We consider Feistel ciphers instantiated with tweakable block ciphers (TBCs) and ideal ciphers (ICs). The indistinguishability security of the TBC-based Feistel cipher is known, and the indifferentiability security of the IC-based Feistel cipher is also known, where independently keyed TBCs and independent ICs are assumed. In this paper, we analyze the security of a single-keyed TBC-based Feistel cipher and a single IC-based Feistel cipher. We characterize the security depending on the number of rounds. More precisely, we cover the case of contracting Feistel ciphers that have d ≥ 2 lines, and the results on Feistel ciphers are obtained as a special case by setting d = 2. Our indistinguishability security analysis shows that it is provably secure with d + 1 rounds. Our indifferentiability result shows that, regardless of the number of rounds, it cannot be secure. Our attacks are a type of a slide attack, and we consider a structure that uses a round constant, which is a well-known countermeasure against slide attacks. We show an indifferentiability attack for the case d = 2 and 3 rounds.
Xiaofan LI Bin DENG Qiang FU Hongqiang WANG
The ideal point scattering model requires that each scattering center is isotropic, the position of the scattering center corresponding to the target remains unchanged, and the backscattering amplitude and phase of the target do not change with the incident frequency and incident azimuth. In fact, these conditions of the ideal point scattering model are difficult to meet, and the scattering models are not ideal in most cases. In order to understand the difference between non-ideal scattering center and ideal scattering center, this paper takes a metal plate as the research object, carries out two-dimensional imaging of the metal plate, compares the difference between the imaging position and the theoretical target position, and compares the shape of the scattering center obtained from two-dimensional imaging of the plate from different angles. From the experimental results, the offset between the scattering center position and the theoretical target position corresponding to the two-dimensional imaging of the plate under the non-ideal point scattering model is less than the range resolution and azimuth resolution. The deviation between the small angle two-dimensional imaging position and the theoretical target position using the ideal point scattering model is small, and the ideal point scattering model is still suitable for the two-dimensional imaging of the plate. In the imaging process, the ratio of range resolution and azimuth resolution affects the shape of the scattering center. The range resolution is equal to the azimuth resolution, the shape of the scattering center is circular; the range resolution is not equal to the azimuth resolution, and the shape of the scattering center is elliptic. In order to obtain more accurate two-dimensional image, the appropriate range resolution and azimuth resolution can be considered when using the ideal point scattering model for two-dimensional imaging. The two-dimensional imaging results of the plate at different azimuth and angle can be used as a reference for the study of non-ideal point scattering model.
Tomoka TAKAHASHI Shinya OKUMURA Atsuko MIYAJI
The recent decision by the National Institute of Standards and Technology (NIST) to standardize lattice-based cryptography has further increased the demand for security analysis. The Ring-Learning with Error (Ring-LWE) problem is a mathematical problem that constitutes such lattice cryptosystems. It has many algebraic properties because it is considered in the ring of integers, R, of a number field, K. These algebraic properties make the Ring-LWE based schemes efficient, although some of them are also used for attacks. When the modulus, q, is unramified in K, it is known that the Ring-LWE problem, to determine the secret information s ∈ R/qR, can be solved by determining s (mod q) ∈ Fqf for all prime ideals q lying over q. The χ2-attack determines s (mod q) ∈Fqf using chi-square tests over R/q ≅ Fqf. The χ2-attack is improved in the special case where the residue degree f is two, which is called the two-residue-degree χ2-attack. In this paper, we extend the two-residue-degree χ2-attack to the attack that works efficiently for any residue degree. As a result, the attack time against a vulnerable field using our proposed attack with parameter (q,f)=(67, 3) was 129 seconds on a standard PC. We also evaluate the vulnerability of the two-power cyclotomic fields.
We introduce a new type of exponentiation algorithm in GF(2m) using Euclidean inversion. Our approach is based on the fact that Euclidean inversion cost much less logic gates than ordinary multiplication in GF(2m). By applying signed binary form of the exponent instead of classic binary form, the proposed algorithm can reduce the number of operations further compared with the classic algorithms.
Caixia CAI Wenyang GAN Han HAI Fengde JIA
In this paper, to improve communication system's energy-efficiency (EE), multi-case optimization of two new transmission strategies is investigated. Firstly, with amplify-and-forward relaying and full-duplex technique, two new transmission strategies are designed. The designed transmission strategies consider direct links and non-ideal transmission conditions. At the same time, detailed capacity and energy consumption analyses of the designed transmission strategies are given. In addition, EE optimization and analysis of the designed transmission strategies are studied. It is the first case of EE optimization and it is achieved by joint optimization of transmit time (TT) and transmit power (TP). Furthermore, the second and third cases of EE optimization with respectively optimizing TT and TP are given. Simulations reveal that the designed transmission strategies can effectively improve the communication system's EE.
Shoichi HIROSE Hidenori KUWAKADO Hirotaka YOSHIDA
Hirose, Kuwakado and Yoshida proposed a nonce-based authenticated encryption scheme Lae0 based on Lesamnta-LW in 2019. Lesamnta-LW is a block-cipher-based iterated hash function included in the ISO/IEC 29192-5 lightweight hash-function standard. They also showed that Lae0 satisfies both privacy and authenticity if the underlying block cipher is a pseudorandom permutation. Unfortunately, their result implies only about 64-bit security for instantiation with the dedicated block cipher of Lesamnta-LW. In this paper, we analyze the security of Lae0 in the ideal cipher model. Our result implies about 120-bit security for instantiation with the block cipher of Lesamnta-LW.
Chihiro MORI Miyu NAKABAYASHI Mamoru SAWAHASHI Teruo KAWAMURA Nobuhiko MIKI
This paper presents the average block error rate (BLER) performance of circular 32QAM and 64QAM schemes employing a frequency domain equalizer (FDE) for discrete Fourier transform (DFT)-precoded orthogonal frequency division multiplexing (OFDM) in multipath Rayleigh fading channels. The circular QAM scheme has an advantageous feature in that the fluctuation in the amplitude component is smaller than that for the cross or rectangular QAM scheme. Hence, focusing on the actual received signal-to-noise power ratio (SNR) taking into account a realistic peak-to-average power ratio (PAPR) measure called the cubic metric (CM), we compare the average BLER of the circular 32QAM and 64QAM schemes with those of cross 32QAM and rectangular 64QAM schemes, respectively. We investigate the theoretical throughput of various circular 32QAM and 64QAM schemes based on mutual information from the viewpoint of the minimum Euclidean distance. Link-level simulation results show that the circular 32QAM and 64QAM schemes with independent bit mapping for the phase and amplitude modulations achieves a lower required average received SNR considering the CM than that with the minimum Euclidean distance but with composite mapping of the phase and amplitude modulations. Through extensive link-level simulations, we show the potential benefit of the circular 32QAM and 64QAM schemes in terms of reducing the required average received SNR considering the CM that satisfies the target average BLER compared to the cross 32QAM or rectangular 64QAM scheme.
Shoichi HIROSE Yu SASAKI Hirotaka YOSHIDA
We revisit the design of Lesamnta-LW, which is one of the three lightweight hash functions specified in ISO/IEC 29192-5:2016. Firstly, we present some updates on the bounds of the number of active S-boxes for the underlying 64-round block cipher. While the designers showed that the Viterbi algorithm ensured 24 active S-boxes after 24 rounds, our tool based on Mixed Integer Linear Programming (MILP) in the framework of Mouha et al. ensures the same number of active S-boxes only after 18 rounds. The tool completely evaluates the tight bound of the number of active S-boxes, and it shows that the bound is 103 for full (64) rounds. We also analyze security of the Shuffle operation in the round function and resistance against linear cryptanalysis. Secondly, we present a new mode for a pseudorandom function (PRF) based on Lesamnta-LW. It is twice as efficient as the previous PRF modes based on Lesamnta-LW. We prove its security both in the standard model and the ideal cipher model.
Shintaro NARISADA Hiroki OKADA Kazuhide FUKUSHIMA Shinsaku KIYOMOTO
The hardness in solving the shortest vector problem (SVP) is a fundamental assumption for the security of lattice-based cryptographic algorithms. In 2010, Micciancio and Voulgaris proposed an algorithm named the Gauss Sieve, which is a fast and heuristic algorithm for solving the SVP. Schneider presented another algorithm named the Ideal Gauss Sieve in 2011, which is applicable to a special class of lattices, called ideal lattices. The Ideal Gauss Sieve speeds up the Gauss Sieve by using some properties of the ideal lattices. However, the algorithm is applicable only if the dimension of the ideal lattice n is a power of two or n+1 is a prime. Ishiguro et al. proposed an extension to the Ideal Gauss Sieve algorithm in 2014, which is applicable only if the prime factor of n is 2 or 3. In this paper, we first generalize the dimensions that can be applied to the ideal lattice properties to when the prime factor of n is derived from 2, p or q for two primes p and q. To the best of our knowledge, no algorithm using ideal lattice properties has been proposed so far with dimensions such as: 20, 44, 80, 84, and 92. Then we present an algorithm that speeds up the Gauss Sieve for these dimensions. Our experiments show that our proposed algorithm is 10 times faster than the original Gauss Sieve in solving an 80-dimensional SVP problem. Moreover, we propose a rotation-based Gauss Sieve that is approximately 1.5 times faster than the Ideal Gauss Sieve.
In this paper, we propose a novel single-template strategy based on a mean template set and locally/globally weighted dynamic time warping (LG-DTW) to improve the performance of online signature verification. Specifically, in the enrollment phase, we implement a time series averaging method, Euclidean barycenter-based DTW barycenter averaging, to obtain a mean template set considering intra-user variability among reference samples. Then, we acquire a local weighting estimate considering a local stability sequence that is obtained analyzing multiple matching points of an optimal match between the mean template and reference sets. Thereafter, we derive a global weighting estimate based on the variable importance estimated by gradient boosting. Finally, in the verification phase, we apply both local and global weighting methods to acquire a discriminative LG-DTW distance between the mean template set and a query sample. Experimental results obtained on the public SVC2004 Task2 and MCYT-100 signature datasets confirm the effectiveness of the proposed method for online signature verification.
Difference systems of sets (DSSs) introduced by Levenstein are combinatorial structures used to construct comma-free codes for synchronization. In this letter, two classes of optimal DSSs are presented. One class is obtained based on q-ary ideal sequences with d-form property and difference-balanced property. The other class of optimal and perfect DSSs is derived from perfect ternary sequences given by Ipatov in 1995. Compared with known constructions (Zhou, Tang, Optimal and perfect difference systems of sets from q-ary sequences with difference-balanced property, Des. Codes Cryptography, 57(2), 215-223, 2010), the proposed DSSs lead to comma-free codes with nonzero code rate.
Jian WU Xiaomei TANG Zengjun LIU Baiyu LI Feixue WANG
The major weakness of global navigation satellite system receivers is their vulnerability to intentional and unintentional interference. Frequency domain interference suppression (FDIS) technology is one of the most useful countermeasures. The pseudo-range measurement is unbiased after FDIS filtering given an ideal analog channel. However, with the influence of the analog modules used in RF front-end, the amplitude response and phase response of the channel equivalent filter are non-ideal, which bias the pseudo-range measurement after FDIS filtering and the bias varies along with the frequency of the interference. This paper proposes an unbiased interference suppression method based on signal estimation and spectrum compensation. The core idea is to use the parameters calculated from the tracking loop to estimate and reconstruct the desired signal. The estimated signal is filtered by the equivalent filter of actual channel, then it is used for compensating the spectrum loss caused by the FDIS method in the frequency domain. Simulations show that the proposed algorithm can reduce the pseudo-range measurement bias significantly, even for channels with asymmetrical group delay and multiple interference sources at any location.
Richard Hsin-Hsyong YANG Chia-Kun LEE Shiunn-Jang CHERN
Continuous phase modulation (CPM) is a very attractive digital modulation scheme, with constant envelope feature and high efficiency in meeting the power and bandwidth requirements. CPM signals with pairs of input sequences that differ in an infinite number of positions and map into pairs of transmitted signals with finite Euclidean distance (ED) are called catastrophic. In the CPM scheme, data sequences that have the catastrophic property are called the catastrophic sequences; they are periodic difference data patterns. The catastrophic sequences are usually with shorter length of the merger. The corresponding minimum normalized squared ED (MNSED) is smaller and below the distance bound. Two important CPM schemes, viz., LREC and LRC schemes, are known to be catastrophic for most cases; they have poor overall power and bandwidth performance. In the literatures, it has been shown that the probability of generating such catastrophic sequences are negligible, therefore, the asymptotic error performance (AEP) of those well-known catastrophic CPM schemes evaluated with the corresponding MNSED, over AWGN channels, might be too negative or pessimistic. To deal with this problem in AWGN channel, this paper presents a new split-merged MNSED and provide criteria to explore which conventional catastrophic CPM scheme could increase the length of mergers with split-merged non-periodic events, effectively. For comparison, we investigate the exact power and bandwidth performance for LREC and LRC CPM for the same bandwidth occupancy. Computer simulation results verify that the AEP evaluating with the split-merged MNSED could achieve up to 3dB gain over the conventional approach.
Nan SHA Yuanyuan GAO Mingxi GUO Shijie WANG Kui XU
We consider a physical-layer network coding (PNC) scheme based on M-ary continuous phase frequency shift keying (M-CPFSK) modulation for a bidirectional relay network. In this scheme, the maximum-likelihood sequence detection (MLSD) algorithm for the relay receiver over Rayleigh fading channels is discussed. Moreover, an upper bound on the minimum Euclidean distance for the superimposed signals is analyzed and the corresponding lower bound for the average symbol error rate (SER) at the relay is derived. Numerical results are also sustained by simulations which corroborate the exactness of the theoretical analysis.
Xiumin SHEN Yanguo JIA Xiaofei SONG Yubo LI
In this paper, a new generalized cyclotomy over Zpq is presented based on cyclotomy and Chinese remainder theorem, where p and q are different odd primes. Several new construction methods for binary sequence pairs of period pq with ideal two-level correlation are given by utilizing these generalized cyclotomic classes. All the binary sequence pairs from our constructions have both ideal out-of-phase correlation values -1 and optimum balance property.
Takumi KIMURA Norikazu TAKAHASHI
Nonnegative Matrix Factorization (NMF) with sparseness and smoothness constraints has attracted increasing attention. When these properties are considered, NMF is usually formulated as an optimization problem in which a linear combination of an approximation error term and some regularization terms must be minimized under the constraint that the factor matrices are nonnegative. In this paper, we focus our attention on the error measure based on the Euclidean distance and propose a new iterative method for solving those optimization problems. The proposed method is based on the Hierarchical Alternating Least Squares (HALS) algorithm developed by Cichocki et al. We first present an example to show that the original HALS algorithm can increase the objective value. We then propose a new algorithm called the Gauss-Seidel HALS algorithm that decreases the objective value monotonically. We also prove that it has the global convergence property in the sense of Zangwill. We finally verify the effectiveness of the proposed algorithm through numerical experiments using synthetic and real data.
Yuji UNAGAMI Natsume MATSUZAKI Shota YAMADA Nuttapong ATTRAPADUNG Takahiro MATSUDA Goichiro HANAOKA
In this paper, we propose a similarity searchable encryption in the symmetric key setting for the weighted Euclidean distance, by extending the functional encryption scheme for inner product proposed by Bishop et al. [4]. Our scheme performs predetermined encoding independently of vectors x and y, and it obtains the weighted Euclidean distance between the two vectors while they remain encrypted.
A Reed-Solomon (RS) decoder is designed based on the pipelined recursive Euclidean algorithm in the key equation solution. While the Euclidean algorithm uses less Galois multipliers than the modified Euclidean (ME) and reformulated inversionless Berlekamp-Massey (RiBM) algorithms, division between two elements in Galois field is required. By implementing the division with a multi-cycle Galois inverter and a serial Galois multiplier, the proposed key equation solver architecture achieves lower complexity than the conventional ME and RiBM based architectures. The proposed RS (255,239) decoder reduces the hardware complexity by 25.9% with 6.5% increase in decoding latency.
Although many approaches about ideal channels have been proposed in previous researches, few authors considered the situation of nonideal communication links. In this paper, we study the problem of distributed decision fusion over nonideal channels by using the scan statistics. In order to obtain the fusion rule under nonideal channels, we set up the nonideal channels model with the modulation error, noise and signal attenuation. Under this model, we update the fusion rule by using the scan statstics. We firstly consider the fusion rule when sensors are distributed in grid, then derive the expressions of the detection probability and false alarm probability when sensors follow an uniform distribution. Extensive simulations are conducted in order to investigate the performance of our fusion rule and the influence of signal-noise ratio (SNR) on the detection and false alarm probability. These simulations show that the theoretical values of the global detection probability and the global false alarm probability are close to the experimental results, and the fusion rule also has high performance at the high SNR region. But there are some further researches need to do for solving the large computational complexity.
Guangteng FAN Xiaomei TANG Junwei NIE Yangbo HUANG Guangfu SUN
Global navigation satellite system (GNSS) receivers equipped with the frequency domain interference suppression (FDIS) filter can operate in environments with harsh interference. The FDIS will not cause tracking error bias for an ideal analog receiver channel as its magnitude response and phase response are constant. However, the analog receiver channel distortion is induced by RF cables, amplifiers, and mixers. The distortion of the channel caused asymmetry correlation function. The correlation function is further deformed by the FDIS filter. More seriously, since the FDIS filter is adaptive, the bias will vary with the jamming pattern, especially when the frequency of interference is varying. For precision navigation applications, this bias must be mitigated. Fortunately, to prevent power loss, the analog receiver channel filter is a real function or the imaginary part is negligible. Therefore, the magnitude response and the phase response are even functions. Based on these channel features, a new FDIS filter based on mirror frequency amplitude compensation (MFAC) method is proposed in this paper. The amplitude of the symmetry position of the notch frequency is doubled in the MFAC method in order to mitigate the tracking bias. Simulation results show that the MFAC-based FDIS method is capable of reducing the bias error to less than 0.1ns, which is significant smaller than that achieved by the traditional FDIS method.