Collecting and analyzing personal data is important in modern information applications. Though the privacy of data providers should be protected, the need to track certain data providers often arises, such as tracing specific patients or adversarial users. Thus, tracking only specific persons without revealing normal users' identities is quite important for operating information systems using personal data. It is difficult to know in advance the rules for specifying the necessity of tracking since the rules are derived by the analysis of collected data. Thus, it would be useful to provide a general way that can employ any data analysis method regardless of the type of data and the nature of the rules. In this paper, we propose a privacy-preserving data analysis construction that allows an authority to detect specific users while other honest users are kept anonymous. By using the cryptographic techniques of group signatures with message-dependent opening (GS-MDO) and public key encryption with non-interactive opening (PKENO), we provide a correspondence table that links a user and data in a secure way, and we can employ any anonymization technique and data analysis method. It is particularly worth noting that no “big brother” exists, meaning that no single entity can identify users who do not provide anomaly data, while bad behaviors are always traceable. We show the result of implementing our construction. Briefly, the overhead of our construction is on the order of 10 ms for a single thread. We also confirm the efficiency of our construction by using a real-world dataset.

Knowledge-of-exponent assumptions (KEAs) are a somewhat controversial but nevertheless commonly used type of cryptographic assumptions. While traditional cryptographic assumptions simply assert that certain tasks (like factoring integers or computing discrete logarithms) cannot be performed efficiently, KEAs assert that certain tasks can be performed efficiently, but only in certain ways. The controversy surrounding those assumptions is due to their non-falsifiability, which is due to the way this idea is formalised, and to the general idea that these assumptions are “strong”. Nevertheless, their relationship to existing assumptions has not received much attention thus far. In this paper, we show that the first KEA (KEA1), introduced by Damgård in 1991, implies that computing discrete logarithms is equivalent to solving the computational Diffie-Hellman (CDH) problem. Since showing this equivalence in the standard setting (i.e., without the assumption that KEA1 holds) is a longstanding open question, this indicates that KEA1 (and KEAs in general) are indeed quite strong assumptions.

This paper presents the first attribute-based signature (ABS) scheme in which the correspondence between signers and signatures is captured in an arithmetic model of computation. Specifically, we design a fully secure, i.e., adaptively unforgeable and perfectly signer-private ABS scheme for signing policies realizable by arithmetic branching programs (ABP), which are a quite expressive model of arithmetic computations. On a more positive note, the proposed scheme places no bound on the size and input length of the supported signing policy ABP's, and at the same time, supports the use of an input attribute for an arbitrary number of times inside a signing policy ABP, i.e., the so called unbounded multi-use of attributes. The size of our public parameters is constant with respect to the sizes of the signing attribute vectors and signing policies available in the system. The construction is built in (asymmetric) bilinear groups of prime order, and its unforgeability is derived in the standard model under (asymmetric version of) the well-studied decisional linear (DLIN) assumption coupled with the existence of standard collision resistant hash functions. Due to the use of the arithmetic model as opposed to the boolean one, our ABS scheme not only excels significantly over the existing state-of-the-art constructions in terms of concrete efficiency, but also achieves improved applicability in various practical scenarios. Our principal technical contributions are (a) extending the techniques of Okamoto and Takashima [PKC 2011, PKC 2013], which were originally developed in the context of boolean span programs, to the arithmetic setting; and (b) innovating new ideas to allow unbounded multi-use of attributes inside ABP's, which themselves are of unbounded size and input length.

This paper proposes an id-eCK secure identity-based authenticated key exchange (ID-AKE) scheme, where the id-eCK security implies that a scheme resists against leakage of all combinations of master, static, and ephemeral secret keys except ones trivially break the security. Most existing id-eCK secure ID-AKE schemes require two symmetric pairing operations or a greater number of asymmetric pairing, which is faster than symmetric one, operations to establish a session key. However, our scheme is realized with a single asymmetric pairing operation for each party, and this is an advantage in efficiency. The proposed scheme is based on the ID-AKE scheme by McCullagh and Barreto, which is vulnerable to an active attack. To achieve id-eCK security, we apply the HMQV construction and the NAXOS technique to the McCullagh-Barreto scheme. The id-eCK security is proved under the external Diffie-Hellman for target group assumption and the q-gap-bilinear collision attack assumption.

ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).

The hardness in solving the shortest vector problem (SVP) is a fundamental assumption for the security of lattice-based cryptographic algorithms. In 2010, Micciancio and Voulgaris proposed an algorithm named the Gauss Sieve, which is a fast and heuristic algorithm for solving the SVP. Schneider presented another algorithm named the Ideal Gauss Sieve in 2011, which is applicable to a special class of lattices, called ideal lattices. The Ideal Gauss Sieve speeds up the Gauss Sieve by using some properties of the ideal lattices. However, the algorithm is applicable only if the dimension of the ideal lattice n is a power of two or n+1 is a prime. Ishiguro et al. proposed an extension to the Ideal Gauss Sieve algorithm in 2014, which is applicable only if the prime factor of n is 2 or 3. In this paper, we first generalize the dimensions that can be applied to the ideal lattice properties to when the prime factor of n is derived from 2, p or q for two primes p and q. To the best of our knowledge, no algorithm using ideal lattice properties has been proposed so far with dimensions such as: 20, 44, 80, 84, and 92. Then we present an algorithm that speeds up the Gauss Sieve for these dimensions. Our experiments show that our proposed algorithm is 10 times faster than the original Gauss Sieve in solving an 80-dimensional SVP problem. Moreover, we propose a rotation-based Gauss Sieve that is approximately 1.5 times faster than the Ideal Gauss Sieve.

Replayable chosen ciphertext (RCCA) security was introduced by Canetti, Krawczyk, and Nielsen (CRYPTO'03) in order to handle an encryption scheme that is “non-malleable except tampering which preserves the plaintext.” RCCA security is a relaxation of CCA security and a useful security notion for many practical applications such as authentication and key exchange. Canetti et al. defined non-malleability against RCCA (NM-RCCA), indistinguishability against RCCA (IND-RCCA), and universal composability against RCCA (UC-RCCA). Moreover, they proved that these three security notions are equivalent when considering a PKE scheme whose plaintext space is super-polynomially large. Among these three security notions, NM-RCCA seems to play the central role since RCCA security was introduced in order to capture “non-malleability except tampering which preserves the plaintext.” However, their definition of NM-RCCA is not a natural extension of that of original non-malleability, and it is not clear whether their NM-RCCA captures the requirement of original non-malleability. In this paper, we propose definitions of indistinguishability-based and simulation-based non-malleability against RCCA by extending definitions of original non-malleability. We then prove that these two notions of non-malleability and IND-RCCA are equivalent regardless of the size of plaintext space of PKE schemes.

The membership check of a group is an important operation to implement discrete logarithm-based cryptography in practice securely. Since this check requires costly scalar multiplication or exponentiation operation, several efficient methods have been investigated. In the case of pairing-based cryptography, this is an extended research area of discrete logarithm-based cryptography, Barreto et al. (LATINCRYPT 2015) proposed a parameter choice called subgroup-secure elliptic curves. They also claimed that, in some schemes, if an elliptic curve is subgroup-secure, costly scalar multiplication or exponentiation operation can be omitted from the membership check of bilinear groups, which results in faster schemes than the original ones. They also noticed that some schemes would not maintain security with this omission. However, they did not show the explicit condition of what schemes become insecure with the omission. In this paper, we show a concrete example of insecurity in the sense of subgroup security to help developers understand what subgroup security is and what properties are preserved. In our conclusion, we recommend that the developers use the original membership check because it is a general and straightforward method to implement schemes securely. If the developers want to use the subgroup-secure elliptic curves and to omit the costly operation in a scheme for performance reasons, it is critical to carefully analyze again that correctness and security are preserved with the omission.

The residue number system (RNS) is a method for representing an integer x as an n-tuple of its residues with respect to a given set of moduli. In RNS, addition, subtraction, and multiplication can be carried out by independent operations with respect to each modulus. Therefore, an n-fold speedup can be achieved by parallel processing. The main disadvantage of RNS is that we cannot efficiently compare the magnitude of two integers or determine the sign of an integer. Two general methods of comparison are to transform a number in RNS to a mixed-radix system or to a radix representation using the Chinese remainder theorem (CRT). We used the CRT to derive an equation approximating a value of x relative to M, the product of moduli. Then, we propose two algorithms that efficiently evaluate the equation and output a sign bit. The expected number of steps of these algorithms is of order n. The algorithms use a lookup table that is (n+3) times as large as M, which is reasonably small for most applications including cryptography.

Multivariate public key cryptosystem (MPKC) is one of the major post quantum cryptosystems (PQC), and the National Institute of Standards and Technology (NIST) recently selected four MPKCs as candidates of their PQC. The security of MPKC depends on the hardness of solving systems of algebraic equations over finite fields. In particular, the multivariate quadratic (MQ) problem is that of solving such a system consisting of quadratic polynomials and is regarded as an important research subject in cryptography. In the Fukuoka MQ challenge project, the hardness of the MQ problem is discussed, and algorithms for solving the MQ problem and the computational results obtained by these algorithms are reported. Algorithms for computing Gröbner basis are used as the main tools for solving the MQ problem. For example, the F₄ algorithm and M4GB algorithm have succeeded in solving many instances of the MQ problem provided by the project. In this paper, based on the F₄-style algorithm, we present an efficient algorithm to solve the MQ problems with dense polynomials generated in the Fukuoka MQ challenge project. We experimentally show that our algorithm requires less computational time and memory for these MQ problems than the F₄ algorithm and M4GB algorithm. We succeeded in solving Type II and III problems of Fukuoka MQ challenge using our algorithm when the number of variables was 37 in both problems.

Artificial intelligence (AI), especially deep learning (DL), has been remarkable and applied to various industries. However, adversarial examples (AE), which add small perturbations to input data of deep neural networks (DNNs) for misclassification, are attracting attention. In this paper, we propose a novel black-box attack to craft AE using only processing time which is side-channel information of DNNs, without using training data, model architecture and parameters, substitute models or output probability. While, several existing black-box attacks use output probability, our attack exploits a relationship between the number of activated nodes and the processing time of DNNs. The perturbations for AE are decided by the differential processing time according to input data in our attack. We show experimental results in which our attack's AE increase the number of activated nodes and cause misclassification to one of the incorrect labels effectively. In addition, the experimental results highlight that our attack can evade gradient masking countermeasures which mask output probability to prevent crafting AE against several black-box attacks.

A model extraction attack is a security issue in deep neural networks (DNNs). Information on a trained DNN model is an attractive target for an adversary not only in terms of intellectual property but also of security. Thus, an adversary tries to reveal the sensitive information contained in the trained DNN model from machine-learning services. Previous studies on model extraction attacks assumed that the victim provides a machine-learning cloud service and the adversary accesses the service through formal queries. However, when a DNN model is implemented on an edge device, adversaries can physically access the device and try to reveal the sensitive information contained in the implemented DNN model. We call these physical model extraction attacks model reverse-engineering (MRE) attacks to distinguish them from attacks on cloud services. Power side-channel analyses are often used in MRE attacks to reveal the internal operation from power consumption or electromagnetic leakage. Previous studies, including ours, evaluated MRE attacks against several types of DNN processors with power side-channel analyses. In this paper, information leakage from a systolic array which is used for the matrix multiplication unit in the DNN processors is evaluated. We utilized correlation power analysis (CPA) for the MRE attack and reveal weight parameters of a DNN model from the systolic array. Two types of the systolic array were implemented on field-programmable gate array (FPGA) to demonstrate that CPA reveals weight parameters from those systolic arrays. In addition, we applied an extended analysis approach called “chain CPA” for robust CPA analysis against the systolic arrays. Our experimental results indicate that an adversary can reveal trained model parameters from a DNN accelerator even if the DNN model parameters in the off-chip bus are protected with data encryption. Countermeasures against side-channel leaks will be important for implementing a DNN accelerator on a FPGA or application-specific integrated circuit (ASIC).

Web-based social engineering (SE) attacks manipulate users to perform specific actions, such as downloading malware and exposing personal information. Aiming to effectively lure users, some SE attacks, which we call multi-step SE attacks, constitute a sequence of web pages starting from a landing page and require browser interactions at each web page. Also, different browser interactions executed on a web page often branch to multiple sequences to redirect users to different SE attacks. Although common systems analyze only landing pages or conduct browser interactions limited to a specific attack, little effort has been made to follow such sequences of web pages to collect multi-step SE attacks. We propose STRAYSHEEP, a system to automatically crawl a sequence of web pages and detect diverse multi-step SE attacks. We evaluate the effectiveness of STRAYSHEEP's three modules (landing-page-collection, web-crawling, and SE-detection) in terms of the rate of collected landing pages leading to SE attacks, efficiency of web crawling to reach more SE attacks, and accuracy in detecting the attacks. Our experimental results indicate that STRAYSHEEP can lead to 20% more SE attacks than Alexa top sites and search results of trend words, crawl five times more efficiently than a simple crawling module, and detect SE attacks with 95.5% accuracy. We demonstrate that STRAYSHEEP can collect various SE attacks, not limited to a specific attack. We also clarify attackers' techniques for tricking users and browser interactions, redirecting users to attacks.

Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and Trusted Platform Module (TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.

This paper presents new key correlations of the keystream bytes generated from RC4 and their application to plaintext recovery on WPA-TKIP. We first observe new key correlations between two bytes of the RC4 key pairs and a keystream byte in each round, and provide their proofs. We refer to these correlations as iterated RC4 key correlations since two bytes of the RC4 key pairs are iterated every 16 rounds. We then extend the existing attacks by Isobe et al. at FSE 2013 and AlFardan et al. at USENIX Security 2013, 0and finally propose an efficient attack on WPA-TKIP. We refer to the proposed attack as chosen plaintext recovery attack (CPRA) since it chooses the best approach for each byte from a variety of the existing attacks. In order to recover the first 257 bytes of a plaintext on WPA-TKIP with success probability of at least 90%, CPRA requires approximately 2³⁰ ciphertexts, which are approximately half the number of ciphertexts for the existing attack by Paterson et al. at FSE 2014.

This paper investigates the security of KCipher-2 against differential attacks. We utilize an MILP-based method to evaluate the minimum number of active S-boxes in each round. We try to construct an accurate model to describe the 8-bit truncated difference propagation through the modular addition operation and the linear transformation of KCipher-2, respectively, which were omitted or simplified in the previous evaluation by Preneel et al. In our constructed model, the difference characteristics neglected in Preneel et al.'s evaluation can be taken into account and all valid differential characteristics can be covered. As a result, we reveal that the minimal number of active S-boxes is 25 over 15 rounds in the related IV setting and it is 17 over 24 rounds in the related IV-key setting. Therefore, this paper shows for the first time that KCipher-2 is secure against the related IV differential attack.

At the FSE conference of ToSC 2018, Kranz et al. presented their results on shortest linear programs for the linear layers of several well known block ciphers in literature. Shortest linear programs are essentially the minimum number of 2-input xor gates required to completely describe a linear system of equations. In the above paper the authors showed that the commonly used metrics like d-xor/s-xor count that are used to judge the “lightweightedness” do not represent the minimum number of xor gates required to describe a given MDS matrix. In fact they used heuristic based algorithms of Boyar-Peralta and Paar to find implementations of MDS matrices with even fewer xor gates than was previously known. They proved that the AES mixcolumn matrix can be implemented with as little as 97 xor gates. In this paper we show that the values reported in the above paper are not optimal. By suitably including random bits in the instances of the above algorithms we can achieve implementations of almost all matrices with lesser number of gates than were reported in the above paper. As a result we report an implementation of the AES mixcolumn matrix that uses only 95 xor gates. In FSE conference of ToSC 2019, Li et al. had tweaked the Boyar-Peralta algorithm to get low depth implementations of many matrices. We show that by introducing randomness in the tweaked algorithm, it is again possible to get low depth implementations with lesser number of gates than the above paper. As a result, we report a depth implementation of the AES mixcolumn matrix that uses only 103 xor gates, which is 2 gates less than the previous implementation. In the second part of the paper, we observe that most standard cell libraries contain both 2 and 3-input xor gates, with the silicon area of the 3-input xor gate being smaller than the sum of the areas of two 2-input xor gates. Hence when linear circuits are synthesized by logic compilers (with specific instructions to optimize for area), most of them would return a solution circuit containing both 2 and 3-input xor gates. Thus from a practical point of view, reducing circuit size in presence of these gates is no longer equivalent to solving the shortest linear program. In this paper we show that by adopting a graph based heuristic it is possible to convert a circuit constructed with 2-input xor gates to another functionally equivalent circuit that utilizes both 2 and 3-input xor gates and occupies less hardware area. As a result we obtain more lightweight implementations of all the matrices listed in the ToSC paper.

We discuss herein whether an optical wireless communication (OWC) system can be a candidate for post 5G or 6G cellular communication. Almost once per decade, cellular mobile communication is transformed by a significant evolution, with each generation developing a distinctive concept or technology. Interestingly, similar trends have occurred in OWC systems based on visible light and light fidelity (Li-Fi). Unfortunately, OWC is currently relegated to a limited role in any 5G scenario, but the debate whether this is unavoidable has yet to be settled. Whether OWC is adopted post 5G or 6G is not the vital issue; rather, the aim should be that OWC coexists with 5G and 6G communication technologies. In working toward this goal, research and development in OWC will continue to extend its benefits and standardize its systems so that it can be widely deployed in the market. For example, given that a standard already exists for a visible-light beacon identifier and Li-Fi, a service using this standard should be developed to satisfy user demand. Toward this end, we propose herein a method for visible-light beacon identification that involves using a rolling shutter to receive visible-light communications with a smartphone camera. In addition, we introduce a rotary LED transmitter for image-sensor communication.

In this paper, we consider interference suppression for a full-duplex (FD) multiuser system based on single-carrier transmission in frequency-selective channels where a FD base-station (BS) simultaneously communicates with half-duplex (HD) uplink and downlink mobile users. We propose a design method for time-domain filtering where the filters in the BS transmitter suppress inter-symbol interference (ISI) and downlink inter-user interference (IUI); those in the BS receiver, self-interference, ISI, and uplink IUI; and those in the downlink mobile users, co-channel interference (CCI) without the channel state information of the CCI channels. Simulation results indicate that the FD system based on the proposed method outperforms the conventional HD system and FD system based on multicarrier transmission.

Dynamic spectrum access (DSA) exploits vacant frequency resources via distributed wireless access. The two nodes of DSA, master and slave, access different channels, and thus, cannot communicate with each other. To compensate for the access channel mismatch between the two nodes, a rendezvous channel, which exchanges control signals between two nodes, has been considered. The rendezvous channel based on channel-occupancy ratio (COR) adaptively constructs the channel in accordance with the channel occupancy of other systems, and both a high-speed rendezvous channel and high usage efficiency of the frequency resource are accomplished owing to exploitation of the vacant channel. In the rendezvous channel based on COR, the master and slave recognize the channel with minimum measured COR as the superior channel. As the master sends the control signals through the superior channel recognized by the master, the slave accesses to the superior channel recognized by the slave with higher access rate than to the other channels. As a result, the slave can receive the control signals with highly probability and thus high speed rendezvous channel is achieved. If the master and the slave recognize the different channel as the superior channel, the access rate to the other channel should be larger. This is because the slave obtains the opportunity of receiving the control signals through the different channel from the superior channel recognized by slave and thus the high probability that the slave can receive the control signals is maintained. Therefore, the access rate of slave should be constructed in accordance with the recognition of superior channel by master and slave. In this paper, the access rate of slave to the superior channel is optimally constructed using the analyzed probability of completion of rendezvous channel. The analysis of the probability of completion of rendezvous channel includes the recognition of superior channel by master and slave. Even if the master and the slave recognize the different channel, the constructed access rate of slave can maintain the high speed rendezvous channel. From the theoretical analysis and computer simulation, the rendezvous channel based on COR with the optimal access rate to the channel with the lowest COR achieves reduced time for the rendezvous channel.

In this paper, we propose a model of a diversity receiver which uses an antenna whose antenna pattern can periodically change. We also propose a minimum mean square error (MMSE) based interference cancellation method of the receiver which, in principle, can suffer from the interference in neighboring frequency bands. Since the antenna pattern changes according to the sum of sinusoidal waveforms with different frequencies, the received signals are received at the carrier frequency and the frequencies shifted from the carrier frequency by the frequency of the sinusoidal waveforms. The proposed diversity scheme combines the components in the frequency domain to maximize the signal-to-noise power ratio (SNR) and to maximize the diversity gain. We confirm that the bit error rate (BER) of the proposed receiver can be improved by increase in the number of arrival paths resulting in obtaining path diversity gain. We also confirm that the proposed MMSE based interference canceller works well when interference signals exist and achieves better BER performances than the conventional diversity receiver with maximum ratio combining.

In this paper, we propose a robust output feedback control method for nonlinear systems with uncertain time-varying parameters associated with diagonal terms and there are additional external disturbances. First, we provide a new practical guidance of obtaining a compact set which contains the allowed time-varying parameters by utilizing a Lyapunov equation and matrix inequalities. Then, we show that all system states and observer errors of the controlled system remain bounded by the proposed controller. Moreover, we show that the ultimate bounds of some system states and observer errors can be made (arbitrarily) small by adjusting a gain-scaling factor depending on the system nonlinearity. With an application example, we illustrate the effectiveness of our control scheme over the existing one.

A fully homomorphic encryption (FHE) would be the important cryptosystem as the basic scheme for the cloud computing. Since Gentry discovered in 2009 the first fully homomorphic encryption scheme, some fully homomorphic encryption schemes were proposed. In the systems proposed until now the bootstrapping process is the main bottleneck and the large complexity for computing the ciphertext is required. In 2011 Zvika Brakerski et al. proposed a leveled FHE without bootstrapping. But circuit of arbitrary level cannot be evaluated in their scheme while in our scheme circuit of any level can be evaluated. The existence of an efficient fully homomorphic cryptosystem would have great practical implications in the outsourcing of private computations, for instance, in the field of the cloud computing. In this paper, IND-CCA1secure FHE based on the difficulty of prime factorization is proposed which does not need the bootstrapping and it is thought that our scheme is more efficient than the previous schemes. In particular the computational overhead for homomorphic evaluation is O(1).

In this study, we investigate fundamental trade-off among identification, secrecy, template, and privacy-leakage rates in biometric identification system. Ignatenko and Willems (2015) studied this system assuming that the channel in the enrollment process of the system is noiseless and they did not consider the template rate. In the enrollment process, however, it is highly considered that noise occurs when bio-data is scanned. In this paper, we impose a noisy channel in the enrollment process and characterize the capacity region of the rate tuples. The capacity region is proved by a novel technique via two auxiliary random variables, which has never been seen in previous studies. As special cases, the obtained result shows that the characterization reduces to the one given by Ignatenko and Willems (2015) where the enrollment channel is noiseless and there is no constraint on the template rate, and it also coincides with the result derived by Günlü and Kramer (2018) where there is only one individual.

Information leakage in Wyner's wiretap channel model is usually defined as the mutual information between the secret message and the eavesdropper's received signal. We define a new quantity called “conditional information leakage given the eavesdropper's received signals,” which expresses the amount of information that an eavesdropper gains from his/her received signal. A benefit of introducing this quantity is that we can develop a fast algorithm for computing the conditional information leakage, which has linear complexity in the code length n, while the complexity for computing the usual information leakage is exponential in n. Validity of such a conditional information leakage as a security criterion is confirmed by studying the cases of binary symmetric channels and binary erasure channels.

In high range resolution radar systems, the detection of range-spread target under correlated non-Gaussian clutter faces many problems. In this paper, a novel detector employing an autoregressive (AR) model is proposed to improve the detection performance. The algorithm is elaborately designed and analyzed considering the clutter characteristics. Numerical simulations and measurement data verify the effectiveness and advantages of the proposed detector for the range-spread target in spatially correlated non-Gaussian clutter.

In this short note, we formally show that Keyed-Homomorphic Public Key Encryption (KH-PKE) is secure against key recovery attacks and ciphertext validity attacks that have been introduced as chosen-ciphertext attacks for homomorphic encryption.

To be suitable in practice, pairings are typically carried out by two steps, which consist of the Miller loop and final exponentiation. To improve the final exponentiation step of a pairing on the BLS family of pairing-friendly elliptic curves with embedding degree 15, the authors provide a new representation of the exponent. The proposal can achieve a more reduction of the calculation cost of the final exponentiation than the previous method by Fouotsa et al.

Locally repairable codes (LRCs) are implemented in distributed storage systems (DSSs) due to their low repair overhead. The locality of an LRC is the number of nodes in DSSs that participate in the repair of failed nodes, which characterizes the repair cost. An LRC is called optimal if its minimum distance attains the Singleton-type upper bound [1]. In this letter, optimal LRCs are considered. Using the concept of projective code in projective space PG(k, q) and shortening strategy, LRCs with d=3 are proposed. Meantime, derived from an ovoid [q²+1, 4, q²]_q code (responding to a maximal (q²+1)-cap in PG(3, q)), optimal LRCs over F_q with d=4 are constructed.

This letter proposes a load balance and power transfer scheme among small cell base stations (SBSs) to maximize the sum rate of small cell network. In the proposed scheme, small cell users (SUEs) are firstly associated with their nearest SBSs, then the overloaded SBSs can be determined. Further, the methods, i.e., Case 1: SUEs of overloaded SBSs are offloaded to their neighbor underloaded SBSs or Case 2: SUEs of overloaded SBSs are served by their original associated SBSs through obtaining power from their nearby SBSs that can provide higher data rate is selected. Finally, numerical simulations demonstrate that the proposed scheme has better performance.

Bluetooth is a common wireless technology that is widely used as a connection medium between various consumer electronic devices. The receivers mostly adopt the Viterbi algorithm to improve a bit error rate performance but are hampered by heavy hardware complexity and computational load due to a coherent detection and searching for the unknown modulation index. To address these challenges, a non-coherent maximum likelihood estimation detector with an eight-state Viterbi is proposed for Gaussian frequency-shift keying symbol detection against an irrational modulation index, without any knowledge of prior information or assumptions. The simulation results showed an improvement in the performance compared to other ideal approaches.

Pseudorandom sequences with low autocorrelation magnitude play important roles in various environments. Let N be a prime with N=Mf+1, where M and f are positive integers. A new method to construct M-sequences of period 4N is given. We show that these new sequences have low autocorrelation magnitude.

With the development of cloud computing, the Mobile Edge Computing has emerged and attracted widespread attentions. In this paper, we focus on the load balancing in MEC with energy harvesting. We first introduce the load balancing in MEC as a problem of minimizing both the energy consumption and queue redundancy. Thereafter, we adapt such a optimization problem to the Lyapunov algorithm and solve this optimization problem. Finally, extensive simulation results validate that the obtained strategy improves the capabilities of MEC systems.

Hashing methods have proven to be effective algorithm for image retrieval. However, learning discriminative hash codes is challenging for unsupervised models. In this paper, we propose a novel distinguishable image retrieval framework, named Unsupervised Deep Embedded Hashing (UDEH), to recursively learn discriminative clustering through soft clustering models and generate highly similar binary codes. We reduce the data dimension by auto-encoder and apply binary constraint loss to reduce quantization error. UDEH can be jointly optimized by standard stochastic gradient descent (SGD) in the embedd layer. We conducted a comprehensive experiment on two popular datasets.