IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.

It has been said that security of symmetric key schemes is not so much affected by quantum computers, compared to public key schemes. However, recent works revealed that, in some specific situations, symmetric key schemes are also broken in polynomial time by adversaries with quantum computers. These works contain a quantum distinguishing attack on 3-round Feistel ciphers and a quantum key recovery attack on the Even-Mansour cipher by Kuwakado and Morii, in addition to the quantum forgery attack on CBC-MAC which is proposed independently by Kaplan et al., and by Santoli and Schaffner. Iterated Even-Mansour cipher is a simple but important block cipher, which can be regarded as an idealization of AES. Whether there exists an efficient quantum algorithm that can break iterated Even-Mansour cipher with independent subkeys is an important problem from the viewpoint of analyzing post-quantum security of block ciphers. Actually there is an efficient quantum attack on iterated Even-Mansour cipher by Kaplan et al., but their attack can only be applied in the case that all subkeys are the same. This paper shows that there is a polynomial time quantum algorithm that recovers partial keys of the iterated Even-Mansour cipher with independent subkeys, in a related-key setting. The related-key condition is somewhat strong, but our algorithm can recover subkeys with two related oracles. In addition, we also show that our algorithm can recover all keys of the i-round iterated Even-Mansour cipher, if we are allowed to access i related quantum oracles. To realize quantum related-key attacks, we extend Simon's quantum algorithm so that we can recover the hidden period of a function that is periodic only up to constant. Our technique is to take differential of the target function to make a double periodic function, and then apply Simon's algorithm.

This paper presents the method of moments based on electric field integral equation which is capable of solving three-dimensional metallic waveguide problem with no use of another method. Metals are treated as perfectly electric conductor. The integral equation is derived in detail. In order to validate the proposed method, the numerical results are compared with those in a published paper. Three types of waveguide are considered: step discontinuity waveguide, symmetrical resonant iris waveguide, and unsymmetrical resonant iris waveguide. The numerical results are also verified by the law of conservation of energy.

A 19.1-to-20.4 GHz sigma-delta fractional-N frequency synthesizer with two-point modulation (TPM) for frequency modulated continuous wave (FMCW) radar applications is presented. The FMCW synthesizer proposes a digital and voltage controlled oscillator (D/VCO) with large continuous frequency tuning range and small digital controlled oscillator (DCO) gain variation to support TPM. By using TPM technique, it avoids the correlation between loop bandwidth and chirp slope, which is beneficial to fast chirp, phase noise and linearity. The start frequency, bandwidth and slope of the FMCW signal are all reconfigurable independently. The FMCW synthesizer achieves a measured phase noise of -93.32 dBc/Hz at 1MHz offset from a 19.25 GHz carrier and less than 10 µs locking time. The root-mean-square (RMS) frequency error is only 112 kHz with 94 kHz/µs chirp slope, and 761 kHz with a fast slope of 9.725 MHz/µs respectively. Implemented in 65 nm CMOS process, the synthesizer consumes 74.3 mW with output buffer.

Bilinear-type conversion is to translate a cryptographic scheme designed over symmetric bilinear groups into one that works over asymmetric bilinear groups with small overhead regarding the size of objects concerned in the target scheme. In this paper, we address scalability for converting complex cryptographic schemes. Our contribution is threefold. Investigating complexity of bilinear-type conversion. We show that there exists no polynomial-time algorithm for worst-case inputs under standard complexity assumption. It means that bilinear-type conversion in general is an inherently difficult problem. Presenting a new scalable conversion method. Nevertheless, we show that large-scale conversion is indeed possible in practice when the target schemes are built from smaller building blocks with some structure. We present a novel conversion method, called IPConv, that uses 0-1 Integer Programming instantiated with a widely available IP solver. It instantly converts schemes containing more than a thousand of variables and hundreds of pairings. Application to computer-aided design. Our conversion method is also useful in modular design of middle to large scale cryptographic applications; first construct over simpler symmetric bilinear groups and run over efficient asymmetric groups. Thus one can avoid complication of manually allocating variables over asymmetric bilinear groups. We demonstrate its usefulness by somewhat counter-intuitive examples where converted DLIN-based Groth-Sahai proofs are more compact than manually built SXDH-based proofs. Though the early purpose of bilinear-type conversion is to save existing schemes from attacks against symmetric bilinear groups, our new scalable conversion method will find more applications beyond the original goal. Indeed, the above computer-aided design can be seen as a step toward automated modular design of cryptographic schemes.

In cloud computing environments, data processing systems with strong and stochastic stream data processing capabilities are highly desired by multi-service oriented computing-intensive applications. The independeny of different business data streams makes these services very suitable for parallel processing with the aid of multicore processors. Furthermore, for the random crossing of data streams between different services, data synchronization is required. Aiming at the stochastic cross service stream, we propose a hardware synchronization mechanism based on index tables. By using a specifically designed hardware synchronization circuit, we can record the business index number (BIN) of the input and output data flow of the processing unit. By doing so, we can not only obtain the flow control of the job package accessing the processing units, but also guarantee that the work of the processing units is single and continuous. This approach overcomes the high complexity and low reliability of the programming in the software synchronization. As demonstrated by numerical experiment results, the proposed scheme can ensure the validity of the cross service stream, and its processing speed is better than that of the lock-based synchronization scheme. This scheme is applied to a cryptographic server and accelerates the processing speed of the cryptographic service.

An ASIC crypto processor optimized for the 254-bit prime-field optimal-ate pairing over Barreto-Naehrig (BN) curve is proposed. The data path of the proposed crypto processor is designed to compute five Fp2 operations, a multiplication, three addition/subtractions, and an inversion, simultaneously. We further propose a design methodology to automate the instruction scheduling by using a combinatorial optimization solver, with which the total cycle count is reduced to 1/2 compared with ever reported. The proposed crypto processor is designed and fabricated by using a 65nm silicon-on-thin-box (SOTB) CMOS process. The chip measurement result shows that the fabricated chip successfully computes a pairing in 0.185ms when a typical operating voltage of 1.20V is applied, which corresponds to 2.8× speed up compared to the current state-of-the-art pairing implementation on ASIC platform.

Fail-Stop Signature (FSS) scheme is a signature scheme which satisfies unforgeability even against a forger with super-polynomial computational power (i.e. even against a forger who can compute acceptable signatures) and non-repudiability against a malicious signer with probabilistic polynomial time computational power (i.e. a PPT malicious signer). In this paper, under some settings, the equivalence relation has been derived between a set of security properties when single FSS scheme is used singly and a security property called Universally Composable (UC) security when plural FSS schemes are concurrently used. Here, UC security is a security property guaranteeing that even when plural schemes are concurrently used, security properties of each scheme (for single scheme usage) are preserved. The above main settings are as follows. Firstly, H-EUC (Externalized UC) security is introduced instead of “conventional” UC security, where a new helper functionality H is constructed appropriately. It is because that we can derive “conventional” UC security cannot hold for FSS schemes when malicious parties (e.g. a forger and a malicious signer) have super-polynomial computational power. In the environment where the above helper functionality H is used, all parties are PPT, but only a forger may compute acceptable signatures by obtaining some additional information from H. Secondly, the definition of unforgeability (in a set of security properties for single FSS scheme usage) is revised to match the above environment. The above equivalence relation derived under the above settings guarantees that even when plural FSS schemes are concurrently used, those security properties for single scheme usage are preserved, provided that some conditions hold. In particular, the equivalence relation in this paper has originality in terms of guaranteeing that unforgeability is preserved even against a forger who is PPT but may compute acceptable signatures. Furthermore, it has been firstly proved in this paper that H-EUC security holds for an existing instantiation of an FSS scheme by Mashatan et al. From this, it can be said that the equivalence relation shown in this paper is practical.

Unmanned aircraft systems (UASs) have been developed and studied as temporal communication systems for emergency and rescue services during disasters, such as earthquakes and serious accidents. In a typical UAS model, several unmanned aerial vehicles (UAVs) are used to provide services over a large area. The UAV is comprised of a transmitter and receiver to transmit/receive the signals to/from terrestrial stations and terminals. Therefore, the carrier frequencies of the transmitted and received signals experience Doppler shifts due to the variations in the line-of-sight velocity between the UAV and the terrestrial terminal. Thus, by observing multiple Doppler shifts from different UAVs, it is possible to detect the position of a user that possesses a communication terminal for the UAS. This study aims to present a methodology for position detection based on the least-squares method to the Doppler shift frequencies. Further, a positioning accuracy index is newly proposed, which can be used as an index for measuring the position accurately, instead of the dilution-of-precision (DOP) method, which is used for global positioning systems (GPSs). A computer simulation was conducted for two different flight route models to confirm the applicability of the proposed positioning method and the positioning accuracy index. The simulation results confirm that the parameters, such as the flight route, the initial position, and velocity of the UAVs, can be optimized by using the proposed positioning accuracy index.

A compression-function-based MAC function called FMAC was presented as well as a vector-input PRF called vFMAC in 2016. They were proven to be secure PRFs on the assumption that their compression function is a secure PRF against related-key attacks with respect to their non-cryptographic permutations in the single user setting. In this paper, it is shown that both FMAC and vFMAC are also secure PRFs in the multi-user setting on the same assumption as in the single user setting. These results imply that their security in the multi-user setting does not degrade with the number of the users and is as good as in the single user setting.

MDC-4 is the enhanced version of MDC-2, which is a well-known hash mode of block ciphers. However, it does not guarantee sufficient securities required for a cryptographic hash function. In the ideal cipher model, the MDC-4 compression function has the collision security bound close to 25n/8 and the preimage security bound close to 25n/4, where the underlying block cipher has the block size of n bits. We have studied how to improve MDC-4 with simple modification to strengthen its security. It is meaningful work because users often want to improve their familiar systems with low cost. In this paper, we achieve it by proposing MDC-4+, which is a light variation of MDC-4. We prove that MDC-4+ is much more secure than MDC-4 by showing that it has the collision security bound close to optimal 2n and the preimage security bound close to 24n/3. We also discuss its efficiency by comparing existing hash modes.

In this paper, we propose an online antenna-pulse selection method in space time adaptive processing, while maintaining considerable performance and low computational complexity. The proposed method considers the antenna-pulse selection and covariance matrix estimation at the same time by exploiting the structured clutter covariance matrix. Such prior knowledge can enhance the covariance matrix estimation accuracy and thus can provide a better objective function for antenna-pulse selection. Simulations also validate the effectiveness of the proposed method.

In stepped FM radar, the transmitter intermittently transmits narrowband pulse trains of frequencies that are incremented in steps, and the receiver performs phase detection on each pulse and applies the inverse discrete Fourier transform (IDFT) to create ultra-short pulses in the time domain. Furthermore, since the transmitted signal consists of a narrowband pulse train of different frequencies, the transmitter can avoid arbitrary frequency bands while sending the pulse train (spectrum holes), allowing these systems to coexist with other narrowband wireless systems. However, spectrum holes cause degradation in the distance resolution and range sidelobe characteristics of wireless systems. In this paper, we propose a spectrum hole compensation method for stepped FM radars using Khatri-Rao product extended-phase processing to overcome the problem of spectrum holes and investigate the effectiveness of this method through experiments. Additionally, we demonstrate that the proposed method dramatically improves the range sidelobe and distance resolution characteristics.

The potential transmission capacity of a standard single-mode fiber peaks at around 100Tb/s owing to fiber nonlinearity and the bandwidth limitation of amplifiers. As the last frontier of multiplexing, space-division multiplexing (SDM) has been studied intensively in recent years. Although there is still time to deploy such a novel fiber communication infrastructure; basic research on SDM has been carried out. Therefore, a comprehensive review is worthwhile at this time toward further practical investigations.

Socially aware networking is an emerging research field that aims to improve the current networking technologies and realize novel network services by applying social network analysis (SNA) techniques. Conducting socially aware networking studies requires knowledge of both SNA and communication networking, but it is not easy for communication networking researchers who are unfamiliar with SNA to obtain comprehensive knowledge of SNA due to its interdisciplinary nature. This paper therefore aims to fill the knowledge gap for networking researchers who are interested in socially aware networking but are not familiar with SNA. This paper surveys three types of important SNA techniques for socially aware networking: identification of influential nodes, link prediction, and community detection. Then, this paper introduces how SNA techniques are used in socially aware networking and discusses research trends in socially aware networking.

The potential for using millimeter-wave (mmWave) frequencies in future 5G wireless cellular communication systems has motivated the study of large-scale antenna arrays to achieve highly directional beamforming. However, the conventional fully digital beamforming (DBF) methods which require one radio frequency (RF) chain per antenna element are not viable for large-scale antenna arrays due to the high cost and large power consumption of high frequency RF chain components. Hybrid precoding can significantly reduce the number of required RF chains and relieve the huge power consumption in mmWave massive multiple-input multiple-output (MIMO) systems, thus attracting much interests from academic and industry. In this paper, we consider the downlink communication of a massive multiuser MIMO (MU-MIMO) system in the mmWave channel, and propose a low complexity hybrid block diagonal geometric mean decomposition (BD-GMD) scheme. More specially, a joint transmit-receive (Tx-Rx) analog beamforming with large-scale arrays is proposed to improve channel gain, and then a low-dimensional BD-GMD approach is implemented at the equivalent baseband channel to mitigate the inter-user interference and equalize different data streams of each user. With the help of successive interference cancellation (SIC) at the receiver, we can decompose each user's MIMO channel into parallel sub-channels with identical higher SNRs/SINRs, thus equal-rate coding can be applied across the sub-channels of each user. Finally, simulation results verify that the proposed hybrid BD-GMD precoding scheme outperforms existing conventional fully digital and hybrid precoding schemes and is able to achieve much better BER performance.

Traffic matrix (TM) estimation has been extensively studied for decades. Although conventional estimation techniques assume that traffic volumes are unchanged between origins and destinations, packets are often lost on a path due to traffic burstiness, silent failures, etc. Counting every path at every link, we could easily get the traffic volumes with their change, but this approach significantly increases the measurement cost since counters are usually implemented using expensive memory structures like a SRAM. This paper proposes a mathematical model to estimate TMs including volume changes. The method is established on a Boolean fault localization technique; the technique requires fewer counters as it simply determines whether each link is lossy. This paper extends the Boolean technique so as to deal with traffic volumes with error bounds that requires only a few counters. In our method, the estimation errors can be controlled through parameter settings, while the minimum-cost counter placement is determined with submodular optimization. Numerical experiments are conducted with real network datasets to evaluate our method.

Asymmetrically designed polycrystalline silicon (poly-Si) thin film transistors (TFT) were fabricated and investigated to suppress kink effect and to improve electrical reliability. Asymmetric dual channel length poly-Si TFT (ADCL) shows the best reduction of kink and leakage currents. Technology computer-aided design simulation proves that ADCL can induce properly high voltage at floating node of the TFT at high drain-source voltage (VDS), which can mitigate the impact ionization and the degradation of the transconductance of the TFT showing high reliability under the hot carrier stress.

Since cyber attacks such as cyberterrorism against Industrial Control Systems (ICSs) and cyber espionage against companies managing them have increased, the techniques to detect anomalies in early stages are required. To achieve the purpose, several studies have developed anomaly detection methods for ICSs. In particular, some techniques using packet flow regularity in industrial control networks have achieved high-accuracy detection of attacks disrupting the regularity, i.e. normal behaviour, of ICSs. However, these methods cannot identify scanning attacks employed in cyber espionage because the probing packets assimilate into a number of normal ones. For example, the malware called Havex is customised to clandestinely acquire information from targeting ICSs using general request packets. The techniques to detect such scanning attacks using widespread packets await further investigation. Therefore, the goal of this study was to examine high performance methods to identify anomalies even if elaborate packets to avoid alert systems were employed for attacks against industrial control networks. In this paper, a novel detection model for anomalous packets concealing behind normal traffic in industrial control networks was proposed. For the proposal of the sophisticated detection method, we took particular note of packet flow regularity and employed the Markov-chain model to detect anomalies. Moreover, we regarded not only original packets but similar ones to them as normal packets to reduce false alerts because it was indicated that an anomaly detection model using the Markov-chain suffers from the ample false positives affected by a number of normal, irregular packets, namely noise. To calculate the similarity between packets based on the packet flow regularity, a vector representation tool called word2vec was employed. Whilst word2vec is utilised for the culculation of word similarity in natural language processing tasks, we applied the technique to packets in ICSs to calculate packet similarity. As a result, the Markov-chain with word2vec model identified scanning packets assimulating into normal packets in higher performance than the conventional Markov-chain model. In conclusion, employing both packet flow regularity and packet similarity in industrial control networks contributes to improving the performance of anomaly detection in ICSs.

In this paper, we propose a novel algorithm called multi-projection ensemble discriminant clustering (MPEDC) for JPEG steganalysis. The scheme makes use of the optimal projection of linear discriminant analysis (LDA) algorithm to get more projection vectors by using the micro-rotation method. These vectors are similar to the optimal vector. MPEDC combines unsupervised K-means algorithm to make a comprehensive decision classification adaptively. The power of the proposed method is demonstrated on three steganographic methods with three feature extraction methods. Experimental results show that the accuracy can be improved using iterative discriminant classification.