Daiki OGAWA Koichi KOBAYASHI Yuh YAMASHITA
A blockchain, which is well known as one of the distributed ledgers, has attracted in many research fields. In this paper, we discuss the effectiveness and limitation of a blockchain in distributed optimization. In distributed optimization, the original problem is decomposed, and the local problems are solved by multiple agents. In this paper, ADMM (Alternating Direction Method of Multipliers) is utilized as one of the powerful methods in distributed optimization. In ADMM, an aggregator is basically required for collecting the computation result in each agent. Using blockchains, the function of an aggregator can be contained in a distributed ledger, and an aggregator may not be required. As a result, tampering from attackers can be prevented. As an application, we consider energy management systems (EMSs). By numerical experiments, the effectiveness and limitation of blockchain-based distributed optimization are clarified.
Yuji KOIKE Takuya HAYASHI Jun KURIHARA Takanori ISOBE
Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and Trusted Platform Module (TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.
Kosei SAKAMOTO Kazuhiko MINEMATSU Nao SHIBATA Maki SHIGERI Hiroyasu KUBO Yuki FUNABIKI Andrey BOGDANOV Sumio MORIOKA Takanori ISOBE
Tweakable block cipher (TBC) is an extension of conventional block cipher. We study how to build a TBC based on generalized Feistel structure (GFS), a classical block cipher construction. While known dedicated TBC proposals are based on substitution-permutation network (SPN), GFS has not been used for building TBC. In particular, we take 64-bit GFS block cipher TWINE and try to make it tweakable with a minimum change. To find a best one from a large number of candidates, we performed a comprehensive search with a help of mixed integer linear programming (MILP) solver. As a result, our proposal TWINE is quite efficient, has the same number of rounds as TWINE with extremely simple tweak schedule.
The injection locking properties of rotary dissipative solitons developed in a closed traveling-wave field-effect transistor (TWFET) are examined. A TWFET can support the waveform-invariant propagation of solitary pulses called dissipative solitons (DS) by balancing dispersion, nonlinearity, dissipation, and field-effect transistor gain. Applying sinusoidal signals to the closed TWFET assumes the injection-locked behavior of the rotary DS; the solitons' velocity is autonomously tuned to match the rotation and external frequencies. This study clarifies the qualitative properties of injection-locked DS using numerical and experimental approaches.
Yoshihide KOMATSU Akinori SHINMYO Mayuko FUJITA Tsuyoshi HIRAKI Kouichi FUKUDA Noriyuki MIURA Makoto NAGATA
With increasing technology scaling and the use of lower voltages, more research interest is being shown in variability-tolerant analog front end design. In this paper, we describe an adaptive amplitude control transmitter that is operated using differential signaling to reduce the temperature variability effect. It enables low power, low voltage operation by synergy between adaptive amplitude control and Vth temperature variation control. It is suitable for high-speed interface applications, particularly cable interfaces. By installing an aggressor circuit to estimate transmitter jitter and changing its frequency and activation rate, we were able to analyze the effects of the interface block on the input buffer and thence on the entire system. We also report a detailed estimation of the receiver clock-data recovery (CDR) operation for transmitter jitter estimation. These investigations provide suggestions for widening the eye opening of the transmitter.
Toshio CHIYOJIMA Akihiro ODA Go ISHIWATA Kazuhiro TAKAYA Yasushi MATSUMOTO
A method of determining emission limits was studied by using the amplitude probability distribution (APD) for low-probability pulsed electromagnetic disturbances due to discharge. The features of this method are 1) without using the previously reported relationship between APD and bit error rate, the limits are derived using the measured impact of a pulsed disturbance on various wireless communication systems having different bandwidths, and 2) disturbances caused by discharge with poor reproducibility are simulated by regularly repeated pulse-modulated sine waves to enable stable evaluation of the communication quality. APD-based limits are determined from the pulse repetition frequency of the simulated disturbance such that the block error rate (BLER) is less than a certain limit in wireless systems that are most sensitive to the pulsed disturbance. In the international standard CISPR 32 regulating electromagnetic disturbance, radiated disturbance due to discharge is excluded from the application of peak detection limits because of its low occurrence probability. In this paper we quantitatively determine appropriate criteria of the probability for the exclusion. Using the method, we measured the impact of low-probability pulsed interference on major wireless systems and found that GSM and Wi-Fi systems were the most sensitive. New APD-based limits were derived on the basis of these findings. The APD-based limits determined by the proposed method enable a valid evaluation of low-occurrence-probability pulsed disturbances without unconditionally excluding the measurement.
Shin MORISHIMA Hiroki MATSUTANI
Blockchain is a distributed ledger system composed of a P2P network and is used for a wide range of applications, such as international remittance, inter-individual transactions, and asset conservation. In Blockchain systems, tamper resistance is enhanced by the property of transaction that cannot be changed or deleted by everyone including the creator of the transaction. However, this property also becomes a problem that unintended transaction created by miss operation or secret key theft cannot be corrected later. Due to this problem, once an illegal transaction such as theft occurs, the damage will expand. To suppress the damage, we need countermeasures, such as detecting illegal transaction at high speed and correcting the transaction before approval. However, anomaly detection in the Blockchain at high speed is computationally heavy, because we need to repeat the detection process using various feature quantities and the feature extractions become overhead. In this paper, to accelerate anomaly detection, we propose to cache transaction information necessary for extracting feature in GPU device memory and perform both feature extraction and anomaly detection in the GPU. We also propose a conditional feature extraction method to reduce computation cost of anomaly detection. We employ anomaly detection using K-means algorithm based on the conditional features. When the number of users is one million and the number of transactions is 100 millions, our proposed method achieves 8.6 times faster than CPU processing method and 2.6 times faster than GPU processing method that does not perform feature extraction on the GPU. In addition, the conditional feature extraction method achieves 1.7 times faster than the unconditional method when the number of users satisfying a given condition is 200 thousands out of one million.
Takanori ISOBE Kyoji SHIBUTANI
In this paper, we explore the security of single-key Even-Mansour ciphers against key-recovery attacks. First, we introduce a simple key-recovery attack using key relations on an n-bit r-round single-key Even-Mansour cipher (r-SEM). This attack is feasible with queries of DTr=O(2rn) and $2^{rac{2r}{r + 1}n}$ memory accesses, which is $2^{rac{1}{r + 1}n}$ times smaller than the previous generic attacks on r-SEM, where D and T are the number of queries to the encryption function EK and the internal permutation P, respectively. Next, we further reduce the time complexity of the key recovery attack on 2-SEM by a start-in-the-middle approach. This is the first attack that is more efficient than an exhaustive key search while keeping the query bound of DT2=O(22n). Finally, we leverage the start-in-the-middle approach to directly improve the previous attacks on 2-SEM by Dinur et al., which exploit t-way collisions of the underlying function. Our improved attacks do not keep the bound of DT2=O(22n), but are the most time-efficient attacks among the existing ones. For n=64, 128 and 256, our attack is feasible with the time complexity of about $2^{n} cdot rac{1}{2 n}$ in the chosen-plaintext model, while Dinur et al.'s attack requires $2^{n} cdot rac{{ m log}(n)}{ n} $ in the known-plaintext model.
Songlin DU Zhe WANG Takeshi IKENAGA
High frame rate and ultra-low delay matching system plays an increasingly important role in human-machine interactions, because it guarantees high-quality experiences for users. Existing image matching algorithms always generate mismatches which heavily weaken the performance the human-machine-interactive systems. Although many mismatch removal algorithms have been proposed, few of them achieve real-time speed with high frame rate and low delay, because of complicated arithmetic operations and iterations. This paper proposes a temporal constraints and block weighting judgement based high frame rate and ultra-low delay mismatch removal system. The proposed method is based on two temporal constraints (proposal #1 and proposal #2) to firstly find some true matches, and uses these true matches to generate block weighting (proposal #3). Proposal #1 finds out some correct matches through checking a triangle route formed by three adjacent frames. Proposal #2 further reduces mismatch risk by adding one more time of matching with opposite matching direction. Finally, proposal #3 distinguishes the unverified matches to be correct or incorrect through weighting of each block. Software experiments show that the proposed mismatch removal system achieves state-of-the-art accuracy in mismatch removal. Hardware experiments indicate that the designed image processing core successfully achieves real-time processing of 784fps VGA (640×480 pixels/frame) video on field programmable gate array (FPGA), with a delay of 0.858 ms/frame.
Zhi LIU Mengjun DONG Mengmeng ZHANG
In the upcoming video coding standard VVC (Versatile Video Coding, H.266), a new coding block structure named quadtree nested multi-type trees (MTT) has been proposed. Compared with the quadtree structure defined in HEVC (High Efficiency Video Coding), the partition structure of MTT can achieve better coding performance. Since the splitting scheme of a CU (Coding Unit) need to be calculated recursively, the computational complexity is significantly increased. To reduce computational complexity as well as maintain compression performance, a fast multi-type tree decision algorithm is proposed. The application of binary and ternary tree in horizontal or vertical direction is found to be closely related to the characteristics of CU in this paper, and a metric named pixel difference of sub-blocks (SBPD) is defined to measure the characteristics of CU in different splitting type. By comparing the SBPD in horizontal and vertical sub-blocks, the selection of binary and ternary tree can be decided in advance, so as to skip some redundant splitting modes. Experimental results show that compared with the original reference software VTM 4.0, the average time saving of the proposed algorithm is 27% and the BD-rate is only increased by 0.55%.
Makoto MIYAGOSHI Hidekazu MURATA
The packet error rate (PER) performance of multi-hop STBC based cooperative and diversity relaying systems are studied. These systems consist of a source, a destination, and two relay stations in each hop. From in-lab experiments, it is confirmed that the cooperative relaying system has better PER performance than the diversity relaying system with highly correlated channels.
This letter reveals that an edge-triggered master-slave flip-flop (FF) using well-known soft error tolerant DICE (dual interlocked storage cell) is vulnerable to soft errors occurring around clock edge. This letter presents a design of a soft error tolerant FF based on the master-slave FF using DICE. The proposed design modifies the connection between the master and slave latches to make the FF not vulnerable to these errors. The hardware overhead is almost the same as that for the original edge-triggered FF using the DICE.
This paper proposes a simple source data exchange method for channel switching in space-time block code. If one transmits source data on another antenna, then the receiver should change combining method in order to adapt it. No one except knowing the channel switching sequence can decode the received data correctly. In case of exchanging data for channel switching, four orthogonal frequency division multiplexing symbols are exchanged according to a format of space-time block code. In this paper, I proposes two simple sign exchanges without exchanging four orthogonal-frequency division multiplexing symbols which occurs a different combining and channel switching method in the receiver.
Yoshinao MIZUGAKI Makoto MORIBAYASHI Tomoki YAGAI Masataka MORIYA Hiroshi SHIMADA Ayumi HIRANO-IWATA Fumihiko HIROSE
Gold nanoparticles (GNPs) are often used as island electrodes of single-electron (SE) devices. One of technical challenges in fabrication of SE devices with GNPs is the placement of GNPs in a nanogap between two lead electrodes. Utilization of dielectrophoresis (DEP) phenomena is one of possible solutions for this challenge, whereas the fabrication process with DEP includes stochastic aspects. In this brief paper, we present our experimental results on electric resistance of GNP arrays assembled by DEP. More than 300 pairs of electrodes were investigated under various DEP conditions by trial and error approach. We evaluated the relationship between the DEP conditions and the electric resistance of assembled GNP arrays, which would indicate possible DEP conditions for fabrication of SE devices.
Wenjuan LI Weizhi MENG Zhiqiang LIU Man-Ho AU
Software-Defined Networking (SDN) enables flexible deployment and innovation of new networking applications by decoupling and abstracting the control and data planes. It has radically changed the concept and way of building and managing networked systems, and reduced the barriers to entry for new players in the service markets. It is considered to be a promising solution providing the scale and versatility necessary for IoT. However, SDN may also face many challenges, i.e., the centralized control plane would be a single point of failure. With the advent of blockchain technology, blockchain-based SDN has become an emerging architecture for securing a distributed network environment. Motivated by this, in this work, we summarize the generic framework of blockchain-based SDN, discuss security challenges and relevant solutions, and provide insights on the future development in this field.
Toshihiro NIINOMI Hideki YAGI Shigeichi HIRASAWA
In decision feedback scheme, Forney's decision criterion (Forney's rule: FR) is optimal in the sense that the Neyman-Pearson's lemma is satisfied. Another prominent criterion called LR+Th was proposed by Hashimoto. Although LR+Th is suboptimal, its error exponent is shown to be asymptotically equivalent to that of FR by random coding arguments. In this paper, applying the technique of the DS2 bound, we derive an upper bound for the error probability of LR+Th for the ensemble of linear block codes. Then we can observe the new bound from two significant points of view. First, since the DS2 type bound can be expressed by the average weight distribution whose code length is finite, we can compare the error probability of FR with that of LR+Th for the fixed-length code. Second, the new bound elucidates the relation between the random coding exponents of block codes and those of linear block codes.
Kosei SAKAMOTO Kazuhiko MINEMATSU Nao SHIBATA Maki SHIGERI Hiroyasu KUBO Yuki FUNABIKI Takanori ISOBE
In this paper, we revisit related-key security of TWINE block cipher with 80-bit and 128-bit keys. Using an MILP-aided automatic search algorithm, we point out the previous evaluation of TWINE with a 80-bit key is wrong, and give a corrected evaluation result. Besides, we show a first security evaluation of TWINE with a 128-bit key in the related-key setting, which was infeasible due to the high computation cost in the original proposal.
Ryuta KAWANO Ryota YASUDO Hiroki MATSUTANI Michihiro KOIBUCHI Hideharu AMANO
Recently proposed irregular networks can reduce the latency for both on-chip and off-chip systems with a large number of computing nodes and thus can improve the performance of parallel applications. However, these networks usually suffer from deadlocks in routing packets when using a naive minimal path routing algorithm. To solve this problem, we focus attention on a lately proposed theory that generalizes the turn model to maintain the network performance with deadlock-freedom. The theorems remain a challenge of applying themselves to arbitrary topologies including fully irregular networks. In this paper, we advance the theorems to completely general ones. Moreover, we provide a feasible implementation of a deadlock-free routing method based on our advanced theorem. Experimental results show that the routing method based on our proposed theorem can improve the network throughput by up to 138 % compared to a conventional deterministic minimal routing method. Moreover, when utilized as the escape path in Duato's protocol, it can improve the throughput by up to 26.3 % compared with the conventional up*/down* routing.
Yubo LI Kangquan LI Longjiang QU Chao LI
MDS transformation plays an important role in resisting against differential cryptanalysis (DC) and linear cryptanalysis (LC). Recently, M. Sajadieh, et al.[15] designed an efficient recursive diffusion layer with Feistel-like structures. Moreover, they obtained an MDS transformation which is related to a linear function and the inverse is as lightweight as itself. Based on this work, we consider one specific form of linear functions to get the diffusion layer with low XOR gates for the hardware implementation by using temporary registers. We give two criteria to reduce the construction space and obtain six new classes of lightweight MDS transformations. Some of our constructions with one bundle-based LFSRs have as low XOR gates as previous best known results. We expect that these results may supply more choices for the design of MDS transformations in the (lightweight) block cipher algorithm.
Yuki FUNABIKI Yosuke TODO Takanori ISOBE Masakatu MORII
HIGHT is a 64-bit block lightweight cipher, which adopts the ARX-based generalized Feistel network, and it accepts a 128-bit key. It is a standard encryption algorithm in South Korea and also is internationally standardized by ISO/IEC 18033-3. Therefore, many third-party cryptanalyses have been proposed against HIGHT. Impossible differential and integral attacks are applied to reduced-round HIGHT, and especially, the impossible differential attack causes the 27-round attack, which is the current best attack under the single-key setting. In this paper, we propose some improved integral attacks against HIGHT. We first apply the division property to HIGHT and find new 19-round integral characteristics, which are improved by two rounds compared with the previous best ones. We append 9-round key recovery to these characteristics and it enables us to attack 28-round HIGHT. Its time complexity is 2127.02 where 263 chosen plaintexts and 2117 memory are required. Moreover, we can attack 29-round HIGHT if the full codebook is used, where its time and memory complexities are 2126.07 and 2118, respectively. It improves by two rounds compared with the previous best attack.