Stochastic geometry analysis of wireless backhaul networks with beamforming in roadside environments is provided. In particular, a new model to analyze antenna gains, interference, and coverage in roadside environments of wireless networks with Poisson point process deployment of BSs is proposed. The received interference from the BSs with wired backhaul (referred to as anchored BS or A-BS) and the coverage probability of a typical BS are analyzed under different approximations of the location of the serving A-BS and combined antenna gains. Considering the beamforming, the coverage probability based on the aggregate interference consisting of the direct interference from the A-BSs and reflected interference from the BSs with wireless backhaul is also derived.

Collecting and analyzing personal data is important in modern information applications. Though the privacy of data providers should be protected, the need to track certain data providers often arises, such as tracing specific patients or adversarial users. Thus, tracking only specific persons without revealing normal users' identities is quite important for operating information systems using personal data. It is difficult to know in advance the rules for specifying the necessity of tracking since the rules are derived by the analysis of collected data. Thus, it would be useful to provide a general way that can employ any data analysis method regardless of the type of data and the nature of the rules. In this paper, we propose a privacy-preserving data analysis construction that allows an authority to detect specific users while other honest users are kept anonymous. By using the cryptographic techniques of group signatures with message-dependent opening (GS-MDO) and public key encryption with non-interactive opening (PKENO), we provide a correspondence table that links a user and data in a secure way, and we can employ any anonymization technique and data analysis method. It is particularly worth noting that no “big brother” exists, meaning that no single entity can identify users who do not provide anomaly data, while bad behaviors are always traceable. We show the result of implementing our construction. Briefly, the overhead of our construction is on the order of 10 ms for a single thread. We also confirm the efficiency of our construction by using a real-world dataset.

This paper proposes iterative carrier frequency offset (CFO) compensation for spatially multiplexed Bluetooth Low Energy (BLE) signals using independent component analysis (ICA). We apply spatial division multiple access (SDMA) to BLE system to deal with massive number of connection requests of BLE devices expected in the future. According to specifications, each BLE peripheral device is assumed to have CFO of up to 150 [kHz] due to hardware impairments. ICA can resolve spatially multiplexed signals even if they include independent CFO. After the ICA separation, the proposed scheme compensates for the CFO. However, the length of the BLE packet preamble is not long enough to obtain accurate CFO estimates. In order to accurately conduct the CFO compensation using the equivalent of a long pilot signal, preamble and a part of estimated data in the previous process are utilized. In addition, we reveal the fact that the independent CFO of each peripheral improves the capability of ICA blind separation. The results confirm that the proposed scheme can effectively compensate for CFO in the range of up to 150[kHz], which is defined as the acceptable value in the BLE specification.

We propose a novel framework for integrating beginners' machine operational experiences with those of experts' to obtain a detailed task model. Beginners can provide valuable information for operation guidance and task design; for example, from the operations that are easy or difficult for them, the mistakes they make, and the strategy they tend to choose. However, beginners' experiences often vary widely and are difficult to integrate directly. Thus, we consider an operational experience as a sequence of hand-machine interactions at hotspots. Then, a few experts' experiences and a sufficient number of beginners' experiences are unified using two aggregation steps that align and integrate sequences of interactions. We applied our method to more than 40 experiences of a sewing task. The results demonstrate good potential for modeling and obtaining important properties of the task.

The aim of this study is to calculate optimal walking routes in real space for users partaking in immersive virtual reality (VR) games without compromising their immersion. To this end, we propose a navigation system to automatically determine the route to be taken by a VR user to avoid collisions with surrounding obstacles. The proposed method is evaluated by simulating a real environment. It is verified to be capable of calculating and displaying walking routes to safely guide users to their destinations without compromising their VR immersion. In addition, while walking in real space while experiencing VR content, users can choose between 6-DoF (six degrees of freedom) and 3-DoF (three degrees of freedom). However, we expect users to prefer 3-DoF conditions, as they tend to walk longer while using VR content. In dynamic situations, when two pedestrians are added to a designated computer-generated real environment, it is necessary to calculate the walking route using moving body prediction and display the moving body in virtual space to preserve immersion.

The transition dynamics of a multistable tunnel-diode oscillator is characterized for modulating amplitude of outputted oscillatory signal. The base oscillator possesses fixed-point and limit-cycle stable points for a unique bias voltage. Switching these two stable points by external signal can render an efficient method for modulation of output amplitude. The time required for state transition is expected to be dominated by the aftereffect of the limiting point. However, it is found that its influence decreases exponentially with respect to the amplitude of external signal. Herein, we first describe numerically the pulse generation scheme with the transition dynamics of the oscillator and then validate it with several time-domain measurements using a test circuit.

Knowledge-of-exponent assumptions (KEAs) are a somewhat controversial but nevertheless commonly used type of cryptographic assumptions. While traditional cryptographic assumptions simply assert that certain tasks (like factoring integers or computing discrete logarithms) cannot be performed efficiently, KEAs assert that certain tasks can be performed efficiently, but only in certain ways. The controversy surrounding those assumptions is due to their non-falsifiability, which is due to the way this idea is formalised, and to the general idea that these assumptions are “strong”. Nevertheless, their relationship to existing assumptions has not received much attention thus far. In this paper, we show that the first KEA (KEA1), introduced by Damgård in 1991, implies that computing discrete logarithms is equivalent to solving the computational Diffie-Hellman (CDH) problem. Since showing this equivalence in the standard setting (i.e., without the assumption that KEA1 holds) is a longstanding open question, this indicates that KEA1 (and KEAs in general) are indeed quite strong assumptions.

This paper presents a conformal retrodirective metagrating with multi-azimuthal-angle operating ability. First, a flat metagrating composed of a periodic array of single rectangular patch elements, two-layer stacked substrates, and a ground plane is implemented to achieve one-directional retroreflection at a specific angle. The elevation angle of the retroreflection is manipulated by precisely tuning the value of the period. To control the energy coupling to the retrodirective mode, the dimensions of the length and width of the rectangular patch are investigated under the effect of changing the substrate thickness. Three values of the length, width, and thickness are then chosen to obtain a high retroreflection power efficiency. Next, to create a conformal design operating simultaneously at multiple azimuthal angles, the rectangular patch array using a flexible ultra-thin guiding layer is conformed to a dielectric cylindrical substrate backed by a perfect electric conductor ground plane. Furthermore, to further optimize the retroreflection efficiency, two circular metallic plates are added at the two ends of the cylindrical substrate to eliminate the specular reflection inside the space of the cylinder. The measured radar cross-section shows a power efficiency of the retrodirective metagrating of approximately 91% and 93% for 30° retrodirected elevation angle at the azimuthal angles of 0° and 90°, respectively, at 5.8GHz.

A model extraction attack is a security issue in deep neural networks (DNNs). Information on a trained DNN model is an attractive target for an adversary not only in terms of intellectual property but also of security. Thus, an adversary tries to reveal the sensitive information contained in the trained DNN model from machine-learning services. Previous studies on model extraction attacks assumed that the victim provides a machine-learning cloud service and the adversary accesses the service through formal queries. However, when a DNN model is implemented on an edge device, adversaries can physically access the device and try to reveal the sensitive information contained in the implemented DNN model. We call these physical model extraction attacks model reverse-engineering (MRE) attacks to distinguish them from attacks on cloud services. Power side-channel analyses are often used in MRE attacks to reveal the internal operation from power consumption or electromagnetic leakage. Previous studies, including ours, evaluated MRE attacks against several types of DNN processors with power side-channel analyses. In this paper, information leakage from a systolic array which is used for the matrix multiplication unit in the DNN processors is evaluated. We utilized correlation power analysis (CPA) for the MRE attack and reveal weight parameters of a DNN model from the systolic array. Two types of the systolic array were implemented on field-programmable gate array (FPGA) to demonstrate that CPA reveals weight parameters from those systolic arrays. In addition, we applied an extended analysis approach called “chain CPA” for robust CPA analysis against the systolic arrays. Our experimental results indicate that an adversary can reveal trained model parameters from a DNN accelerator even if the DNN model parameters in the off-chip bus are protected with data encryption. Countermeasures against side-channel leaks will be important for implementing a DNN accelerator on a FPGA or application-specific integrated circuit (ASIC).

ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).

Replayable chosen ciphertext (RCCA) security was introduced by Canetti, Krawczyk, and Nielsen (CRYPTO'03) in order to handle an encryption scheme that is “non-malleable except tampering which preserves the plaintext.” RCCA security is a relaxation of CCA security and a useful security notion for many practical applications such as authentication and key exchange. Canetti et al. defined non-malleability against RCCA (NM-RCCA), indistinguishability against RCCA (IND-RCCA), and universal composability against RCCA (UC-RCCA). Moreover, they proved that these three security notions are equivalent when considering a PKE scheme whose plaintext space is super-polynomially large. Among these three security notions, NM-RCCA seems to play the central role since RCCA security was introduced in order to capture “non-malleability except tampering which preserves the plaintext.” However, their definition of NM-RCCA is not a natural extension of that of original non-malleability, and it is not clear whether their NM-RCCA captures the requirement of original non-malleability. In this paper, we propose definitions of indistinguishability-based and simulation-based non-malleability against RCCA by extending definitions of original non-malleability. We then prove that these two notions of non-malleability and IND-RCCA are equivalent regardless of the size of plaintext space of PKE schemes.

The membership check of a group is an important operation to implement discrete logarithm-based cryptography in practice securely. Since this check requires costly scalar multiplication or exponentiation operation, several efficient methods have been investigated. In the case of pairing-based cryptography, this is an extended research area of discrete logarithm-based cryptography, Barreto et al. (LATINCRYPT 2015) proposed a parameter choice called subgroup-secure elliptic curves. They also claimed that, in some schemes, if an elliptic curve is subgroup-secure, costly scalar multiplication or exponentiation operation can be omitted from the membership check of bilinear groups, which results in faster schemes than the original ones. They also noticed that some schemes would not maintain security with this omission. However, they did not show the explicit condition of what schemes become insecure with the omission. In this paper, we show a concrete example of insecurity in the sense of subgroup security to help developers understand what subgroup security is and what properties are preserved. In our conclusion, we recommend that the developers use the original membership check because it is a general and straightforward method to implement schemes securely. If the developers want to use the subgroup-secure elliptic curves and to omit the costly operation in a scheme for performance reasons, it is critical to carefully analyze again that correctness and security are preserved with the omission.

Multivariate public key cryptosystem (MPKC) is one of the major post quantum cryptosystems (PQC), and the National Institute of Standards and Technology (NIST) recently selected four MPKCs as candidates of their PQC. The security of MPKC depends on the hardness of solving systems of algebraic equations over finite fields. In particular, the multivariate quadratic (MQ) problem is that of solving such a system consisting of quadratic polynomials and is regarded as an important research subject in cryptography. In the Fukuoka MQ challenge project, the hardness of the MQ problem is discussed, and algorithms for solving the MQ problem and the computational results obtained by these algorithms are reported. Algorithms for computing Gröbner basis are used as the main tools for solving the MQ problem. For example, the F4 algorithm and M4GB algorithm have succeeded in solving many instances of the MQ problem provided by the project. In this paper, based on the F4-style algorithm, we present an efficient algorithm to solve the MQ problems with dense polynomials generated in the Fukuoka MQ challenge project. We experimentally show that our algorithm requires less computational time and memory for these MQ problems than the F4 algorithm and M4GB algorithm. We succeeded in solving Type II and III problems of Fukuoka MQ challenge using our algorithm when the number of variables was 37 in both problems.

A fully homomorphic encryption (FHE) would be the important cryptosystem as the basic scheme for the cloud computing. Since Gentry discovered in 2009 the first fully homomorphic encryption scheme, some fully homomorphic encryption schemes were proposed. In the systems proposed until now the bootstrapping process is the main bottleneck and the large complexity for computing the ciphertext is required. In 2011 Zvika Brakerski et al. proposed a leveled FHE without bootstrapping. But circuit of arbitrary level cannot be evaluated in their scheme while in our scheme circuit of any level can be evaluated. The existence of an efficient fully homomorphic cryptosystem would have great practical implications in the outsourcing of private computations, for instance, in the field of the cloud computing. In this paper, IND-CCA1secure FHE based on the difficulty of prime factorization is proposed which does not need the bootstrapping and it is thought that our scheme is more efficient than the previous schemes. In particular the computational overhead for homomorphic evaluation is O(1).

Dense deployments of wireless local area network (WLAN) access points (APs) are accelerating to accommodate the massive wireless traffic from various mobile devices. The AP densification improves the received power at mobile devices; however, total throughput in a target area is saturated by inter-cell interference (ICI) because of the limited number of frequency channels available for WLANs. To substantially mitigate ICI, we developed and described a distributed smart antenna system (D-SAS) proposed for dense WLAN AP deployment in this paper. We also describe a system configuration based on our D-SAS approach. In this approach, the distributed antennas externally attached to each AP can be switched so as to make the transmit power match the mobile device's conditions (received power and packet type). The gains obtained by the antenna switching effectively minimize the transmission power required of each AP. We also describe experimental measurements taken in a stadium using a system prototype, the results show that D-SAS offers double the total throughput attained by a centralized smart antenna system (C-SAS).

Information leakage in Wyner's wiretap channel model is usually defined as the mutual information between the secret message and the eavesdropper's received signal. We define a new quantity called “conditional information leakage given the eavesdropper's received signals,” which expresses the amount of information that an eavesdropper gains from his/her received signal. A benefit of introducing this quantity is that we can develop a fast algorithm for computing the conditional information leakage, which has linear complexity in the code length n, while the complexity for computing the usual information leakage is exponential in n. Validity of such a conditional information leakage as a security criterion is confirmed by studying the cases of binary symmetric channels and binary erasure channels.

To be suitable in practice, pairings are typically carried out by two steps, which consist of the Miller loop and final exponentiation. To improve the final exponentiation step of a pairing on the BLS family of pairing-friendly elliptic curves with embedding degree 15, the authors provide a new representation of the exponent. The proposal can achieve a more reduction of the calculation cost of the final exponentiation than the previous method by Fouotsa et al.

This paper proposes a transparent glass quartz antenna for 5G-millimeter-wave-connected vehicles and clarifies the characteristics of signal reception when the glass antennas are placed on the windows of a vehicle traveling in an urban environment. Synthetic fused quartz is a material particularly suited for millimeter-wave devices owing to its excellent low transmission loss. Realizing synthetic fused quartz devices requires accurate micromachining technology specialized for the material coupled with the material technology. This paper presents a transparent antenna comprising a thin mesh pattern on a quartz substrate for installation on a vehicle window. A comparison of distributed transparent antennas and an omnidirectional antenna shows that the relative received power of the distributed antenna system is higher than that of the omnidirectional antenna. In addition, results show that the power received is similar when using vertically and horizontally polarized antennas. The design is verified in a field test using transparent antennas on the windows of a real vehicle.

This paper proposes coded modulation for physical layer network coding in multiple input multiple output orthogonal frequency division multiplexing (MIMO-OFDM) bi-directional wireless relay systems where precoding is applied. The proposed coded modulation enables the relays to decode the received signals, which improves the transmission performance. Soft input decoding for the proposed coded modulation is proposed. Furthermore, we propose two precoder weight optimization techniques, called “per subcarrier weight optimization” and “total weight optimization”. This paper shows a precoder configuration based on the optimization with the lattice reduction or the sorted QR-decomposition. The performance of the proposed network coding is evaluated by computer simulation in a MIMO-OFDM two-hop wireless relay system with the 16 quadrature amplitude modulation (QAM) or the 256QAM. The proposed coded modulation attains a coding gain of about 2dB at the BER of 10-4. The total weight optimization achieves about 1dB better BER performance than the other at the BER of 10-4.

New boundary integral equations are proposed for two-port slab waveguides which satisfy single mode condition. The boundary integral equations are combined with the orthogonality of guided mode and non-guided field. They are solved by the standard boundary element method with no use of mode expansion technique. Reflection and transmission coefficients of guided mode are directly determined by the boundary element method. To validate the proposed method, step waveguides for TE wave incidence and triangular rib waveguides for TM wave incidence are investigated by numerical calculations.