FOX is a family of block ciphers published in 2004 and is famous for its provable security to cryptanalysis. In this paper, we present multiple 4-round impossible differentials and several new results of impossible differential attacks on 5,6,7-round FOX64 and 5-round FOX128 with the multiple differentials and the new early abort technique which shall reduce the data complexity and the time complexity respectively. In terms of the data complexity and the time complexity, our results are better than any of the previously known attacks.

SAFER block cipher family consists of SAFER K, SAFER SK, SAFER+ and SAFER++. As the first proposed block cipher of them, SAFER K is strengthened by SAFER SK with improved key schedule. SAFER+ is designed as an AES candidate and Bluetooth uses a customized version of it for security. SAFER++, a variant of SAFER+, is among the cryptographic primitives selected for the second phase of the NESSIE project. In this paper, we take advantage of properties of the linear transformation and S-boxes to identify new impossible differentials for SAFER SK, SAFER+, and SAFER++. Moreover, we give the impossible differential attacks on 4-round SAFER SK/128 and 4-round SAFER+/128(256), 5-round SAFER++/128 and 5.5-round SAFER++/256. Our attacks significantly improve previously known impossible differential attacks on them. Specifically, our attacks on SAFER+ are the best attack in terms of number of rounds.

In order to verify the channel sum-rate improvement by multi-user multiple-input multiple-output (MU-MIMO) transmission in distributed antenna systems (DASs), we investigate and compare the characteristics of channel sum-rates in both centralized antenna systems (CASs) and DASs under the effects of path loss, spatially correlated shadowing, correlated multi-path fading, and inter-cell interference. In this paper, we introduce two different types of functions to model the shadowing, auto-correlation and cross-correlation, and a typical exponential decay function to model the multi-path fading correlation. Thus, we obtain the distribution of the channel sum-rate and investigate its characteristics. Computer simulation results indicate that DAS can improve the performance of the channel sum-rate compared to CAS, even in the case under consideration. However, this improvement decreases as interference power increases. Moreover, the decrease in the channel sum-rate due to the increase in the interference power becomes slow under the effect of shadowing correlation. In addition, some other analyses on the shadowing correlation that occurs on both the transmit and receiver sides are provided. These analysis results show that the average channel sum-rate in a DAS without inter-cell interference considerably decreases because of the shadowing correlation. In contrast, there appears to be no change in the CAS. Furthermore, there are two different types of sum-rate changes in a DAS because of the difference in shadowing auto-correlation and cross-correlation.

In this work, the differential received signal strength based localization problem is addressed. Based on the measurement model, we present the constrained weighted least squares (CWLS) approach, which is difficult to be solved directly due to its nonconvex nature. However, by performing the semidefinite relaxation (SDR) technique, the CWLS problem can be relaxed into a semidefinite programming problem (SDP), which can be efficiently solved using modern convex optimization algorithms. Moreover, the SDR is proved to be tight, and hence ensures the corresponding SDP find the optimal solution of the original CWLS problem. Numerical simulations are included to corroborate the theoretical results and promising performance.

The performance of multiuser multiple-input single-output (MU-MISO) systems is not only affected by small-scale multipath fading but also by large-scale fading (i.e., shadowing) and path loss. In this paper, we concentrate on the sum rate distribution of MU-MISO systems employing linear zero-forcing beamforming, accounting for both multipath fading and shadowing effects, as well as spatial correlation at the transmit and receiver sides. In particular, we consider the classical spatially correlated lognormal model and propose closed-form bounds on the distribution of the achievable sum rates in MU-MISO systems. With the help of these bounds, we derive a relationship between the interuser distance and sum rate corresponding to 10% of the cumulative distribution function under different environmental conditions. A practical conclusion from our results based on the considered system is that the effect of spatially correlated shadowing can be considered to be independent when the interuser distance is approximately five times the shadowing correlation distance. Furthermore, a detailed analysis of the effects of composite channel attenuation consisting of multipath fading and shadowing is also provided.

Co-channel interference (CCI) is becoming a challenging factor that causes performance degradation in modern communication systems. The receiver equipped with multiple antennas can suppress such interference by exploiting spatial correlation. However, it is difficult to estimate the spatial covariance matrix (SCM) of CCI accurately with limited number of known symbols. To address this problem, this paper first proposes an improved SCM estimation method by shrinking the variance of eigenvalues. In addition, based on breadth-first tree search schemes and improved channel updating, a low complexity iterative detector is presented with channel preprocessing, which not only considers the existence of CCI but also reduces the computational complexity in terms of visited nodes in a search tree. Furthermore, by scaling the extrinsic soft information which is fed back to the input of detector, the detection performance loss due to max-log approximation is compensated. Simulation results show that the proposed iterative receiver provides improved signal to interference ratio (SIR) gain with low complexity, which demonstrate the proposed scheme is attractive in practical implementation.

For low-density parity-check codes, spatial coupling was proved to boost the performance of iterative decoding up to the optimal performance. As an application of spatial coupling, in this paper, bit-interleaved coded modulation (BICM) with spatially coupled (SC) interleaving — called SC-BICM — is considered to improve the performance of iterative channel estimation and decoding for block-fading channels. In the iterative receiver, feedback from the soft-in soft-out decoder is utilized to refine the initial channel estimates in linear minimum mean-squared error (LMMSE) channel estimation. Density evolution in the infinite-code-length limit implies that the SC-BICM allows the receiver to attain accurate channel estimates even when the pilot overhead for training is negligibly small. Furthermore, numerical simulations show that the SC-BICM can provide a steeper reduction in bit error rate than conventional BICM, as well as a significant improvement in the so-called waterfall performance for high rate systems.

Hidden Credential Retrieval (HCR) protocols are designed for access credentials management where users who remember short passwords can retrieve his/her various credentials (access keys and tokens) with the help of a remote storage server over insecure networks (e.g., the Internet). In this paper, we revisit two HCR protocols, both of which are based on blind signature schemes: one (we call it B-HCR) was proposed in ASIACCS 2009 and the other (we call it MRS-HCR) was in WISA 2010. In particular, we show that the B-HCR protocol is insecure against an outside attacker who impersonates server S. Specifically, the attacker can find out the user's password pw with off-line dictionary attacks by eavesdropping the communications between the user and a third-party online service provider. Also, we show that the MRS-HCR protocol does not work correctly itself. In other words, user U can not retrieve the plaintext Msg (i.e., credentials) even if he/she has a knowledge of the password.

This paper presents an efficient method for differential fault analysis (DFA) on substitution-permutation network (SPN)-based block ciphers. A combination of a permutation cancellation and an algebraic key filtering technique makes it possible to reduce the computational cost of key filtering significantly and therefore perform DFAs with new fault models injected at an earlier round, which defeats conventional countermeasures duplicating or recalculating the rounds of interest. In this paper, we apply the proposed DFA to the LED block cipher. Whereas existing DFAs employ fault models injected at the 30th round, the proposed DFA first employs a fault model injected at the 29th round. We demonstrate that the proposed DFA can obtain the key candidates with only one pair of correct and faulty ciphertexts in about 2.1h even from the 29th round fault model and the resulting key space is reduced to 24.04

Speeded up robust features (SURF) can detect/describe scale- and rotation-invariant features at high speed by relying on integral images for image convolutions. However, the time taken for matching SURF descriptors is still long, and this has been an obstacle for use in real-time applications. In addition, the matching time further increases in proportion to the number of features and the dimensionality of the descriptor. Therefore, we propose a fast matching method that rearranges the elements of SURF descriptors based on their entropies, divides SURF descriptors into sub-descriptors, and sequentially and analytically matches them to each other. Our results show that the matching time could be reduced by about 75% at the expense of a small drop in accuracy.

In this paper, we present a new cryptanalytic tool that can reduce the complexity of integral analysis against Addition-Rotation-XOR (ARX) based designs. Our technique is based on the partial-sum technique proposed by Ferguson et al. at FSE 2000, which guesses subkeys byte to byte in turn, and the data to be analyzed is compressed for each key guess. In this paper, the technique is extended to ARX based designs. Subkeys are guessed bit by bit, and the data is compressed with respect to the value of the guessed bit position and carry values to the next bit position. We call the technique bitwise partial-sum. We demonstrate this technique by applying it to reduced-round versions of HIGHT, which is one of the ISO standard 64-bit block ciphers. Another contribution of this paper is an independent improvement specific to HIGHT. By exploiting linear computations inside the round function, the number of guessed bits during the key recovery phase can be greatly reduced. Together with the bitwise partial-sum, the integral analysis on HIGHT is extended from previous 22 rounds to 26 rounds, while full HIGHT consists of 32 rounds.

An optimal design method of linear processors intended for a multi-input multi-output (MIMO) full-duplex (FD) amplify-and-forward (AF) relay network is presented under the condition of spatial-domain self-interference nulling. This method is designed to suit the availability of channel state information (CSI). If full CSI of source station (SS)-relay station (RS), RS-RS (self-interference channel), and RS-destination station (DS) links are available, the instantaneous end-to-end capacity is maximized. Otherwise, if CSI of the RS-DS link is either partially available (only covariance is known), or not available, while CSI of the other links is known, then the ergodic end-to-end capacity is maximized. Performance of the proposed FD-AF relay system is demonstrated through computer simulations, especially under various correlation conditions of the RS-DS link.

Counting the number of differentially active S-boxes is of great importance in evaluating the security of a block cipher against differential attack. Mouha et al. proposed a technique based on Mixed-Integer Linear Programming (MILP) to automatically calculate a lower bound of the number of differentially active S-boxes for word-oriented block ciphers, and applied it to symmetric ciphers AES and Enocoro-128v2. Later Sun et al. extended the method by introducing bit-level representations for S-boxes and new constraints in the MILP problem, and applied the extended method to PRESENT-80 and LBlock. This kind of methods greatly depends on the constraints in the MILP problem describing the differential propagation of the block cipher. A more accurate description of the differential propagation leads to a tighter bound on the number of differentially active S-boxes. In this paper, we refine the constraints in the MILP problem describing XOR operations, and apply the refined MILP modeling to determine a lower bound of the number of active S-boxes for the Lai-Massey type block cipher FOX in the model of single-key differential attack, and obtain a tighter bound in FOX64 than existing results. Experimental results show that 6, instead of currently known 8, rounds of FOX64 is strong enough to resist against basic single-key differential attack since the differential characteristic probability is upper bounded by 2-64, and thus the maximum differential characteristic probability of 12-round FOX64 is upper bounded by 2-128, where 128 is the key-length of FOX64. We also get the lower bound of the number of differentially active S-boxes for 5-round FOX128, and proved the security of the full-round FOX128 with respect to single-key differential attack.

The Boolean network can be used as a mathematical model for gene regulatory networks. An attractor, which is a state of a Boolean network repeating itself periodically, can represent a stable stage of a gene regulatory network. It is known that the problem of finding an attractor of the shortest period is NP-hard. In this article, we give a fixed-parameter algorithm for detecting a singleton attractor (SA) for a Boolean network that has only AND and OR Boolean functions of literals and has bounded treewidth k. The algorithm is further extended to detect an SA for a constant-depth nested canalyzing Boolean network with bounded treewidth. We also prove the fixed-parameter intractability of the detection of an SA for a general Boolean network with bounded treewidth.

We previously proposed a query-by-sketch image retrieval system that uses an edge relation histogram (ERH). However, it is difficult for this method to retrieve partial objects from an image, because the ERH is a feature of the entire image, not of each object. Therefore, we propose an object-extraction method that uses edge-based features in order to enable the query-by-sketch system to retrieve partial images. This method is applied to 20,000 images from the Corel Photo Gallery. We confirm that retrieval accuracy is improved by using the edge-based features for extracting objects, enabling the query-by-sketch system to retrieve partial images.

A method of round addition attack on substitution-permutation network (SPN) block ciphers using differential fault analysis (DFA) is presented. For the 128-bit advanced encryption standard (AES), we show that secret keys can be extracted using one correct ciphertext and two faulty ciphertexts. Furthermore, we evaluate the success rate of a round addition DFA attack, experimentally. The proposed method can also be applied to lightweight SPN block cipher such as KLEIN and LED.

In anonymous reputation systems, where after an interaction between anonymous users, one of the users evaluates the peer by giving a rating. Ratings for a user are accumulated, which becomes the reputation of the user. By using the reputation, we can know the reliability of an anonymous user. Previously, anonymous reputation systems have been proposed, using an anonymous e-cash scheme. However, in the e-cash-based systems, the bank grasps the accumulated reputations for all users, and the fluctuation of reputations. These are private information for users. Furthermore, the timing attack using the deposit times is possible, which makes the anonymity weak. In this paper, we propose an anonymous reputation system, where the reputations of users are secret for even the reputation manager such as the bank. Our approach is to adopt an anonymous credential certifying the accumulated reputation of a user. Initially a user registers with the reputation manager, and is issued an initial certificate. After each interaction with a rater, the user as the ratee obtains an updated certificate certifying the previous reputation summed up by the current rating. The update protocol is based on the zero-knowledge proofs, and thus the reputations are secret for the reputation manager. On the other hand, due to the certificate, the user cannot maliciously alter his reputation.

In this paper, sequential prediction is studied. The typical assumptions about the probabilistic model in sequential prediction are following two cases. One is the case that a certain probabilistic model is given and the parameters are unknown. The other is the case that not a certain probabilistic model but a class of probabilistic models is given and the parameters are unknown. If there exist some parameters and some models such that the distributions that are identified by them equal the source distribution, an assumed model or a class of models can represent the source distribution. This case is called that specifiable condition is satisfied. In this study, the decision based on the Bayesian principle is made for a class of probabilistic models (not for a certain probabilistic model). The case that specifiable condition is not satisfied is studied. Then, the asymptotic behaviors of the cumulative logarithmic loss for individual sequence in the sense of almost sure convergence and the expected loss, i.e. redundancy are analyzed and the constant terms of the asymptotic equations are identified.

Maximally flat digital differentiators (MFDDs) are widely used in many applications. By using MFDDs, we obtain the derivative of an input signal with high accuracy around their center frequency of flat property. Moreover, to avoid the influence of noise, it is desirable to attenuate the magnitude property of MFDDs expect for the vicinity of the center frequency. In this paper, we introduce a design method of linear phase FIR band-pass MFDDs with an arbitrary center frequency. The proposed transfer function for both of TYPE III and TYPE IV can be achieved as a closed form function using Jacobi polynomial. Furthermore, we can easily derive the weighting coefficients of the proposed MFDDs using recursive formula. Through some design examples, we confirm that the proposed method can adjust the center frequency arbitrarily and the band width having flat property.

Cognitive radio has been developed recently as a promising solution to tackle the spectrum related issues such as spectrum scarcity and spectrum underutilization. Cognitive spectrum assignment is necessary for allocating spectrum bands to secondary users in order to avoid conflicts among secondary users and maximize the total network performance under a given set of conditions. In most spectrum assignment schemes, throughput is considered as the main criterion for spectrum selection or spectrum assignment. In this paper, we propose a distortion-aware channel allocation scheme for multiple secondary users who compete for primary channels to transmit multimedia data. In the proposed scheme, idle spectrum bands are assigned to the multimedia secondary users that attain the highest video distortion reduction. The scheme is expected to mitigate the selfish behaviors of users in competing channels. The performance effectiveness of our proposed channel allocation scheme is demonstrated through simulation by comparing with a benchmark of two reference spectrum assignment schemes.