There are two types of elliptic curves, ordinary elliptic curves and supersingular elliptic curves. In 2012, Sutherland proposed an efficient and almost deterministic algorithm for determining whether a given curve is ordinary or supersingular. Sutherland's algorithm is based on sequences of isogenies started from the input curve, and computation of each isogeny requires square root computations, which is the dominant cost of the algorithm. In this paper, we reduce this dominant cost of Sutherland's algorithm to approximately a half of the original. In contrast to Sutherland's algorithm using j-invariants and modular polynomials, our proposed algorithm is based on Legendre form of elliptic curves, which simplifies the expression of each isogeny. Moreover, by carefully selecting the type of isogenies to be computed, we succeeded in gathering square root computations at two consecutive steps of Sutherland's algorithm into just a single fourth root computation (with experimentally almost the same cost as a single square root computation). The results of our experiments using Magma are supporting our argument; for cases of characteristic p of 768-bit to 1024-bit lengths, our proposed algorithm for characteristic p≡1 (mod 4) runs in about 61.5% of the time and for characteristic p≡3 (mod 4) also runs in about 54.9% of the time compared to Sutherland's algorithm.

The CGL hash function is a provably secure hash function using walks on isogeny graphs of supersingular elliptic curves. A dominant cost of its computation comes from iterative computations of power roots over quadratic extension fields. In this paper, we reduce the necessary number of power root computations by almost half, by applying and also extending an existing method of efficient isogeny sequence computation on Legendre curves (Hashimoto and Nuida, CASC 2021). We also point out some relationship between 2-isogenies for Legendre curves and those for Edwards curves, which is of independent interests, and develop a method of efficient computation for 2e-th roots in quadratic extension fields.

Authenticated Key Exchange (AKE) is a cryptographic protocol to share a common session key among multiple parties. Usually, PKI-based AKE schemes are designed to guarantee secrecy of the session key and mutual authentication. However, in practice, there are many cases where mutual authentication is undesirable such as in anonymous networks like Tor and Riffle, or difficult to achieve due to the certificate management at the user level such as the Internet. Goldberg et al. formulated a model of anonymous one-sided AKE which guarantees the anonymity of the client by allowing only the client to authenticate the server, and proposed a concrete scheme. However, existing anonymous one-sided AKE schemes are only known to be secure in the random oracle model. In this paper, we propose generic constructions of anonymous one-sided AKE in the random oracle model and in the standard model, respectively. Our constructions allow us to construct the first post-quantum anonymous one-sided AKE scheme from isogenies in the standard model.

Message franking is introduced by Facebook in end-to-end encrypted messaging services. It allows to produce verifiable reports of malicious messages by including cryptographic proofs, called reporting tags, generated by Facebook. Recently, Grubbs et al. (CRYPTO'17) proceeded with the formal study of message franking and introduced committing authenticated encryption with associated data (CAEAD) as a core primitive for obtaining message franking. In this work, we aim to enhance the security of message franking and introduce forward security and updates of reporting tags for message franking. Forward security guarantees the security associated with the past keys even if the current keys are exposed and updates of reporting tags allow for reporting malicious messages after keys are updated. To this end, we firstly propose the notion of key-evolving message franking with updatable reporting tags including additional key and reporting tag update algorithms. Then, we formalize five security requirements: confidentiality, ciphertext integrity, unforgeability, receiver binding, and sender binding. Finally, we show a construction of forward secure message franking with updatable reporting tags based on CAEAD, forward secure pseudorandom generator, and updatable message authentication code.

We show that every polynomial threshold function that sign-represents the ODD-MAXBITn function has total absolute weight 2Ω(n1/3). The bound is tight up to a logarithmic factor in the exponent.

For any m strings of total length n, we propose an O(mn log n)-time, O(n)-space algorithm that finds a maximal common subsequence of all the strings, in the sense that inserting any character in it no longer yields a common subsequence of them. Such a common subsequence could be treated as indicating a nontrivial common structure we could find in the strings since it is NP-hard to find any longest common subsequence of the strings.

Our research group has been working on attractiveness prediction, reasoning, and even enhancement for multimedia content, which we call “attractiveness computing.” Attractiveness includes impressiveness, instagrammability, memorability, clickability, and so on. Analyzing such attractiveness was usually done by experienced professionals but we have experimentally revealed that artificial intelligence (AI) based on big multimedia data can imitate or reproduce professionals' skills in some cases. In this paper, we introduce some of the representative works and possible real-life applications of our attractiveness computing for image media.

High-performance deep learning-based object detection models can reduce traffic accidents using dashcam images during nighttime driving. Deep learning requires a large-scale dataset to obtain a high-performance model. However, existing object detection datasets are mostly daytime scenes and a few nighttime scenes. Increasing the nighttime dataset is laborious and time-consuming. In such a case, it is possible to convert daytime images to nighttime images by image-to-image translation model to augment the nighttime dataset with less effort so that the translated dataset can utilize the annotations of the daytime dataset. Therefore, in this study, a GAN-based image-to-image translation model is proposed by incorporating self-attention with cycle consistency and content/style separation for nighttime data augmentation that shows high fidelity to annotations of the daytime dataset. Experimental results highlight the effectiveness of the proposed model compared with other models in terms of translated images and FID scores. Moreover, the high fidelity of translated images to the annotations is verified by a small object detection model according to detection results and mAP. Ablation studies confirm the effectiveness of self-attention in the proposed model. As a contribution to GAN-based data augmentation, the source code of the proposed image translation model is publicly available at https://github.com/subecky/Image-Translation-With-Self-Attention

The existing target-dependent scalable image compression network can control the target of the compressed images between the human visual system and the deep learning based classification task. However, in its RNN based structure controls the bit-rate through the number of iterations, where each iteration generates a fixed size of the bit stream. Therefore, a large number of iterations are required at the high BPP, and fine-grained image quality control is not supported at the low BPP. In this paper, we propose a novel RNN-based image compression model that can schedule the channel size per iteration, to reduce the number of iterations at the high BPP and fine-grained bit-rate control at the low BPP. To further enhance the efficiency, multiple network models for various channel sizes are combined into a single model using the slimmable network architecture. The experimental results show that the proposed method achieves comparable performance to the existing method with finer BPP adjustment, increases parameters by only 0.15% and reduces the average amount of computation by 40.4%.

In this paper, we propose a low-complexity and accurate noise suppression based on an a priori SNR (Speech to Noise Ratio) model for greater robustness w.r.t. short-term noise-fluctuation. The a priori SNR, the ratio of speech spectra and noise spectra in the spectral domain, represents the difference between speech features and noise features in the feature domain, including the mel-cepstral domain and the logarithmic power spectral domain. This is because logarithmic operations are used for domain conversions. Therefore, an a priori SNR model can easily be expressed in terms of the difference between the speech model and the noise model, which are modeled by the Gaussian mixture models, and it can be generated with low computational cost. By using a priori SNRs accurately estimated on the basis of an a priori SNR model, it is possible to calculate accurate coefficients of noise suppression filters taking into account the variance of noise, without serious increase in computational cost over that of a conventional model-based Wiener filter (MBW). We have conducted in-car speech recognition evaluation using the CENSREC-2 database, and a comparison of the proposed method with a conventional MBW showed that the recognition error rate for all noise environments was reduced by 9%, and that, notably, that for audio-noise environments was reduced by 11%. We show that the proposed method can be processed with low levels of computational and memory resources through implementation on a digital signal processor.

Majority operation has been paid attention as a basic element of beyond-Moore devices on which logic functions are constructed from Majority elements and inverters. Several optimization methods are developed to reduce the number of elements on Majority-Inverter Graphs (MIGs) but more area and power reduction are required. The paper proposes a new exact synthesis method for MIG based on a new topological constraint using node levels. Possible graph structures are clustered by the levels of input nodes, and all possible structures can be enumerated efficiently in the exact synthesis compared with previous methods. Experimental results show that our method decreases the runtime up to 25.33% compared with the fence-based method, and up to 6.95% with the partial-DAG-based method. Furthermore, our implementation can achieve better performance in size optimization for benchmark suites.

Considering the growth of the IoT network, there is a demand for a decentralized solution. Incorporating the blockchain technology will eliminate the challenges faced in centralized solutions, such as i) high infrastructure, ii) maintenance cost, iii) lack of transparency, iv) privacy, and v) data tampering. Blockchain-based IoT network allows businesses to access and share the IoT data within their organization without a central authority. Data in the blockchain are stored as blocks, which should be validated and added to the chain, for this consensus mechanism plays a significant role. However, existing methods are not designed for IoT applications and lack features like i) decentralization, ii) scalability, iii) throughput, iv) faster convergence, and v) network overhead. Moreover, current blockchain frameworks failed to support resource-constrained IoT applications. In this paper, we proposed a new consensus method (WoG) and a lightweight blockchain framework (iLEDGER), mainly for resource-constrained IoT applications in a permissioned environment. The proposed work is tested in an application that tracks the assets using IoT devices (Raspberry Pi 4 and RFID). Furthermore, the proposed consensus method is analyzed against benign failures, and performance parameters such as CPU usage, memory usage, throughput, transaction execution time, and block generation time are compared with state-of-the-art methods.

The radio map of wireless communications should be surveyed in advance when installing base stations to efficiently utilize radio waves. Generally, this is calculated using radio wave propagation simulation. Because the simulation is time-consuming, a tensor-rank minimization-based interpolation method has been proposed as fast method. However, this method interpolates the radio map using an iterative algorithm. The number of iterations required for further acceleration should be reduced; therefore, we propose a tensor interpolation using rank minimization that considers the characteristics of radio wave propagation. Furthermore, we proved that the proposed method could interpolate with fewer iterations than the existing method.

In this paper, the notion of 2-tuples distribution matrices of the rotation symmetric orbits is proposed, by using the properties of the 2-tuples distribution matrix, a new characterization of 2-resilient rotation symmetric Boolean functions is demonstrated. Based on the new characterization of 2-resilient rotation symmetric Boolean functions, constructions of 2-resilient rotation symmetric Boolean functions (RSBFs) are further studied, and new 2-resilient rotation symmetric Boolean functions with prime variables are constructed.

This letter is devoted to constructing new Type-II Z-complementary pairs (ZCPs). A ZCP of length N with ZCZ width Z is referred to in short by the designation (N, Z)-ZCP. Inspired by existing works of ZCPs, systematic constructions of (2N+3, N+2)-ZCPs and (4N+4, 7/2N+4)-ZCPs are proposed by appropriately inserting elements into concatenated GCPs. The odd-length binary Z-complementary pairs (OB-ZCPs) are Z-optimal. Furthermore, the proposed construction can generate even-length binary Z-complementary pairs (EB-ZCPs) with ZCZ ratio (i.e. ZCZ width over the sequence length) of 7/8. It turns out that the PMEPR of resultant EB-ZCPs are upper bounded by 4.

Technology for sixth-generation (6G) mobile communication system is now being widely studied. A sub-Terahertz band is expected to play a great role in 6G to enable extremely high data-rate transmission. This paper has two goals. (1) Introduction of 6G concept and propagation characteristics of sub-Terahertz-band radio waves. (2) Performance evaluation of intelligent reflecting surfaces (IRSs) based on beamforming in a sub-Terahertz band for smart radio environments (SREs). We briefly review research on SREs with reconfigurable intelligent surfaces (RISs), and describe requirements and key features of 6G with a sub-Terahertz band. After that, we explain propagation characteristics of sub-Terahertz band radio waves. Important feature is that the number of multipath components is small in a sub-Terahertz band in indoor office environments. This leads to an IRS control method based on beamforming because the number of radio waves out of the optimum beam is very small and power that is not used for transmission from the IRS to user equipment (UE) is little in the environments. We use beams generated by a Butler matrix or a DFT matrix. In simulations, we compare the received power at a UE with that of the upper bound value. Simulation results show that the proposed method reveals good performance in the sense that the received power is not so lower than the upper bound value.

This paper proposes two full-digital receive beamforming (BF) methods for low-complexity and high-accuracy uplink signal detection via Gaussian belief propagation (GaBP) at base stations (BSs) adopting massive multi-input multi-output (MIMO) for open radio access network (O-RAN). In addition, beyond fifth generation mobile communication (beyond 5G) systems will increase uplink capacity. In the scenarios such as O-RAN and beyond 5G, it is vital to reduce the cost of the BSs by limiting the bandwidth of fronthaul (FH) links, and the dimensionality reduction of the received signal based on the receive BF at a radio unit is a well-known strategy to reduce the amount of data transported via the FH links. In this paper, we clarify appropriate criteria for designing a BF weight considering the subsequent GaBP signal detection with the proposed methods: singular-value-decomposition-based BF and QR-decomposition-based BF with the aid of discrete-Fourier-transformation-based spreading. Both methods achieve the dimensionality reduction without compromising the desired signal power by taking advantage of a null space of channels. The proposed receive BF methods reduce correlations between the received signals in the BF domain, which improves the robustness of GaBP against spatial correlation among fading coefficients. Simulation results assuming realistic BS and user equipment arrangement show that the proposed methods improve detection capability while significantly reducing the computational cost.

With the rapid increase in the amount of data communication in 5G networks, there is a strong demand to reduce the power of the entire network, so the use of highly power-efficient millimeter-wave (mm-wave) networks is being considered. However, while mm-wave communication has high power efficiency, it has strong straightness, so it is difficult to secure stable communication in an environment with blocking. Especially when considering use cases such as autonomous driving, continuous communication is required when transmitting streaming data such as moving images taken by vehicles, it is necessary to compensate the blocking problem. For this reason, the authors examined an optimum radio access technology (RAT) selection scheme which selects mm-wave communication when mm-wave can be used and select wide-area macro-communication when mm-wave may be blocked. In addition, the authors implemented the scheme on a prototype device and conducted field tests and confirmed that mm-wave communication and macro communication were switched at an appropriate timing.

This paper investigates a service deployment model for network function virtualization which handles per-flow priority to minimize the deployment cost. Service providers need to implement network services each of which consists of one or more virtual network functions (VNFs) with satisfying requirements of service delays. In our previous work, we studied the service deployment model with per-host priority; flows belonging to the same service, for the same VNF, and handled on the same host have the same priority. We formulated the model as an optimization problem, and developed a heuristic algorithm named FlexSize to solve it in practical time. In this paper, we address per-flow priority, in which flows of the same service, VNF, and host have different priorities. In addition, we expand FlexSize to handle per-flow priority. We evaluate per-flow and per-host priorities, and the numerical results show that per-flow priority reduces deployment cost compared with per-host priority.

This paper proposes a backup resource allocation model for virtual network functions (VNFs) to minimize the total allocated computing capacity for backup with considering the service delay. If failures occur to primary hosts, the VNFs in failed hosts are recovered by backup hosts whose allocation is pre-determined. We introduce probabilistic protection, where the probability that the protection by a backup host fails is limited within a given value; it allows backup resource sharing to reduce the total allocated computing capacity. The previous work does not consider the service delay constraint in the backup resource allocation problem. The proposed model considers that the probability that the service delay, which consists of networking delay between hosts and processing delay in each VNF, exceeds its threshold is constrained within a given value. We introduce a basic algorithm to solve our formulated delay-constraint optimization problem. In a problem with the size that cannot be solved within an acceptable computation time limit by the basic algorithm, we develop a simulated annealing algorithm incorporating Yen's algorithm to handle the delay constraint heuristically. We observe that both algorithms in the proposed model reduce the total allocated computing capacity by up to 56.3% compared to a baseline; the simulated annealing algorithm can get feasible solutions in problems where the basic algorithm cannot.