Multivariate public key cryptosystems (MPKC) are constructed based on the problem of solving multivariate quadratic equations (MQ problem). Among various multivariate schemes, UOV is an important signature scheme since it is underlying some signature schemes such as MAYO, QR-UOV, and Rainbow which was a finalist of NIST PQC standardization project. To analyze the security of a multivariate scheme, it is necessary to analyze the first fall degree or solving degree for the system of polynomial equations used in specific attacks. It is known that the first fall degree or solving degree often relates to the Hilbert series of the ideal generated by the system. In this paper, we study the Hilbert series of the UOV scheme, and more specifically, we study the Hilbert series of ideals generated by quadratic polynomials used in the central map of UOV. In particular, we derive a prediction formula of the Hilbert series by using some experimental results. Moreover, we apply it to the analysis of the reconciliation attack for MAYO.

The multi-agent surveillance problem is to find optimal trajectories of multiple agents that patrol a given area as evenly as possible. In this paper, we consider the multi-agent surveillance problem based on travel cost minimization. The surveillance area is given by an undirected graph. The penalty for each agent is introduced to evaluate the surveillance performance. Through a mixed logical dynamical system model, the multi-agent surveillance problem is reduced to a mixed integer linear programming (MILP) problem. In model predictive control, trajectories of agents are generated by solving the MILP problem at each discrete time. Furthermore, a condition that the MILP problem is always feasible is derived based on the Chinese postman problem. Finally, the proposed method is demonstrated by a numerical example.

This paper introduces an inverter-based true random number generator (I-TRNG). It uses a single CMOS inverter to amplify thermal noise multiple times. An adaptive calibration mechanism based on clock tuning provides robust operation across a wide range of supply voltage 0.5∼1.1V and temperature -40∼140°C. An 8-bit Von-Neumann post-processing circuit (VN8W) is implemented for maximum raw entropy extraction. In a 130nm CMOS technology, the I-TRNG entropy source only occupies 635μm2 and consumes 0.016pJ/raw-bit at 0.6V. The I-TRNG occupies 13406μm2, including the entropy source, adaptive calibration circuit, and post-processing circuit. The minimum energy consumption of the I-TRNG is 1.38pJ/bit at 0.5V, while passing all NIST 800-22 and 800-90B tests. Moreover, an equivalent 15-year life at 0.7V, 25°C is confirmed by an accelerated NBTI aging test.

Authenticated Key Exchange (AKE) is a cryptographic protocol to share a common session key among multiple parties. Usually, PKI-based AKE schemes are designed to guarantee secrecy of the session key and mutual authentication. However, in practice, there are many cases where mutual authentication is undesirable such as in anonymous networks like Tor and Riffle, or difficult to achieve due to the certificate management at the user level such as the Internet. Goldberg et al. formulated a model of anonymous one-sided AKE which guarantees the anonymity of the client by allowing only the client to authenticate the server, and proposed a concrete scheme. However, existing anonymous one-sided AKE schemes are only known to be secure in the random oracle model. In this paper, we propose generic constructions of anonymous one-sided AKE in the random oracle model and in the standard model, respectively. Our constructions allow us to construct the first post-quantum anonymous one-sided AKE scheme from isogenies in the standard model.

Supersingular isogeny Diffie-Hellman (SIDH) is attractive for its relatively small public key size, but it is still unsatisfactory due to its efficiency, compared to other post-quantum proposals. In this paper, we focus on the performance of SIDH when the starting curve is E6 : y2 = x3 + 6x2 + x, which is fixed in Round-3 SIKE implementation. Inspired by previous works [1], [2], we present several tricks to accelerate key generation of SIDH and each process of SIKE. Our experimental results show that the performance of this work is at least 6.09% faster than that of the SIKE implementation, and we can further improve the performance when large storage is available.

This paper considers tracking of a non-cooperative emitter based on a single sensor. To this end, the direct target motion analysis (DTMA) approach, where the target state is straightforwardly achieved from the received signal, is exploited. In order to achieve observability, the sensor has to perform a maneuver relative to the emitter. By suitably building an approximated likelihood function, the unscented Kalman filter (UKF), which is able to work under high nonlinearity of the measurement model, is adopted to recursively estimate the target state. Besides, the posterior Cramér-Rao bound (PCRB) of DTMA, which can be used as performance benchmark, is also achieved. The effectiveness of proposed method is verified via simulation experiments.

The NIST post-quantum project intends to standardize cryptographic systems that are secure against attacks by both quantum and classical computers. One of these cryptographic systems is NewHope that is a RING-LWE based key exchange scheme. The NewHope Key Encapsulation Method (KEM) allows to establish an encapsulated (secret) key shared by two participants. This scheme defines a private key that is used to encipher a random shared secret and the private key enables the deciphering. This paper presents Fault Information Leakage attacks, using conventional personal computers, if the attacked participant, say Bob, reuses his public key. This assumption is not so strong since reusing the pair (secret, public) keys saves Bob's device computing cost when the public global parameter is not changed. With our result we can conclude that, to prevent leakage, Bob should not reuse his NewHope secret and public keys because Bob's secret key can be retrieved with only 2 communications. We also found that Bob's secret keys can be retrieved for NewHopeToy2, NewHopeToy1 and NewHopeLudicrous with 1, 2, and 3 communications, respectively.

Recently, machine learning approaches and user movement history analysis on mobile devices have attracted much attention. Generally, we need to apply text data into the word embedding tool for acquiring word vectors as the preprocessing of machine learning approaches. However, it is difficult for mobile devices to afford the huge cost of high-dimensional vector calculation. Thus, a low-cost user behavior and user movement history analysis approach should be considered. To address this issue, firstly, we convert the zip code and street house number into vectors instead of textual address information to reduce the cost of spatial vector calculation. Secondly, we propose a low-cost high-performance semantic and physical distance (real distance) calculation method that applied zip-code-based vectors. Finally, to verify the validity of our proposed method, we utilize the US zip code data to calculate both semantic and physical distances and compare their results with the previous method. The experimental results showed that our proposed method could significantly improve the performance of distance calculation and effectively control the cost to a low level.

Time of arrival (TOA) is a widely used wireless cellular network ranging technology. How to perform accurate TOA estimation in multi-path and non-line-of-sight (NLOS) environments and then accurately calculating mobile terminal locations are two critical issues in positioning research. NLOS identification can be performed in the TOA measurement part and the position calculation part. In this paper, for the above two steps, two schemes for mitigating NLOS errors are proposed. First, a TOA ranging method based on clustering theory is proposed to solve the problem of line-of-sight (LOS) path estimation in multi-path channels. We model the TOA range as a Gaussian mixture model and illustrate how LOS and NLOS can be measured and identified based on non-parametric Bayesian methods when the wireless transmission environment is unknown. Moreover, for NLOS propagation channels, this paper proposes a user location estimator based on the maximum a posteriori criterion. Combined with the TOA estimation and user location computation scheme proposed in this paper, the terminal's positioning accuracy is improved. Experiments showed that the TOA measurement and localization algorithms presented in this paper have good robustness in complex wireless environments.

Isogeny-based cryptography, such as commutative supersingular isogeny Diffie-Hellman (CSIDH), have been shown to be promising candidates for post-quantum cryptography. However, their speeds have remained unremarkable. This study focuses on computing odd-degree isogeny between Montgomery curves, which is a dominant computation in CSIDH. Our proposed “2-ADD-Skip method” technique reduces the required number of points to be computed during isogeny computation. A novel algorithm for isogeny computation is also proposed to efficiently utilize the 2-ADD-Skip method. Our proposed algorithm with the optimized parameter reduces computational cost by approximately 12% compared with the algorithm proposed by Meyer and Reith. Further, individual experiments for each degree of isogeny ℓ show that the proposed algorithm is the fastest for 19≤ℓ≤373 among previous studies focusing on isogeny computation including the Õ(√ℓ) algorithm proposed by Bernstein et al. The experimental results also show that the proposed algorithm achieves the fastest on CSIDH-512. For CSIDH-1024, the proposed algorithm is faster than the algorithm by Meyer and Reith although it is slower than the algorithm by Bernstein et al.

In this paper, we describe a post-processing technique having high extraction efficiency (ExE) for de-biasing and de-correlating a random bitstream generated by true random number generators (TRNGs). This research is based on the N-bit von Neumann (VN_N) post-processing method. It improves the ExE of the original von Neumann method close to the Shannon entropy bound by a large N value. However, as the N value increases, the mapping table complexity increases exponentially (2N), which makes VN_N unsuitable for low-power TRNGs. To overcome this problem, at the algorithm level, we propose a waiting strategy to achieve high ExE with a small N value. At the architectural level, a Hamming weight mapping-based hierarchical structure is used to reconstruct the large mapping table using smaller tables. The hierarchical structure also decreases the correlation factor in the raw bitstream. To develop a technique with high ExE and low cost, we designed and fabricated an 8-bit von Neumann with waiting strategy (VN_8W) in a 130-nm CMOS. The maximum ExE of VN_8W is 62.21%, which is 2.49 times larger than the ExE of the original von Neumann. NIST SP 800-22 randomness test results proved the de-biasing and de-correlation abilities of VN_8W. As compared with the state-of-the-art optimized 7-element iterated von Neumann, VN_8W achieved more than 20% energy reduction with higher ExE. At 0.45V and 1MHz, VN_8W achieved the minimum energy of 0.18pJ/bit, which was suitable for sub-pJ low energy TRNGs.

SPHINCS+ is a state-of-the-art post-quantum hash-based signature that is a candidate for the NIST post-quantum cryptography standard. For a target bit security, SPHINCS+ supports many different tradeoffs between the signature size and the signing speed. SPHINCS+ provides 6 parameter sets: 3 parameter sets for size optimization and 3 parameter sets for speed optimization. We propose new parameter sets with better performance. Specifically, SPHINCS+ implementations with our parameter sets are up to 26.5% faster with slightly shorter signature sizes.

The Topics over Time (TOT) model allows users to be aware of changes in certain topics over time. The proposed method inputs the divided dataset of security blog posts based on a fixed period using an overlap period to the TOT. The results suggest the extraction of topics that include malware and attack campaign names that are appropriate for the multi-labeling of cyber threat intelligence reports.

Recently, local features computed using convolutional neural networks (CNNs) show good performance to image retrieval. The local convolutional features obtained by the CNNs (LC features) are designed to be translation invariant, however, they are inherently sensitive to rotation perturbations. This leads to miss-judgements in retrieval tasks. In this work, our objective is to enhance the robustness of LC features against image rotation. To do this, we conduct a thorough experimental evaluation of three candidate anti-rotation strategies (in-model data augmentation, in-model feature augmentation, and post-model feature augmentation), over two kinds of rotation attack (dataset attack and query attack). In the training procedure, we implement a data augmentation protocol and network augmentation method. In the test procedure, we develop a local transformed convolutional (LTC) feature extraction method, and evaluate it over different network configurations. We end up a series of good practices with steady quantitative supports, which lead to the best strategy for computing LC features with high rotation invariance in image retrieval.

ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).

Multivariate public key cryptosystem (MPKC) is one of the major post quantum cryptosystems (PQC), and the National Institute of Standards and Technology (NIST) recently selected four MPKCs as candidates of their PQC. The security of MPKC depends on the hardness of solving systems of algebraic equations over finite fields. In particular, the multivariate quadratic (MQ) problem is that of solving such a system consisting of quadratic polynomials and is regarded as an important research subject in cryptography. In the Fukuoka MQ challenge project, the hardness of the MQ problem is discussed, and algorithms for solving the MQ problem and the computational results obtained by these algorithms are reported. Algorithms for computing Gröbner basis are used as the main tools for solving the MQ problem. For example, the F4 algorithm and M4GB algorithm have succeeded in solving many instances of the MQ problem provided by the project. In this paper, based on the F4-style algorithm, we present an efficient algorithm to solve the MQ problems with dense polynomials generated in the Fukuoka MQ challenge project. We experimentally show that our algorithm requires less computational time and memory for these MQ problems than the F4 algorithm and M4GB algorithm. We succeeded in solving Type II and III problems of Fukuoka MQ challenge using our algorithm when the number of variables was 37 in both problems.

We discuss herein whether an optical wireless communication (OWC) system can be a candidate for post 5G or 6G cellular communication. Almost once per decade, cellular mobile communication is transformed by a significant evolution, with each generation developing a distinctive concept or technology. Interestingly, similar trends have occurred in OWC systems based on visible light and light fidelity (Li-Fi). Unfortunately, OWC is currently relegated to a limited role in any 5G scenario, but the debate whether this is unavoidable has yet to be settled. Whether OWC is adopted post 5G or 6G is not the vital issue; rather, the aim should be that OWC coexists with 5G and 6G communication technologies. In working toward this goal, research and development in OWC will continue to extend its benefits and standardize its systems so that it can be widely deployed in the market. For example, given that a standard already exists for a visible-light beacon identifier and Li-Fi, a service using this standard should be developed to satisfy user demand. Toward this end, we propose herein a method for visible-light beacon identification that involves using a rolling shutter to receive visible-light communications with a smartphone camera. In addition, we introduce a rotary LED transmitter for image-sensor communication.

A quadratic extension field (QEF) defined by F1 = Fp[α]/(α2+1) is typically used for a supersingular isogeny Diffie-Hellman (SIDH). However, there exist other attractive QEFs Fi that result in a competitive or rather efficient performing the SIDH comparing with that of F1. To exploit these QEFs without a time-consuming computation of the initial setting, the authors propose to convert existing parameter sets defined over F1 to Fi by using an isomorphic map F1 → Fi.

Multi-cycle Test looks promising a way to reduce the test application time of POST (Power-on Self-Test) for achieving a targeted high fault coverage specified by ISO26262 for testing automotive devices. In this paper, we first analyze the mechanism of Stuck-at Fault Detection Degradation problem in multi-cycle test. Based on the result of our analysis we propose a novel solution named FF-Control Point Insertion technique (FF-CPI) to achieve the reduction of scan-in patterns by multi-cycle test. The FF-CPI technique modifies the captured values of scan Flip-Flops (FFs) during capture operation by directly reversing the value of partial FFs or loading random vectors. The FF-CPI technique enhances the number of detectable stuck-at faults under the capture patterns. The experimental results of ISCAS89 and ITC99 benchmarks validated the effectiveness of FF-CPI technique in scan-in pattern reduction for POST.

At ASIACRYPT 2018, Castryck, Lange, Martindale, Panny and Renes proposed CSIDH, which is a key-exchange protocol based on isogenies between elliptic curves, and a candidate for post-quantum cryptography. However, the implementation by Castryck et al. is not constant-time. Specifically, a part of the secret key could be recovered by the side-channel attacks. Recently, Meyer, Campos, and Reith proposed a constant-time implementation of CSIDH by introducing dummy isogenies and taking secret exponents only from intervals of non-negative integers. Their non-negative intervals make the calculation cost of their implementation of CSIDH twice that of the worst case of the standard (variable-time) implementation of CSIDH. In this paper, we propose a more efficient constant-time algorithm that takes secret exponents from intervals symmetric with respect to the zero. For using these intervals, we need to keep two torsion points on an elliptic curve and calculation for these points. We evaluate the costs of our implementation and that of Meyer et al. in terms of the number of operations on a finite prime field. Our evaluation shows that our constant-time implementation of CSIDH reduces the calculation cost by 28% compared with the implementation by Mayer et al. We also implemented our algorithm by extending the implementation in C of Meyer et al. (originally from Castryck et al.). Then our implementation achieved 152 million clock cycles, which is about 29% faster than that of Meyer et al. and confirms the above reduction ratio in our cost evaluation.