The problem of Isomorphism of Polynomials (IP problem) is known to be important to study the security of multivariate public key cryptosystems, one of the major candidates of post-quantum cryptography, against key recovery attacks. In these years, several schemes based on the IP problem itself or its generalization have been proposed. At PQCrypto 2020, Santoso introduced a generalization of the problem of Isomorphism of Polynomials, called the problem of Blockwise Isomorphism of Polynomials (BIP problem), and proposed a new Diffie-Hellman type encryption scheme based on this problem with Circulant matrices (BIPC problem). Quite recently, Ikematsu et al. proposed an attack called the linear stack attack to recover an equivalent key of Santoso's encryption scheme. While this attack reduced the security of the scheme, it does not contribute to solving the BIPC problem itself. In the present paper, we describe how to solve the BIPC problem directly by simplifying the BIPC problem due to the conjugation property of circulant matrices. In fact, we experimentally solved the BIPC problem with the parameter, which has 256 bit security by Santoso's security analysis and has 72.7bit security against the linear stack attack, by about 10 minutes.
Natsuhito YOSHIMURA Masashi TAWADA Shu TANAKA Junya ARAI Satoshi YAGI Hiroyuki UCHIYAMA Nozomu TOGAWA
Ising machines have attracted attention as they are expected to solve combinatorial optimization problems at high speed with Ising models corresponding to those problems. An induced subgraph isomorphism problem is one of the decision problems, which determines whether a specific graph structure is included in a whole graph or not. The problem can be represented by equality constraints in the words of combinatorial optimization problem. By using the penalty functions corresponding to the equality constraints, we can utilize an Ising machine to the induced subgraph isomorphism problem. The induced subgraph isomorphism problem can be seen in many practical problems, for example, finding out a particular malicious circuit in a device or particular network structure of chemical bonds in a compound. However, due to the limitation of the number of spin variables in the current Ising machines, reducing the number of spin variables is a major concern. Here, we propose an efficient Ising model mapping method to solve the induced subgraph isomorphism problem by Ising machines. Our proposed method theoretically solves the induced subgraph isomorphism problem. Furthermore, the number of spin variables in the Ising model generated by our proposed method is theoretically smaller than that of the conventional method. Experimental results demonstrate that our proposed method can successfully solve the induced subgraph isomorphism problem by using the Ising-model based simulated annealing and a real Ising machine.
This paper proposes a method for searching for graphs in the database which are contained as subgraphs by a given query. In the proposed method, the search index does not require any knowledge of the query set or the frequent subgraph patterns. In conventional techniques, enumerating and selecting frequent subgraph patterns is computationally expensive, and the distribution of the query set must be known in advance. Subsequent changes to the query set require the frequent patterns to be selected again and the index to be reconstructed. The proposed method overcomes these difficulties through graph coding, using a tree structured index that contains infrequent subgraph patterns in the shallow part of the tree. By traversing this code tree, we are able to rapidly determine whether multiple graphs in the database contain subgraphs that match the query, producing a powerful pruning or filtering effect. Furthermore, the filtering and verification steps of the graph search can be conducted concurrently, rather than requiring separate algorithms. As the proposed method does not require the frequent subgraph patterns and the query set, it is significantly faster than previous techniques; this independence from the query set also means that there is no need to reconstruct the search index when the query set changes. A series of experiments using a real-world dataset demonstrate the efficiency of the proposed method, achieving a search speed several orders of magnitude faster than the previous best.
Naruki SASAGAWA Kentaro TANI Takashi IMAMURA Yoshinobu MAEDA
Reproducing quadruped locomotion from an engineering viewpoint is important not only to control robot locomotion but also to clarify the nonlinear mechanism for switching between locomotion patterns. In this paper, we reproduced a quadruped locomotion pattern, gallop, using a central pattern generator (CPG) hardware network based on the abelian group Z4×Z2, originally proposed by Golubitsky et al. We have already used the network to generate three locomotion patterns, walk, trot, and bound, by controlling the voltage, EMLR, inputted to all CPGs which acts as a signal from the midbrain locomotor region (MLR). In order to generate the gallop and canter patterns, we first analyzed the network symmetry using group theory. Based on the results of the group theory analysis, we desymmetrized the contralateral couplings of the CPG network using a new parameter in addition to EMLR, because, whereas the walk, trot, and bound patterns were able to be generated from the spatio-temporal symmetry of the product group Z4×Z2, the gallop and canter patterns were not. As a result, using a constant element $hat{kappa}$ on Z2, the gallop and canter locomotion patterns were generated by the network on ${f Z}_4+hat{kappa}{f Z}_4$, and actually in this paper, the gallop locomotion pattern was generated on the actual circuit.
The isomorphism of polynomials with two secret (IP2S) problem is one candidate of computational assumptions for post-quantum cryptography. The idea of identification scheme based on IP2S is firstly introduced in 1996 by Patarin. However, the scheme was not described concretely enough and no more details are provided on how to transcribe the idea into a real-world implementation. Moreover, the security of the scheme has not been formally proven and the originally proposed security parameters are no longer secure based on the most recent research. In this paper, we propose a concrete identification scheme based on IP2S with the idea of Patarin as the starting point. We provide formal security proof of the proposed scheme against impersonation under passive attack, sequential active attack, and concurrent active attack. We also propose techniques to reduce the implementation cost such that we are able to cut the storage cost and average communication cost to an extent that under parameters for the standard 80-bit security, the scheme is implementable even on the lightweight devices in the current market.
Shohei KAMAMURA Aki FUKUDA Rie HAYASHI Yoshihiko UEMATSU
This paper proposes a regulated transport network design algorithm for IP over a dense wavelength division multiplex (DWDM) network. When designing an IP over DWDM network, the network operator should consider not only cost-effectiveness and physical constraints such as wavelength colors and chromatic dispersion but also operational policies such as resilience, quality, stability, and operability. For considering the above polices, we propose to separate the network design algorithm based on a geographical resolution; the policy-based regulated intra-area is designed based on this resolution, and the cost-optimal inter-area is then designed separately, and finally merged. This approach does not necessarily yield a strict optimal solution, but it covers network design work done by humans, which takes a vast amount of time and requires a high skill level. For efficient geographical resolution, we also present fast graph mining algorithm, which can solve NP-hard subgraph isomorphism problem within the practical time. We prove the sufficiency of the resulting network design for the above polices by visualizing the topology, and also prove that the penalty of applying the approach is trivial.
Biphase periodic sequences having elements +1 or -1 with the two-level autocorrelation function are desirable in communications and radars. However, in case of the biphase orthogonal periodic sequences, Turyn has conjectured that there exist only sequences with period 4, i.e., there exist the circulant Hadamard matrices for order 4 only. In this paper, it is described that the conjecture is proved to be true by means of the isomorphic mapping, the Chinese remainder theorem, the linear algebra, etc.
The complexity of the graph isomorphism problem for trapezoid graphs has been open over a decade. This paper shows that the problem is GI-complete. More precisely, we show that the graph isomorphism problem is GI-complete for comparability graphs of partially ordered sets with interval dimension 2 and height 3. In contrast, the problem is known to be solvable in polynomial time for comparability graphs of partially ordered sets with interval dimension at most 2 and height at most 2.
Tomoki IMADA Hiroshi NAGAMOCHI
Let G be a connected graph in which we designate a vertex or a block (a biconnected component) as the center of G. For each cut-vertex v, let Gv be the connected subgraph induced from G by v and the vertices that will be separated from the center by removal of v, where v is designated as the root of Gv. We consider the set R of all such rooted subgraphs in G, and assign an integer, called an index, to each of the subgraphs so that two rooted subgraphs in R receive the same indices if and only if they are isomorphic under the constraint that their roots correspond each other. In this paper, assuming a procedure for computing a signature of each graph in a class
Anish Man Singh SHRESTHA Asahi TAKAOKA Satoshi TAYU Shuichi UENO
The logic mapping problem and the problem of finding a largest sub-crossbar with no defects in a nano-crossbar with nonprogrammable-crosspoint defects and disconnected-wire defects are known to be NP-hard. This paper shows that for nano-crossbars with only disconnected-wire defects, the former remains NP-hard, while the latter can be solved in polynomial time.
Shingo HASEGAWA Hiroyuki HATANAKA Shuji ISOBE Eisuke KOIZUMI Hiroki SHIZUYA
This paper studies a method for transforming ordinary cryptographic primitives to new harder primitives. Such a method is expected to lead to general schemes that make present cryptosystems secure against the attack of quantum computers. We propose a general technique to construct a new function from an ordinary primitive function f with a help of another hard function g so that the resulting function is to be new hard primitives. We call this technique a lifting of f by g. We show that the lifted function is harder than original functions under some simple conditions.
It is known that any chordal graph can be uniquely decomposed into simplicial components. Based on this fact, it is shown that for a given chordal graph, its automorphism group can be computed in O((c!n)O(1)) time, where c denotes the maximum size of simplicial components and n denotes the number of nodes. It is also shown that isomorphism of those chordal graphs can be decided within the same time bound. From the viewpoint of polynomial-time computability, our result strictly strengthens the previous ones respecting the clique number.
Atsushi SASAKI Tadashi ARARAGI Shigeru MASUYAMA Keizo MIYATA
We formally define the mobile agent allocation problem from a system-wide viewpoint and then prove that it is strongly NP-complete even if each agent communicates only with two agents. This is the first formal definition for scheduling mobile agents from the viewpoint of load balancing, which enables us to discuss its properties on a rigorous basis. The problem is recognized as preemptive scheduling with independent tasks that require mutual communication. The result implies that almost all subproblems of mobile agent allocation, which require mutual communication of agents, are strongly NP-complete.
Isogeny for elliptic curve cryptosystems was initially used for efficient improvement of order counting methods. Recently, Smart proposed a countermeasure using isogeny for resisting a refined differential power analysis by Goubin (Goubin's attack). In this paper, we examine a countermeasure using isogeny against zero-value point (ZVP) attack that is generalization of Goubin's attack. We show that some curves require higher order of isogeny to prevent ZVP attack. Moreover, we prove that the class of curves that satisfies (-3/p) = 1 and whose order is odd cannot be mapped by isogeny to curves with a = -3 and secure against ZVP attack. We point out that three SECG curves are in this class. In the addition, we compare some efficient algorithms that are secure against both Goubin's attack and ZVP attack, and present the most efficient method of computing a scalar multiplication for each curve from SECG. Finally, we discuss another improvement for an efficient scalar multiplication, namely the usage of a point (0,y) for a base point of curve parameters. We are able to improve about 11% for double-and-add-always method, when the point (0,y) exists in an underlying curve or its isogeny.
In this paper, we study the following problem: given two graphs G, H and an isomorphism φ between an induced subgraph of G and an induced subgraph of H, compute the number of isomorphisms between G and H that do not contradict φ. We show that this problem can be solved in O(((k+1)(k+1)!)2n3) time when the input graphs are restricted to chordal graphs with clique number at most k+1. To prove this, we first show that the tree model of a chordal graph can be uniquely constructed in O(n3) time except for the ordering of children of each node. Then, we show that the number of φ-isomorphisms between G and H can be efficiently computed by use of the tree model.
In this paper, we propose a mathematical model for one-dimensional finite linear cellular automata and show connections between our model and the classical one. We then demonstrate, through some examples, that our model is a useful tool for analyzing one-dimensional finite linear cellular automata. We also extend this model to the D-dimensional case and give an algebraic characterization for it.
We formalize a model of "demonstration of program result-correctness," and investigate how to prove this fact against possible adversaries, which naturally extends Blum's theory of program checking by adding zero-knowledge requirements. The zero-knowledge requirements are universal for yes and no instances alike.
Efficient content-based retrieval of complex images is a challenging task since the detected object may appear in various scale, rotation and orientation with a wide variety of background colors and forms. In this paper, we propose a novel representation of objects with multiple colors, the spatial neighborhood-adjacency graph(SNAG), which can serve as a basis for detecting object by color contents from the candidate image. The SNAG consists of a set of main-vertices and two sets of edges. Each main-vertex represents a single color region of multi-colored object, and edges are divided into two classes: Neighborhood edges representing neighborhood relationship between two main-vertices with similar color, and adjacency edges representing adjacency relationship between a main-vertex and another vertex with different color. By investigating whether SNAG of object image is an isomorphic subgraph of SNAG of a candidate image, we can determine whether the similar object exists in the candidate image. In addition, we have also applied the proposed approach to a range of different object detection problems involving complex background, and effectiveness has been proved.
Kazuo TORAICHI Takahiko HORIUCHI
In order to realize a continuous-time system model in digital computers, we must construct a discrete-time system model simulating the continuous-time processes in some characteristic aspect. Though many discretization methods have been proposed, they do not necessarily provide a discrete-time system in which input, state and output are identical with the sampled values of the original continuous-time system. The isomorphism discretization that all of the input, state and output of a continuous-time system can be recovered from the corresponding discrete-time system is crucial for our analysis. This paper aims at guaranteeing the isomorphism between a continuous- and a discrete-time system models (fluency system model) which were proposed by the authors. The isomorphism of input space had been already shown in the previous works by one of the authors. In this paper, by showing the isomorphism of the state function and output spaces, the aim will be achieved.
This paper presents a linear time algorithm for testing whether or not there is a path