This paper shows that sum-of-product expression (SOP) minimization produces the generalization ability. We show this in three steps. First, various classes of SOPs are generated. Second, minterms of SOP are randomly selected to generate partially defined functions. And, third, from the partially defined functions, original functions are reconstructed by SOP minimization. We consider Achilles heel functions, majority functions, monotone increasing cascade functions, functions generated from random SOPs, monotone increasing random SOPs, circle functions, and globe functions. As for the generalization ability, the presented method is compared with Naive Bayes, multi-level perceptron, support vector machine, JRIP, J48, and random forest. For these functions, in many cases, only 10% of the input combinations are sufficient to reconstruct more than 90% of the truth tables of the original functions.

In the context of Cyber-Physical System (CPS), analyzing the real world data accumulated in cyberspace would improve the efficiency and productivity of various social systems. Towards establishing data-driven society, it is desired to share data safely and smoothly among multiple services. In this paper, we propose a scheme that services authenticate users using information registered on a blockchain. We show that the proposed scheme has resistance to tampering and a spoofing attack.

IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.

A compression-function-based MAC function called FMAC was presented as well as a vector-input PRF called vFMAC in 2016. They were proven to be secure PRFs on the assumption that their compression function is a secure PRF against related-key attacks with respect to their non-cryptographic permutations in the single user setting. In this paper, it is shown that both FMAC and vFMAC are also secure PRFs in the multi-user setting on the same assumption as in the single user setting. These results imply that their security in the multi-user setting does not degrade with the number of the users and is as good as in the single user setting.

This paper discusses a mode for pseudorandom functions (PRFs) based on the hashing mode of Lesamnta-LW and the domain extension called Merkle-Damgård with permutation (MDP). The hashing mode of Lesamnta-LW is a plain Merkle-Damgård iteration of a block cipher with its key size half of its block size. First, a PRF mode is presented which produces multiple independent PRFs with multiple permutations and initialization vectors if the underlying block cipher is a PRP. Then, two applications of the PRF mode are presented. One is a PRF with minimum padding. Here, padding is said to be minimum if the produced message blocks do not include message blocks only with the padded sequence for any non-empty input message. The other is a vector-input PRF using the PRFs with minimum padding.

This paper presents a method to realize index generation functions using multiple Index Generation Units (IGUs). The architecture implements index generation functions more efficiently than a single IGU when the number of registered vectors is very large. This paper proves that independent linear transformations are necessary in IGUs for efficient realization. Experimental results confirm this statement. Finally, it shows a fast update method to IGUs.

Verifiable random functions (VRF), proposed in 1999, and selectively convertible undeniable signature (SCUS) schemes, proposed in 1990, are apparently thought as independent primitives in the literature. In this paper, we show that they are tightly related in the following sense: VRF is exactly SCUS; and the reverse also holds true under a condition. This directly yields several deterministic SCUS schemes based on existing VRF constructions. In addition, we create a new probabilistic SCUS scheme, which is very compact. We build efficient confirmation and disavowal protocols for the proposed SCUS schemes, based on what we call zero-knowledge protocols for generalized DDH and non-DDH. These zero-knowledge protocols are built either sequential, concurrent, or universally composable.

In this article, we first review key derivation functions specified in NIST SP 800-108 and one proposed by Krawczyk. Then, we propose parallelizable key derivation functions obtained by modifying or using the existing schemes. We also define two measures of efficiency of key derivation functions, and evaluate their performance in terms of the two measures.

This article discusses the provable security of pseudo-random-function (PRF) modes of an iterated hash function using a block cipher. The iterated hash function uses the Matyas-Meyer-Oseas (MMO) mode for the compression function and the Merkle-Damgård with a permutation (MDP) for the domain extension transform. It is shown that the keyed-via-IV mode and the key-prefix mode of the iterated hash function are pseudorandom functions if the underlying block cipher is a pseudorandom permutation under a related-key attack with respect to the permutation used in MDP. More precisely, the key-prefix mode also requires that EIV(K)+ K is pseudoramdom, where E is the underlying block cipher, IV is the fixed initial value of the hash function, and K is a secret key. It is also confirmed that the MMO compression function is the best choice with MDP among the block-cipher-based compression functions in the Preneel-Govaerts-Vandewalle model in terms of the provable security.

In this paper we propose a novel method to inpaint highlights and to remove the specularity in the image with specular objects by the color line projection. Color line projection is the method that a color with a surface reflection component is projected near the diffuse color line by following the direction of the specular color line. We use two captured images using different exposure time so that the clue of the original color in a highlight area is searched from two images since the color at the highlight region is distorted and saturated to the illumination color. In the first step of the proposed procedure, the region corresponding to the highlight is generated and the clue of the original highlight color is acquired. In the next step, the color line is generated by the restricted region growing method around the highlight region, and the color line is divided into the diffuse color line and the specular color line. In the final step, pixels near the specular color line are projected onto near the diffuse color line by the color line projection, in which the modified random function is applied to realistically inpaint the highlight. One of advantages in our method is to find the highlight region and the clue of the original color of the highlight with ease. It also efficiently estimates the surface reflection component which is utilized to remove specularity and to inpaint the highlight. The proposed method performs the highlight inpainting and the specular removal simultaneously once the color line is generated. In addition, color line projection with the modified random function can make the result more realistic. We show experimental results from the real images and make a synthesis of the real image and the image modified by the proposed method.

This paper proposes to apply random mapping methods of a pseudo random function to find collisions of a hash function. We test a hash function including a block cipher (see ISO/IEC 10118-2) with computers, where users can select its initial vector. In particular, the paper shows that a hash function with multiple stages generates a lot of collision hash values, so our probabilistic consideration of a small model for the hash function well explains the computational results. We show that it's feasible to find collisions between the selected messages in advance for 64-bit-size hash functions with WSs linked via an ordinary LAN (Local Area Network). Thus, it is dangerous to use the hash function -- single block mode -- defined in [6] and [7].