Many studies of deep neural networks have reported inference accelerators for improved energy efficiency. We propose methods for further improving energy efficiency while maintaining recognition accuracy, which were developed by the co-design of a filter-by-filter quantization scheme with variable bit precision and a hardware architecture that fully supports it. Filter-wise quantization reduces the average bit precision of weights, so execution times and energy consumption for inference are reduced in proportion to the total number of computations multiplied by the average bit precision of weights. The hardware utilization is also improved by a bit-parallel architecture suitable for granularly quantized bit precision of weights. We implement the proposed architecture on an FPGA and demonstrate that the execution cycles are reduced to 1/5.3 for ResNet-50 on ImageNet in comparison with a conventional method, while maintaining recognition accuracy.

This paper presents a method for many-to-one voice conversion using phonetic posteriorgrams (PPGs) based on an adversarial training of deep neural networks (DNNs). A conventional method for many-to-one VC can learn a mapping function from input acoustic features to target acoustic features through separately trained DNN-based speech recognition and synthesis models. However, 1) the differences among speakers observed in PPGs and 2) an over-smoothing effect of generated acoustic features degrade the converted speech quality. Our method performs a domain-adversarial training of the recognition model for reducing the PPG differences. In addition, it incorporates a generative adversarial network into the training of the synthesis model for alleviating the over-smoothing effect. Unlike the conventional method, ours jointly trains the recognition and synthesis models so that they are optimized for many-to-one VC. Experimental evaluation demonstrates that the proposed method significantly improves the converted speech quality compared with conventional VC methods.

This paper presents an analysis of the relationship between noise and bandwidth in visible light communication (VLC) systems. In the past few years, pre-emphasis and post-equalization techniques were proposed to extend the bandwidth of VLC systems. However, these bandwidth extension techniques also influence noise and sensitivity of the VLC systems. In this paper, first, we build a system model of VLC transceivers and circuit models of pre-emphasis and post-equalization. Next, we theoretically compare the bandwidth and noise of three different transceiver structures comprising a single pre-emphasis circuit, a single post-equalization circuit and a combination of pre-emphasis and post-equalization circuits. Finally, we validate the presented theoretical analysis using experimental results. The result shows that for the same resonant frequency, and for high signal-to-noise ratio (S/N), VLC systems employing post-equalization or pre-emphasis have the same bandwidth extension ability. Therefore, a transceiver employing both the pre-emphasis and post-equalization techniques has a bandwidth √2 times the bandwidth of the systems employing only the pre-emphasis or post-equalization. Based on the theoretical analysis of noise, the VLC system with only active pre-emphasis shows the lowest noise, which is a good choice for low-noise systems. The result of this paper may provide a new perspective of noise and sensitivity of the bandwidth extension techniques in VLC systems.

In this paper, we design and develop a sensor-embedded office chair that can measure the posture of the office worker continuously without disturbing their job. In our system, eight accelerometers, that are attached at the back side of the fabric surface of the chair, are used for recognizing the posture. We propose three sitting posture recognition algorithms by considering the initial position of the chair and the difference of physique. Through the experiment with 28 participants, we confirm that our proposed chair can recognize the sitting posture by 75.4% (algorithm 1), 83.7% (algorithm 2), and 85.6% (algorithm 3) respectively.

Aiming at the complexity of posture recognition with Kinect, a method of posture recognition using distance characteristics is proposed. Firstly, depth image data was collected by Kinect, and three-dimensional coordinate information of 20 skeleton joints was obtained. Secondly, according to the contribution of joints to posture expression, 60 dimensional Kinect skeleton joint data was transformed into a vector of 24-dimensional distance characteristics which were normalized according to the human body structure. Thirdly, a static posture recognition method of the shortest distance and a dynamic posture recognition method of the minimum accumulative distance with dynamic time warping (DTW) were proposed. The experimental results showed that the recognition rates of static postures, non-cross-subject dynamic postures and cross-subject dynamic postures were 95.9%, 93.6% and 89.8% respectively. Finally, posture selection, Kinect placement, and comparisons with literatures were discussed, which provides a reference for Kinect based posture recognition technology and interaction design.

SPHINCS+, an updated version of SPHINCS, is a post-quantum hash-based signature scheme submitted to the NIST post-quantum cryptography standardization project. To evaluate its performance, SPHINCS+ gives the theoretical number of function calls and the actual runtime of a reference implementation. We show that the theoretical number of function calls for SPHINCS+ verification is inconsistent with the runtime and then present the correct number of function calls.

Due to progressing process technology, yield of chips is reduced by timing violation caused by delay variation of gates and wires in fabrication. Recently, post-silicon delay tuning, which inserts programmable delay elements (PDEs) into clock trees before the fabrication and adjusts the delays of the PDEs to recover the timing violation after the fabrication, is promising to improve the yield. Although post-silicon delay tuning improves the yield, it increases circuit area and power consumption since the PDEs are inserted. In this paper, a PDE structure is taken into consideration to reduce the circuit area and the power consumption. Moreover, a delay selection algorithm, and a clustering method, in which some PDEs are merged into a PDE and the PDE is inserted for multiple registers, are proposed to reduce the circuit area and the power consumption. In computational experiments, the proposed method reduced the circuit area and the power consumption in comparison with an existing method.

We have investigated post-metallization annealing (PMA) utilizing TiN gate electrode on the thin ferroelectric undoped HfO2 directly deposited on p-Si(100) by RF magnetron sputtering. By post-deposition annealing (PDA) process at 600°C/30 s in N2, the memory window (MW) in the C-V characteristics was observed in the Al/HfO2/p-Si(100) diodes with 15 to 24-nm-thick HfO2. However, it was not obtained when the thickness of HfO2 was 10 nm. On the other hand, the MW was observed for Pt/TiN/HfO2 (10 nm)/p-Si(100) diodes utilizing PMA process at 600°C/30 s. The MW was 0.5 V when the bias voltage was applied from -3 to 3 V.

It has been said that security of symmetric key schemes is not so much affected by quantum computers, compared to public key schemes. However, recent works revealed that, in some specific situations, symmetric key schemes are also broken in polynomial time by adversaries with quantum computers. These works contain a quantum distinguishing attack on 3-round Feistel ciphers and a quantum key recovery attack on the Even-Mansour cipher by Kuwakado and Morii, in addition to the quantum forgery attack on CBC-MAC which is proposed independently by Kaplan et al., and by Santoli and Schaffner. Iterated Even-Mansour cipher is a simple but important block cipher, which can be regarded as an idealization of AES. Whether there exists an efficient quantum algorithm that can break iterated Even-Mansour cipher with independent subkeys is an important problem from the viewpoint of analyzing post-quantum security of block ciphers. Actually there is an efficient quantum attack on iterated Even-Mansour cipher by Kaplan et al., but their attack can only be applied in the case that all subkeys are the same. This paper shows that there is a polynomial time quantum algorithm that recovers partial keys of the iterated Even-Mansour cipher with independent subkeys, in a related-key setting. The related-key condition is somewhat strong, but our algorithm can recover subkeys with two related oracles. In addition, we also show that our algorithm can recover all keys of the i-round iterated Even-Mansour cipher, if we are allowed to access i related quantum oracles. To realize quantum related-key attacks, we extend Simon's quantum algorithm so that we can recover the hidden period of a function that is periodic only up to constant. Our technique is to take differential of the target function to make a double periodic function, and then apply Simon's algorithm.

The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.'s group solved some LWE Challenge instances using Liu-Nguyen's adapted enumeration technique (reducing LWE to BDD problem) [23] and they published this result at ACNS 2017 [32]. In this paper, at first, we applied the progressive BKZ on the LWE challenge cases of σ/q=0.005 using Kannan's embedding technique. We can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then we will analyze the optimal number of samples m for a successful attack on LWE case with secret length of n. Thirdly based on this analysis, we show the practical cost estimations using the precise progressive BKZ simulator. Simultaneously, our experimental results show that for n ≥ 55 and the fixed σ/q=0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.'s implementation of the enumeration algorithm in [32][14]. Moreover, by our parameter setting, we succeed in solving the LWE Challenge over (n,σ/q)=(70, 0.005) using 216.8 seconds (32.73 single core hours).

The QC-MDPC McEliece scheme was considered one of the most promising public key encryption schemes for efficient post-quantum secure encryption. As a variant of the McEliece scheme, it is based on the syndrome decoding problem, which is a hard problem from Coding Theory. Its key sizes are competitive with the ones of the widely used RSA cryptosystem, and it came with an apparently strong security reduction. For three years, the scheme has not suffered major threats, until the end of 2016, at the Asiacrypt, when Guo, Johansson, and Stankovski presented a reaction attack on the QC-MDPC that exploits one aspect that was not considered in the security reduction: the probability of a decoding failure to occur is lower when the secret key and the error used for encryption share certain properties. Recording the decoding failures, the attacker obtains information about the secret key and then use the information gathered to reconstruct the key. Guo et al. presented an algorithm for key reconstruction for which we can point two weaknesses. The first one is that it cannot deal with partial information about the secret key, resulting in the attacker having to send a large number of decoding challenges. The second one is that it does not scale well for higher security levels. To improve the attack, we propose a key reconstruction algorithm that runs faster than Guo's et al. algorithm, even using around 20% less interactions with the secret key holder than used by their algorithm, considering parameters suggested for 80 bits of security. It also has a lower asymptotic complexity which makes it scale much better for higher security parameters. The algorithm can be parallelized straightforwardly, which is not the case for the one by Guo et al.

The isomorphism of polynomials with two secret (IP2S) problem is one candidate of computational assumptions for post-quantum cryptography. The idea of identification scheme based on IP2S is firstly introduced in 1996 by Patarin. However, the scheme was not described concretely enough and no more details are provided on how to transcribe the idea into a real-world implementation. Moreover, the security of the scheme has not been formally proven and the originally proposed security parameters are no longer secure based on the most recent research. In this paper, we propose a concrete identification scheme based on IP2S with the idea of Patarin as the starting point. We provide formal security proof of the proposed scheme against impersonation under passive attack, sequential active attack, and concurrent active attack. We also propose techniques to reduce the implementation cost such that we are able to cut the storage cost and average communication cost to an extent that under parameters for the standard 80-bit security, the scheme is implementable even on the lightweight devices in the current market.

The security of current public-key cryptosystems relies on the hardness of factoring large integers or solving discrete logarithm problems. However, these mathematical problems can be solved in polynomial time using a quantum computer. This vulnerability has prompted research into post-quantum cryptography using alternative mathematical problems that are secure in the era of quantum computers. In this regard, the National Institute of Standards and Technology (NIST) began to standardize post-quantum cryptography in 2016. In this expository article, we give an overview of recent research on post-quantum cryptography. In particular, we describe the construction and security of multivariate polynomial cryptosystems and lattice-based cryptosystems, which are the main candidates of post-quantum cryptography.

ZHFE, proposed by Porras et al. at PQCrypto'14, is one of the very few existing multivariate encryption schemes and a very promising candidate for post-quantum cryptosystems. The only one drawback is its slow key generation. At PQCrypto'16, Baena et al. proposed an algorithm to construct the private ZHFE keys, which is much faster than the original algorithm, but still inefficient for practical parameters. Recently, Zhang and Tan proposed another private key generation algorithm, which is very fast but not necessarily able to generate all the private ZHFE keys. In this paper we propose a new efficient algorithm for the private key generation and estimate the number of possible keys generated by all existing private key generation algorithms for the ZHFE scheme. Our algorithm generates as many private ZHFE keys as the original and Baena et al.'s ones and reduces the complexity from O(n2ω+1) by Baena et al. to O(nω+3), where n is the number of variables and ω is a linear algebra constant. Moreover, we also analyze when the decryption of the ZHFE scheme does not work.

With the increasing demand of Internet-of-Things applicability in various devices and location-based services (LBSs) with positioning capabilities, we proposed simple and effective post-processing techniques to reduce positioning error and provide more precise navigation to users in a pedestrian environment in this letter. The proposed positioning error reduction techniques (Technique 1-minimum range securement and bounce elimination, Technique 2-direction vector-based error correction) were studied considering low complexity and wide applicability to various types of positioning systems, e.g., global positioning system (GPS). Through the real field tests in urban areas, we have verified that an average positioning error of the proposed techniques is significantly decreased compared to that of a GPS-only environment.

In video coding, layered coding is beneficial for applications, because it can encode a number of input sources efficiently and achieve scalability functions. However, in order to achieve the functions, some specific codecs are needed. Meanwhile, although the coding efficiency is insufficient, simulcast that encodes a number of input sources independently is versatile. In this paper, we propose postprocessing for simulcast video coding that can improve picture quality and coding efficiency without using any layered coding. In particular, with a view to achieving spatial scalability, we show that the overlapped filtering (OLF) improves picture quality of the high-resolution layer by using the low-resolution layer.

In this paper, the posterior matching scheme proposed by Shayevits and Feder is extended to the Gaussian broadcast channel with feedback, and the error probabilities and achievable rate region are derived for this coding strategy by using the iterated random function theory. A variant of the Ozarow-Leung code for the general two-user broadcast channel with feedback can be realized as a special case of our coding scheme. Furthermore, for the symmetric Gaussian broadcast channel with feedback, our coding scheme achieves the linear-feedback sum-capacity like the LQG code and outperforms the Kramer code.

One of major ideas to design a multivariate public key cryptosystem (MPKC) is to generate its quadratic forms by a polynomial map over an extension field. In fact, Matsumoto-Imai's scheme (1988), HFE (Patarin, 1996), MFE (Wang et al., 2006) and multi-HFE (Chen et al., 2008) are constructed in this way and Sflash (Akkar et al., 2003), Quartz (Patarin et al., 2001), Gui (Petzoldt et al, 2015) are variants of these schemes. An advantage of such extension field type MPKCs is to reduce the numbers of variables and equations to be solved in the decryption process. In the present paper, we study the security of MPKCs whose quadratic forms are derived from a “quadratic” map over an extension field and propose a new attack on such MPKCs. Our attack recovers partial information of the secret affine maps in polynomial time when the field is of odd characteristic. Once such partial information is recovered, the attacker can find the plain-text for a given cipher-text by solving a system of quadratic equations over the extension field whose numbers of variables and equations are same to those of the system of quadratic equations used in the decryption process.

Patarin proposed a crytographic trapdoor called Hidden Field Equation (HFE), a trapdoor based on the Multivariate Quadratic (MQ) and the Isomorphism of Polynomials (IP) problems. The MQ problem was proved by Patarin et al.'s to be NP-complete. Although the basic HFE has been proved to be vulnerable to attacks, its variants obtained by some modifications have been proved to be stronger against attacks. The Quartz digital signature scheme based on the HFEv- trapdoor (a variant of HFE) with particular choices of parameters, has been shown to be stronger against algebraic attacks to recover the private key. Furthermore, it generates reasonably short signatures. However, Joux et al. proved (based on the Birthday Paradox Attack) that Quartz is malleable in the sense that, if an adversary gets a valid pair of message and signature, a valid signature to another related message is obtainable with 250 computations and 250 queries to the signing oracle. Currently, the recommended minimum security level is 2112. Our signature scheme is also based on Quartz but we achieve a 2112 security level against Joux et al.'s attack. It is also more efficient in signature verification and vector initializations. Furthermore, we implemented both the original and our improved Quartz signature and run empirical comparisons.

The segmentation of Mycobacterium tuberculosis images forms the basis for the computer-aided diagnosis of tuberculosis. The segmented objects are often broken due to the low-contrast objects and the limits of segmentation method. This will result in decreasing the accuracy of segmentation and recognition. A simple and effective post-processing method is proposed to connect the broken objects. The broken objects in the segmented binary images are connected based on the information obtained from their skeletons. Experimental results demonstrate the effectiveness of our proposed method.