One of major ideas to design a multivariate public key cryptosystem (MPKC) is to generate its quadratic forms by a polynomial map over an extension field. In fact, Matsumoto-Imai's scheme (1988), HFE (Patarin, 1996), MFE (Wang et al., 2006) and multi-HFE (Chen et al., 2008) are constructed in this way and Sflash (Akkar et al., 2003), Quartz (Patarin et al., 2001), Gui (Petzoldt et al, 2015) are variants of these schemes. An advantage of such extension field type MPKCs is to reduce the numbers of variables and equations to be solved in the decryption process. In the present paper, we study the security of MPKCs whose quadratic forms are derived from a “quadratic” map over an extension field and propose a new attack on such MPKCs. Our attack recovers partial information of the secret affine maps in polynomial time when the field is of odd characteristic. Once such partial information is recovered, the attacker can find the plain-text for a given cipher-text by solving a system of quadratic equations over the extension field whose numbers of variables and equations are same to those of the system of quadratic equations used in the decryption process.

In PQCrypto 2013, Yasuda, Takagi and Sakurai proposed a new signature scheme as one of multivariate public key cryptosystems (MPKCs). This scheme (called YTS) is based on the fact that there are two isometry classes of non-degenerate quadratic forms on a vector space with a prescribed dimension. The advantage of YTS is its efficiency. In fact, its signature generation is eight or nine times faster than Rainbow of similar size. For the security, it is known that the direct attack, the IP attack and the min-rank attack are applicable on YTS, and the running times are exponential time for the first and the second attacks and sub-exponential time for the third attack. In the present paper, we give a new attack on YTS whose approach is to use the diagonalization of matrices. Our attack works in polynomial time and it actually recovers equivalent secret keys of YTS having 140-bits security against min-rank attack in around fifteen seconds.

Let p be an odd prime and m be any positive integer. Assume that n=2m and e is a positive divisor of m with m/e being odd. For the decimation factor $d=rac{(p^{m}+1)^2}{2(p^e+1)}$, the cross-correlation between the p-ary m-sequence ${tr_1^n(alpha^i)}$ and its decimated sequence ${tr_1^n(alpha^{di})}$ is investigated. The value distribution of the correlation function is completely determined. The results in this paper generalize the previous results given by Choi, Luo and Sun et al., where they considered some special cases of the decimation factor d with a restriction that m is odd. Note that the integer m in this paper can be even or odd. Thus, the decimation factor d here is more flexible than the previous ones. Moreover, our method for determining the value distribution of the correlation function is different from those adopted by Luo and Sun et al. in that we do not need to calculate the third power sum of the correlation function, which is usually difficult to handle.

Let m ≥ 3 be an odd positive integer, n=2m and p be an odd prime. For the decimation factor $d=rac{(p^{m}+1)(p^{m}+p-1)}{p+1}$, the cross-correlation between the p-ary m-sequence {tr1n(αt)} and its all decimated sequences {tr1n(αdt+l)} is investigated, where 0 ≤ l < gcd(d,pn-1) and α is a primitive element of Fpn. It is shown that the cross-correlation function takes values in {-1,-1±ipm|i=1,2,…p}. The result presented in this paper settles a conjecture proposed by Kim et al. in the 2012 IEEE International Symposium on Information Theory Proceedings paper (pp.1014-1018), and also improves their result.

A ghost reduction algorithm for multiple angle sensors tracking objects under dual hypotheses is proposed. When multiple sensors and multiple objects exist on the same plane, the conventional method is unable to distinguish the real objects and ghosts from all possible pairs of measurement angle vectors. In order to resolve the issue stated above, the proposed algorithm utilizes tracking process considering dual hypotheses of real objects and ghosts behaviors. The proposed algorithm predicts dynamics of all the intersections of measurement angle vector pairs with the hypotheses of real objects and ghosts. Each hypothesis is evaluated by the residuals between prediction data and intersection. The appropriate hypothesis is extracted trough several data sampling. Representative simulation results demonstrate the effectiveness of the proposed algorithm.

In this paper, for an odd prime p such that p≡3 mod 4, odd n, and d=(pn+1)/(pk+1)+(pn-1)/2 with k|n, the value distribution of the exponential sum S(a,b) is calculated as a and b run through $mathbb{F}_{p^n}$. The sequence family $mathcal{G}$ in which each sequence has the period of N=pn-1 is also constructed. The family size of $mathcal{G}$ is pn and the correlation magnitude is roughly upper bounded by $(p^k+1)sqrt{N}/2$. The weight distribution of the relevant cyclic code C over $mathbb{F}_p$ with the length N and the dimension ${ m dim}_{mathbb{F}_p}mathcal{C}=2n$ is also derived.

Let n,k,e,m be positive integers such that n≥ 3, 1 ≤ k ≤ n-1, gcd(n,k)=e, and m= is odd. In this paper, for an odd prime p, we derive a lower bound for the minimal distance of a large class of p-ary cyclic codes Cl with nonzeros α-1, α-(pk+1), α-(p3k+1), …, α-(p(2l-1)k+1), where 1 ≤ l ≤ and α is a primitive element of the finite field Fpn. Employing these codes, p-ary sequence families with a flexible tradeoff between low correlation and large size are constructed.

For an odd prime p, two new families of p-ary sequences of period pn-1 are constructed for odd n = 2l+1=(2m+1)e and even n = 2l = 2me, respectively. It is shown that, for a given integer ρ with 1 ≤ ρ ≤ m, the proposed sequence families both have maximum correlation magnitude , family size (pn-1)p(ρ-1)n+1, and maximum linear span .

In this paper, for odd n and any k with gcd(n,k) = 1, new binary sequence families Sk of period 2n-1 are constructed. These families have maximum correlation , family size 22n+2n+1 and maximum linear span . The correlation distribution of Sk is completely determined as well. Compared with the modified Gold codes with the same family size, the proposed families have the same period and correlation properties, but larger linear span. As good candidates with low correlation and large family size, the new families contain the Gold sequences and the Gold-like sequences. Furthermore, Sk includes a subfamily which has the same period, correlation distribution, family size and linear span as the family So(2) recently constructed by Yu and Gong. In particular, when k=1, is exactly So(2).

The transformation of a data set using a second-order polynomial mapping to find statistically independent components is considered (quadratic independent component analysis or ICA). Based on overdetermined linear ICA, an algorithm together with separability conditions are given via linearization reduction. The linearization is achieved using a higher dimensional embedding defined by the linear parametrization of the monomials, which can also be applied for higher-order polynomials. The paper finishes with simulations for artificial data and natural images.