key. Thus, in this model, a block cipher is random but completely insecure as a block cipher. It is shown that collision resistant hash functions can be constructed even in this weak model.

In this letter, the diversity-multiplexing tradeoff (DMT) function for a special half-duplex dynamic decode and forward (DDF) relay protocol using two source-antennas, two destination-antennas, and more than two relay-antennas is derived. It is shown that the performance of the DDF relay protocol can be substantially improved by increasing the relay-antenna number, but only for low multiplexing gains.

In this paper, we propose a new Delay PUF architecture trying to solve the major problem of existing Delay PUFs that it is easy to predict the relation between delay information and generated information. For that purpose, our architecture exploits glitches as a source of information generation that behave non-linearly from delay variation between gates and the characteristic of pulse propagation of each gate. We thus call it the Glitch PUF. We present two circuit structures of the Glitch PUF both of which have their own merits. We then provide the results of evaluation in which we first verify that the two Glitch PUFs exhibit the same characteristics, and second show the randomness and statistical properties of the Glitch PUF.

Traceable ring signatures, proposed at PKC'07, are a variant of ring signatures, which allow a signer to anonymously sign a message with a tag behind a ring, i.e., a group of users chosen by the signer, unless he signs two messages with the same tag. However, if a signer signs twice on the same tag, the two signatures will be linked and the identity of the signer will be revealed when the two signed messages are different. Traceable ring signatures can be applied to anonymous write-in voting without any special voting authority and electronic coupon services. The previous traceable ring signature scheme relies on random oracles at its security and the signature size is linear in the number of ring members. This paper proposes the first secure traceable ring signature schemes without random oracles in the common reference string model. In addition, the proposed schemes have a signature size of O(), where N is the number of users in the ring.

Tomo-SAR imaging with sparse baselines can be formulated as a sparse signal recovery problem, which suggests the use of the Compressive Sensing (CS) method. In this paper, a novel Tomo-SAR imaging approach based on Sparse Bayesian Learning (SBL) is presented to obtain super-resolution in elevation direction and is validated by simulation results.