The Generalized Feistel Structure (GFS) generally uses the sub-block-wise cyclic shift in the permutation layer, the layer between the two F function layers. For Type 2 GFS, at FSE 2010, Suzaki and Minematsu showed that a better diffusion property can be obtained if one uses some other sub-block-wise permutation. In this paper, we consider Type 1, Type 3, Source-Heavy (SH), and Target-Heavy (TH) GFSs, and study if their diffusion properties can be improved by changing the sub-block-wise cyclic shift. For Type 1 GFS and Type 3 GFS, we show that better permutations in terms of diffusion exist. For SH and TH GFSs, we show that the diffusion property does not change even if we change the sub-block-wise cyclic shift. We also experimentally derive optimum permutations in terms of diffusion, and evaluate the security of the resulting schemes against saturation, impossible differential, differential, and linear attacks.

In this paper, we put forward a new method to construct n-variable Boolean functions with optimal algebraic immunity based on the factorization of n. Computer investigations for small values of n indicate that a class of Boolean functions constructed by the new method has a very good nonlinearity and also a good behavior against fast algebraic attacks.

Key wrapping schemes are used to encrypt data of high entropy, such as cryptographic keys. There are two known security definitions for key wrapping schemes. One captures the security against chosen plaintext attacks (called DAE-security), and the other captures known plaintext attacks (called AKW-security). In this paper, we revisit the security of Hash-then-CBC key wrapping schemes. In [17], Osaki and Iwata showed that the U_CC-then-CBC key wrapping scheme, a key wrapping scheme that uses the U_CC hash function and CBC mode, has provable AKW-security. In this paper, we show that the scheme achieves the stronger notion of DAE-security. We also show our proof in the variable input length setting, where the adversary is allowed making queries of varying lengths. Furthermore, we consider the scheme that incorporates the use of headers. To handle such a setting, we generalize the previous definition of the U_CC hash function to the variable input length setting and to take the header as its input, and show an efficient construction that meets the definition.

The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, we reveal the specification of INCrypt32 by reverse-engineering iCLASS cards and investigate the security of INCrypt32 with respect to the cryptographic sense. This result is the first work to describe the details of INCrypt32 and the possibility of a secret key (64-bit) recovery in our attack environments. 2⁴² MAC queries are required in the real environment using secure communication protocols. But the required number of MAC queries decreases to 2¹⁸ if MAC quires for chosen messages with arbitrary length can be requested.

This paper proposes an inner-product encryption (IPE) scheme, which achieves selectively fully-attribute-hiding security in the standard model almost tightly reduced from the decisional linear (DLIN) assumption, and whose ciphertext is almost the shortest among the existing (weakly/fully) attribute-hiding IPE schemes, i.e., it consists of n+4 elements of G and 1 element of G_T for a prime-order symmetric bilinear group (G, G_T), where n is the dimension of attribute/predicate vectors. We also present a variant of the proposed IPE scheme that enjoys shorter public and secret keys with preserving the security. A hierarchical IPE (HIPE) scheme can be realized that has short ciphertexts and selectively fully-attribute-hiding security almost tightly reduced from the DLIN assumption.

We propose a new hidden vector encryption (HVE) scheme that we call a ciphertext-policy delegatable hidden vector encryption (CP-dHVE) scheme. Several HVE schemes have been proposed and their properties have been analyzed extensively. Nonetheless, the definition of the HVE has been left unchanged. We therefore reconsider it, and point out that the conventional HVE should be categorized as the key-policy HVE, because the vectors corresponding to the secret keys can contain wildcards (which specify an access policy) whereas those corresponding to the ciphertexts cannot contain them. We then formalize its dual concept, the ciphertext-policy HVE, and propose a concrete scheme. Then, as an application of our scheme, we propose a public-key encryption with conjunctive keyword search scheme that can be used in the hierarchical user systems. Our scheme is novel in that the ciphertext size grows logarithmically to the number of uses in the system, while that of a conventional scheme grows linearly.

This paper presents efficient secure auction protocols for first price auction and second price auction. Previous auction protocols are based on a generally secure multi-party protocol called mix-and-match protocol based on plaintext equality tests. However, the time complexity of the plaintext equality tests is large, although the mix-and-match protocol can securely calculate any logical circuits. The proposed protocols reduce the number of times the plaintext equality tests is used by replacing them with the Boneh-Goh-Nissim encryption, which enables calculation of 2-DNF of encrypted data.

This paper provides a sufficient condition to construct timed-release public-key encryption (TRPKE), where the constructed TRPKE scheme guarantees strong security against malicious time servers, proposed by Chow et al., and strong security against malicious receivers, defined by Cathalo et al., in the random oracle model if the component IBE scheme is IND-ID-CPA secure, the component PKE scheme is IND-ID-CPA secure, and the PKE scheme satisfies negligible γ-uniformity for every public key. Although Chow et al. proposed a strongly secure TRPKE scheme, which is concrete in the standard model, to the best of our knowledge, the proposed construction is the first generic one for TRPKE that guarantees strong security even in the random oracle model.

In this paper, we present a framework to construct message recovery signature schemes from Sigma-protocols. The key technique of our construction is the redundancy function that adds some redundancy to the message only legitimately signed and recovered message can have. We provide a characterization of the redundancy functions that make the resulting message recovery signature scheme proven secure. Our framework includes known schemes when the building blocks are given concrete implementations, i.e., random oracles and ideal ciphers, hence presents insightful explanation to their structure.

We propose a security model, referred as g-eCK model, for group key exchange that captures essentially all non-trivial leakage of static and ephemeral secret keys of participants, i.e., group key exchange version of extended Canetti-Krawczyk (eCK) model. Moreover, we propose the first one-round tripartite key exchange (3KE) protocol secure in the g-eCK model under the gap Bilinear Diffie-Hellman (gap BDH) assumption and in the random oracle model.

In the Naive Bayes classification problem using a vertically partitioned dataset, the conventional scheme to preserve privacy of each partition uses a secure scalar product and is based on the assumption that the data is synchronized amongst common unique identities. In this paper, we attempt to discard this assumption in order to develop a more efficient and secure scheme to perform classification with minimal disclosure of private data. Our proposed scheme is based on the work by Vaidya and Clifton [2], which uses commutative encryption to perform secure set intersection so that the parties with access to the individual partitions have no knowledge of the intersection. The evaluations presented in this paper are based on experimental results, which show that our proposed protocol scales well with large sparse datasets^*.

We study the security of AES in the open-key setting by showing an analysis on hash function modes instantiating AES including Davies-Meyer, Matyas-Meyer-Oseas, and Miyaguchi-Preneel modes. In particular, we propose preimage attacks on these constructions, while most of previous work focused their attention on collision attacks or distinguishers using non-ideal differential properties. This research is based on the motivation that we should evaluate classical and important security notions for hash functions and avoid complicated attack models that seem to have little relevance in practice. We apply a recently developed meet-in-the-middle preimage approach. As a result, we obtain a preimage attack on 7 rounds of Davies-Meyer AES and a second preimage attack on 7 rounds of Matyas-Meyer-Oseas and Miyaguchi-Preneel AES. Considering that the previous best collision attack only can work up to 6 rounds, the number of attacked rounds reaches the best in terms of the classical security notions. In our attacks, the key is regarded as a known constant, and the attacks thus can work for any key length in common.

In this paper, we study a boomerang attack approach on MD4-based hash functions, and present a practical 4-sum distinguisher against the compression function of the full 5-pass HAVAL. Our approach is based on the previous work by Kim et al., which proposed the boomerang distinguisher on the encryption mode of MD4, MD5, and HAVAL in the related-key setting. Firstly, we prove that the differential path for 5-pass HAVAL used in the previous boomerang distinguisher contains a critical flaw and thus the attack cannot work. We then search for new differential paths. Finally, by using the new paths, we mount the distinguisher on the compression function of the full 5-pass HAVAL which generates a 4-sum quartet with a complexity of approximately 2¹¹ compression function computations. As far as we know, this is the first result on the full compression function of 5-pass HAVAL that can be computed in practice. We also point out that the 4-sum distinguisher can also be constructed for other MD4-based hash functions such as MD5, 3-pass HAVAL, and 4-pass HAVAL. Our attacks are implemented on a PC and we present a generated 4-sum quartet for each attack target.

This paper shows a known-key distinguisher on the internal block cipher of tweaked Lesamnta reduced to 31 (out of 32) rounds, which is one of the hash functions submitted to the SHA-3 competition. Moreover, the paper presents a distinguisher for full internal block cipher of Lesamnta with stronger assumption. For its tweaked version, all previous cryptanalysis can work no more than 24 rounds. We search for a new integral characteristic for the internal block cipher, and discover a 19-round integral characteristic for forward direction. We then search for an integral characteristic for backward direction, and the characteristics can be combined to full rounds with some assumption. The distinguisher for the internal block cipher of Lesamnta-256 requires 2¹⁹² query complexity and negligible memory. This is the best attack on Lesamnta compression function and its internal block cipher after the tweak.

Given an integer n-dimensional lattice basis, the random sampling reduction was proven to find a short vector in arithmetic steps with an integer k, which is freely chosen by users. This paper introduces new random sampling reduction using precomputation techniques. The computation cost is almost independent of the lattice dimension number. The new method is therefore especially advantageous to find a short lattice vector in higher dimensions. The arithmetic operation number of our new method is about 20% of the random sampling reduction with 200 dimensions, and with 1000 dimensions it is less than 1% ( 1/130) of that of the random sampling reduction with representative parameter settings under reasonable assumptions.

Recently, some cryptographic primitives have been described that are based on the supposed hardness of finding an isogeny between two supersingular elliptic curves. As a part of such a primitive, Charles et al. proposed an algorithm for computing sequences of 2-isogenies. However, their method involves several redundant computations. We construct simple algorithms without such redundancy, based on very compact descriptions of the 2-isogenies. For that, we use some observations on 2-torsion points.

Multiparty Simultaneous Quantum Identity Authentication (MSQIA) is a form of quantum authentication protocol in which a verifier can simultaneously authenticate all users. Yang et al. previously proposed the MSQIA protocol, but in that protocol the user's key is revealed by the fake signal attack. This paper proposes a new MSQIA protocol that is secure against fake signal attacks. It also demonstrates that this scheme is secure against several well-known attacks on MSQIA. This protocol can be efficiently used for MSQIA in a network and is feasible with current technology, like the protocol of Yang et al.

We proposed a method for constructing constant-weight and multi-valued sequences from the cyclic difference sets by generalization of the method in binary case proposed by N. Li, X. Zeng and L. Hu in 2008. In this paper we give some properties about sets of such sequences and it is shown that a set of non-constant-weight sequences over Z₄ with length 13 from the (13,4,1)-cyclic difference set, and a set of constant-weight sequences over Z₅ with length 21 from the (21,5,1)-cyclic difference set have almost highest linear complexities and good profiles of all sequences' linear complexities. Moreover we investigate the value distribution, the linear complexity and correlation properties of a set of sequences with length 57 over GF(8) from the (57,8,1)-cyclic difference set. It is pointed out that this set also has good value distributions and almost highest linear complexities in similar to previous two sets over Z₄ with length 13 and Z₅ with length 21.

Fault-based attacks are very powerful to recover the secret key for cryptographic implementations. In this work, we consider the faulty output value under a certain fault injection intensity as a new type of leakage called faulty behavior. We examine the data-dependency of the faulty behavior and propose a related side-channel attack called fault behavior analysis (FBA). To verify the validity of the proposed attack, we first show that our attack can work effectively on AES-COMP of SASEBO-R. Then we show how to apply the similar attack on two AES implementations with masking countermeasures, i.e., AES-MAO and AES-TI. Finally we compare the proposed FBA attack with the DFA attack and the FSA attack, trying to complete the research map for the fault-based attack based on setup-time violations.

Electromagnetic emissions leak confidential data of cryptographic devices. Electromagnetic Analysis (EMA) exploits such emission for cryptanalysis. The performance of EMA dramatically decreases when correlated noise, which is caused by the interference of clock network and exhibits strong correlation with encryption signal, is present in the acquired EM signal. In this paper, three techniques are proposed to reduce the correlated noise. Based on the observation that the clock signal has a high variance at the signal edges, the first technique: single-sample Singular Value Decomposition (SVD), extracts the clock signal with only one EM sample. The second technique: multi-sample SVD is capable of suppressing the clock signal with short sampling length. The third one: averaged subtraction is suitable for estimation of correlated noise when background samplings are included. Experiments on the EM signal during AES encryption on the FPGA and ASIC implementation demonstrate that the proposed techniques increase SNR as much as 22.94 dB, and the success rates of EMA show that the data-independent information is retained and the performance of EMA is improved.

The multivariate public key cryptosystem (MPKC), which is based on the problem of solving a set of multivariate systems of quadratic equations over a finite field, is expected to be secure against quantum attacks. Although there are several existing schemes in MPKC that survived known attacks and are much faster than RSA and ECC, there have been few discussions on security against physical attacks, aside from the work of Okeya et al. (2005) on side-channel attacks against Sflash. In this study, we describe general fault attacks on MPKCs including Big Field type (e.g. Matsumoto-Imai, HFE and Sflash) and Stepwise Triangular System (STS) type (e.g. UOV, Rainbow and TTM/TTS). For both types, recovering (parts of) the secret keys S,T with our fault attacks becomes more efficient than doing without them. Especially, on the Big Field type, only single fault is sufficient to recover the secret keys.

NTRU is a public key cryptosystem based on hard problems over lattices. In this paper, we present efficient methods for convolution product computation which is a dominant operation of NTRU. The new methods are based on the observation that repeating patterns in coefficients of an NTRU polynomial can be used for the construction of look-up tables, which is a similar approach to the sliding window methods for exponentiation. We provide efficient convolution algorithms to implement this idea, and we make a comprehensive analysis of the complexity of the new algorithms. We also give software implementations over a Pentium IV CPU, a MICAz mote, and a CUDA-based GPGPU platform. According to our analyses and experimental results, the new algorithms speed up the NTRU encryption and decryption operations by up to 41%.

Memory deduplication improves the utilization of physical memory by sharing identical blocks of data. Although memory deduplication is most effective when many virtual machines with same operating systems run on a CPU, cross-user memory deduplication is a covert channel and causes serious memory disclosure attack. It reveals the existence of an application or file on another virtual machine. The covert channel is a difference in write access time on deduplicated memory pages that are re-created by Copy-On-Write, but it has some interferences caused by execution environments. This paper indicates that the attack includes implementation issues caused by memory alignment, self-reflection between page cache and heap, and run-time modification (swap-out, anonymous pages, ASLR, preloading mechanism, and self-modification code). However, these problems are avoidable with some techniques. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the security level of attacked operating systems, find vulnerable applications, and confirm the status of attacked applications.

As the number of new malware has increased explosively, traditional malware detection approaches based on pattern matching have been less effective. Therefore, it is important to develop a detection method which relies on not signatures but characteristic behaviors of malware. Recently, malware authors have been embedding functions for countermeasure against malware analyses and detections into malware. Accordingly, modern malware often changes their runtime behaviors in each execution to tolerate against malware analyses and detections. For example, when malware copies itself on a file system, it can randomly determine its file name for avoiding the detections. Another example is that when malware tries to connect its command and control server, it randomly chooses a domain name from a hard-coded domain name list to avoid being blocked by a static blacklist of malicious domain names. We assume that such evasive behaviors are unnecessary for benign software. Therefore the behaviors can be the clues to distinguish malware from benign software. In this paper, we propose a novel behavior-based malware detection method which focuses attention on such characteristics. Our proposed method conducts dynamic analysis on an executable file multiple times in same sandbox environment so as to obtain plural lists of API call sequences and plural traffic logs, and then compares the lists and the logs to find the difference between the multiple executions. In the experiments with 5,697 malware samples and 819 benign software samples, we can detect about 70% malware samples and the false positive rate is about 1%. In addition, we can detect about 50% malware samples which were not detected by each Anti-Virus Software engine. Therefore we confirm the possibility the proposed method may be able to improve the accuracy of malware detection utilizing in combination with other existing methods.

This letter discusses with cryptanalysis with impossible differentials. After Biham et al. presented an attack on Skipjack, the applications to many ciphers were done, and we think that the attack is one of the most effective tool to cryptanalyze a block cipher. However, unfortunately, there is no construction method that provably resists the attack. This letter first introduces the measure that can evaluate the resistance against cryptanalysis with impossible differentials. Then, we propose a construction that resists cryptanalysis with impossible differentials. Moreover, a cipher that is based on the construction also provably resists differential cryptanalysis and linear cryptanalysis.

In this note we suggest a new parallelizable mode of operation for message authentication codes (MACs). The new MAC algorithm iterates a pseudo-random function (PRF) F_K:{0,1}^m → {0,1}ⁿ, where K is a key and m,n are positive integers such that m ≥ 2n. The new construction is an improvement over a sequential MAC algorithm presented at FSE2008, solving positively an open problem posed in the paper – the new mode is capable of fully parallel execution while achieving rate-1 efficiency and “full n-bit” security. Interestingly enough, PMAC-like parallel structure, rather than CBC-like serial iteration, has beneficial side effects on security. That is, the new construction is provided with a more straightforward security proof and with an even better (“-free”) security bound than the FSE 2008 construction.

At Eurocrypt'2006, Lu et al. proposed a pairing based verifiably encrypted signature scheme (the LOSSW-VES scheme) without random oracles. In this letter, we show that the LOSSW-VES scheme does not have opacity against rogue-key attacks.

In this letter, we point out that key substitution attacks should be taken into account for multisignature schemes, which implies that the existing security notions for multisignature schemes are not sufficient. As an example, we show that the multisignature scheme proposed by Boldyreva at PKC'03 is susceptible to key substitution attacks.

The present paper introduces a prototype design and experimental results for a multi-user MIMO linear precoding system. A base station and two mobile stations are implemented by taking full advantage of the software-defined radio. The base station consists of general purpose signal analyzers and signal generators controlled by a personal computer. Universal software radio peripherals are used as mobile stations. Linear spatial precoding and a simple two-way channel estimation technique are adopted in this experimental system. In-lab and field transmission experiments are carried out, and the bit error rate performance is evaluated. The impact of the channel estimation error under average channel gain discrepancy between two mobile stations is analyzed through computer simulations. Channel estimation error is shown to have a greater influence on the mobile station with the greater average channel gain.

Self-encoded spread spectrum (SESS) derives its spreading codes from the random information source rather than using traditional pseudo-random codes. It has been shown that the memory in SESS modulated signals not only can deliver a 3 dB gain in additive white Gaussian noise (AWGN) channels, but also can be exploited to achieve time diversity and robust bit-error rate (BER) performance in fading channels. In this paper, we propose an extension to SESS, namely coded-sequence self-encoded spread spectrum (CS-SESS), and show that it can further improve the BER performance. We describe the CS-SESS scheme and present the theoretical analysis and simulation results for AWGN and fading channels. Iterative detector is developed to exploit the inherent temporal diversity of CS-SESS modulation. The simulation results show that it can achieve the expected 4.7 dB gain with a complexity that increases linearly with the spreading sequence length under AWGN. In Rayleigh fading channel, it can effectively mitigate the fading effects by exploiting the overall diversity gain. Chip interleaving is shown to yield a performance improvement of around 4.7 dB when compared to an chip interleaved direct sequence spread spectrum (DSSS) system.

Ultra-Wide-Band (UWB) devices need detect and avoid techniques in order to avoid or reduce interference to primary systems whose spectra overlap bands of the UWB systems. Some avoidance techniques require a knowledge of signal level received from the primary systems to control the transmitted power. Thus, detection schemes have to accurately estimate the primary signal level using the observed signal includes an additive noise and to provide it for the avoidance schemes. In this paper, we propose a new method to estimate the Primary Signal to Noise Ratio (PSNR) for the detection scheme. Our proposed method uses the fast Fourier transform output of a Multi-Band Orthogonal Frequency Division Multiplexing system. We generate models based on whether the primary signals are present, estimate the PSNR using a maximum likelihood criterion in each model and obtain the PSNR estimate by selecting the most preferable model using an Akaike information criterion. The propose method does not need any a priori information of the primary signal and the additive noise. By computer simulations, we evaluate an accuracy of the PSNR estimation of the proposed method.

An ultra-wideband (UWB) system usually occupies a large frequency band, which may overlap with the spectrum of a narrow band system. The latter is referred to as a victim system. To effectively use frequency, a UWB system may create a notch in its spectrum to accommodate the victim signal for interference avoidance. Parameters of the notch such as the depth and the width of a notch need to be decided in accordance to victim systems. In this paper, we investigate the effective UWB avoidance by examining the suitable notch based on experimental evaluation. In the experiments, 3GPP LTE, Mobile WiMAX, as well as an IMT Advanced Test-bed are respectively employed to represent different types of victim systems. The UWB system is set up based on WiMedia specifications and operates at the UWB low band of 3.1–4.8 GHz. A notch is fabricated by nullifying the related subcarriers of the UWB signal. In addition, a filter or a window function is formed and employed to further smooth the notch. Bit error rate (BER) or packet error rate (PER) performances of victim systems are measured and used to evaluate the UWB interference. Our results show that when a notch is properly formed, the interference level introduced by UWB can be below the permitted level by regulations.

The paper presents capability of signal detection for realizing coexistence between broadband wireless access (BWA) systems and ultra wideband (UWB) devices. The capability is experimentally evaluated for baseband signals of downlink (DL) in both mobile WiMAX and 3GPP LTE. An UWB receiver based on fast Fourier transform (FFT) compliant with MB-OFDM standard is implemented as a detector of the BWA signals. The capability is evaluated in terms of elapsed time required to achieve signal detection with probability of 99% by the implemented FFT-based UWB receiver at different conditions of the receiver. Decisions on the signal detection are made by the simplest method which is by setting a threshold which is determined by noise floor of the receiver as reference. The experiments have been conducted though baseband signals for both AWGN and multipath fading channels without any synchronization between the DL signals and UWB receiver. In AWGN environment, results show that the elapsed time depends on the duty ratio of the DL signal to be detected, however, the correlation between the required time and duty ratio is not linear since their envelopes of the DL signals are not constant. In multipath fading environments based on channel models commonly employed as mobile radio environments, the required time for the signal detection becomes as 17 times longer than that in AWGN due to its signal attenuation. For robust signal detection in multipath fading environments, it has been revealed that the number of quantization bits at ADC is crucial through the experiments.

In OFDM systems, residual inter-block interference can be suppressed by a time-domain equalizer that blindly shortens the effective length of a channel impulse response. To further improve the performance of blind equalizers, we propose a channel shortening method that attempts to maximize the minimum FFT output power over data subcarriers. Simulation results indicate that the max-min strategy has performance improvement over a conventional channel shortening method.

A new peak-to-average power ratio (PAPR) reduction scheme for orthogonal frequency division multiplexing (OFDM) is proposed based on the discrete cosine transform (DCT) and discrete sine transform (DST) precodings. Since the DCT and DST precodings concentrate energy into a few components, the hybrid application of the precodings to the real and imaginary parts of mapping symbols can significantly reduce the PAPR. Simulations show that the proposed scheme achieves significantly low PAPR without degrading the bit error rate (BER) compared to existing precoding schemes.

Wireless power transfer research has been receiving a great deal of attention in recent years. In resonant-type wireless power transfer, energy is transferred via LC resonant circuits. However, system performance is dependent on the circuit components. To transfer power efficiently and safely, information, such as frequency, required power and element values, need to be transmitted reliably in the system. This paper investigates data communication using orthogonal frequency division multiplexing (OFDM) modulation in resonant-type wireless power transfer systems. The equivalent circuit used in the transmitting and receiving antennas is a band pass filter (BPF) and its bandwidth is evaluated through circuit simulations and experimental measurements. Numerical results obtained through computer simulation show that the bit error rate (BER) performance is affected by the splitting resonant frequency.

The Generalized cross-correlation (GCC) method is most commonly used for time delay estimation (TDE). However, the GCC method can result in false peak errors (FPEs) especially at a low signal to noise ratio (SNR). These FPEs significantly degrade TDE, since the estimation error, which is the difference between a true time delay and an estimated time delay, is larger than at least one sampling period. This paper introduces an algorithm that estimates two peaks for two cross-correlation functions using three types of signals such as a reference signal, a delayed signal, and a delayed signal with an additional time delay of half a sampling period. A peak selection algorithm is also proposed in order to identify which peak is closer to the true time delay using subsample TDE methods. This paper presents simulations that compare the algorithms' performance for varying amounts of noise and delay. The proposed algorithms can be seen to display better performance, in terms of the probability of the integer TDE errors, as well as the mean and standard deviation of absolute values of the time delay estimation errors.

With process technology scaling, a heat problem in ICs is becoming a serious issue. Since high temperature adversely impacts on reliability, design costs, and leakage power, it is necessary to incorporate thermal-aware synthesis into IC design flows. In particular, hot spots are serious concerns where a chip is locally too much heated and reducing the peak temperature inside a chip is very important. On the other hand, increasing the average interconnect delays is also becoming a serious issue. By using RDR architectures (Regular-Distributed-Register architectures), the interconnect delays can be easily estimated and their influence can be much reduced even in high-level synthesis. In this paper, we propose a thermal-aware high-level synthesis algorithm for RDR architectures. The RDR architecture divides the entire chip into islands and each island has uniform area. Our algorithm balances the energy consumption among islands through re-binding to functional units. By allocating some new additional functional units to vacant areas on islands, our algorithm further balances the energy consumption among islands and thus reduces the peak temperature. Experimental results demonstrate that our algorithm reduces the peak temperature by up to 9.1% compared with the conventional approach.

In this paper, we derive a fast polynomial basis multiplier for GF(2^m) defined by pentanomials x^m+x^k₃+x^k₂+x^k₁+1 with 1 ≤ k₁ < k₂ < k₃ ≤ m/2 using the presented method by Park and Chang. The proposed multiplier has the time delay T_A+(2+⌈log₂(m-1)⌉) T_X or T_A+(3+⌈log₂(m-1)⌉) T_X which is the lowest one compared with known multipliers for pentanomials except for special types, where T_A and T_X denote the delays of one AND gate and one XOR gate, respectively. On the other hand, its space complexity is very slightly greater than the best known results.

This paper proposes several improved Side-channel cube attacks (SCCAs) on PRESENT-80/128 under single bit leakage model. Assuming the leakage is in the output of round 3 as in previous work, we discover new results of SCCA on PRESENT. Then an enhanced SCCA is proposed to extract key related non-linear equations. 64-bit key for both PRESENT-80 and 128 can be obtained. To mount more effective attack, we utilize the leakage in round 4 and enhance SCCA in two ways. A partitioning scheme is proposed to handle huge polynomials, and an iterative scheme is proposed to extract more key bits. With these enhanced techniques, the master key search space can be reduced to 2⁸ for PRESENT-80 and to 2²⁹ for PRESENT-128.

We investigate the visibility of scrolling text presented nearby a dynamically moving image. In two experiments, we evaluate the subjective speed and readability of scrolled fake addresses presented immediately above a moving grating pattern that covers a large part of the visual field. The drift speed and direction of the grating were controlled to reveal the visibility of the text. The results show that the scrolling addresses exhibited slower subjective speed and better readability when the grating moved in the same direction as the scrolling addresses. On the contrary, faster subjective speed and worse readability of the scrolling addresses were raised by the grating moving in the opposite direction. The strength of these effects was dependent on the speed difference between the scrolling addresses and the grating. These results suggest that the visibility of the scrolling text, assessed in terms of subjective speed and readability, strongly depends on nearby moving images.

In this paper, we study decentralized supervisory control of timed discrete event systems, where we adopt the OR rule for fusing local enablement decisions and the AND rule for fusing local enforcement decisions. Under these rules, necessary and sufficient conditions for the existence of a decentralized supervisor that achieves a given specification language are easily obtained from the result of literature. If a given specification language does not satisfy these existence conditions, we must compute its sublanguage satisfying them. The main contribution of this paper is proposing a method for computing such a sublanguage.

This letter describes the design methodology for reduced reconfigurable logic circuits based on double gate carbon nanotube field effect transistors (DG-CNTFETs) with ambipolar propoerty. Ambipolar Binary Decision Diagram (Am-BDD) which represents the cornerstone for automatic pass transistor logic (PTL) synthesis flows of ambipolar devices was utilized to build DG-CNTFET based n-input reconfigurable cells in the conventional approach. The proposed method can reduce the number of ambipolar devices for 2-inputs reconfigurable cells, incorporating the simple Boolean algebra in the Am-BDD compared with the conventional approach. As a result, the static 2-inputs reconfigurable circuit with 16 logic functions can be synthesized by using 8 DG-CNTFETs although the previous design method needed 12 DG-CNTFETs for the same purpose.

Because of the algebraic attacks, a high algebraic immunity is now an important criteria for Boolean functions used in stream ciphers. In 2011, X.Y. Zeng et al. proposed three constructions of balanced Boolean functions with maximum algebraic immunity, the constructions are based on univariate polynomial representation of Boolean functions. In this paper, we will improve X.Y. Zeng et al.' constructions to obtain more even-variable Boolean functions with maximum algebraic immunity. It is checked that, our new functions can have as high nonlinearity as X.Y. Zeng et al.' functions.

In this letter we propose a new Whiteman generalized cyclotomic sequence of order 4. Meanwhile, we determine its linear complexity and minimal polynomial. The results show that this sequence possesses both high linear complexity and optimal balance on 1 s and 0 s, which may be attractive for cryptographic applications.

This letter presents a framework, including two constructions, for yielding several types of sequences with optimal autocorrelation properties. Only by simply choosing proper coefficients in constructions and optimal known sequences, two constructions transform the chosen sequences into optimally required ones with two or four times periods as long as the original sequences', respectively. These two constructions result in binary and quaternary sequences with optimal autocorrelation values (OAVs), perfect QPSK+ sequences, and multilevel perfect sequences, depending on choices of the known sequences employed. In addition, Construction 2 is a generalization of Construction B in [5] so that the number of distinct sequences from the former is larger than the one from the latter.

In this letter, a low complexity decoder for non-binary low-density parity-check (LDPC) codes in a multiple-input and multiple-output (MIMO) channel is proposed employing Quasi-orthogonal space-time block code (QOSTBC). The complexity of the proposed decoding algorithm involved grows linearly with the number of transmit antennas and order of Galois Field.

A construction of shift sequence sets is proposed. Multiple distinct shift sequence sets are obtained by changing the parameters of the shift sequences. The shift sequences satisfy the conditions that P|L and P ≥ 2, where P is the length of the shift sequences, L is the length of the zero-correlation zone or low-correlation zone (ZCZ/LCZ). Then based on these shift sequence sets, many shift distinct ZCZ/LCZ sequence sets are constructed by using interleaving technique and complex Hadamard matrices. Furthermore, the new construction is optimal under the conditions proposed in this paper. Compared with previous constructions, the proposed construction extends the number of shift distinct ZCZ/LCZ sequence sets, so that more sequence sets are obtained for multi-cell quasi-synchronous code-division multiple access (QS-CDMA) systems.

This paper identifies a ripple effect problem (REP) that spreads interference to neighbors and proposes a novel channel localization mechanism to decrease the REP in a Wi-Fi system. The proposed mechanism has less blocking probability when compared to a random channel allocation mechanism and also has increased channel reusability. The proposed mechanism in simulation yields less channels B_Em as the number of users and T_used increase.

In this letter, we propose a innovative threshold receiver for MIMO-OFDM system. The proposed scheme calculates the channel condition number and then selects either combined V algorithm and CLLL or combined QRD-M and DFE detection scheme according to channel information. The complexity of the proposed scheme is about 33.3% of the QRD-M for 44 MIMO-OFDM system.

A new paradigm for building Virtual Controller Model (VCM) for traffic flow simulator is developed. It is based on flight plan data and is applied to Traffic Flow Management System (TFMS) in China. The problem of interest is focused on the sectors of airspace and how restrictions to aircraft movement are applied by air traffic controllers and demand overages or capacity shortfalls in sectors of airspace. To estimate and assess the balance between the traffic flow and the capacity of sector in future, we apply Virtual Controller model, which models by the sectors airspace system and its capacity constraints. Numerical results are presented and illustrated by applying them to air traffic data for a typical day in the Traffic Flow Management System. The results show that the predictive capabilities of the model are successfully validated by showing a comparison between real flow data and simulated sector flow, making this method appropriate for traffic flow management system.

Existing salient object detection methods either simply use a threshold to detect desired salient objects from saliency map or search the most promising rectangular window covering salient objects on the saliency map. There are two problems in the existing methods: 1) The performance of threshold-dependent methods depends on a threshold selection and it is difficult to select an appropriate threshold value. 2) The rectangular window not only covers the salient object but also contains background pixels, which leads to imprecise salient object detection. For solving these problems, a novel saliency threshold-free method for detecting the salient object with a well-defined boundary is proposed in this paper. We propose a novel window search algorithm to locate a rectangular window on our saliency map, which contains as many as possible pixels belonging the salient object and as few as possible background pixels. Once the window is determined, GrabCut is applied to extract salient object with a well-defined boundary. Compared with existing methods, our approach doesn't need any threshold to binarize the saliency map and additional operations. Experimental results show that our approach outperforms 4 state-of-the-art salient object detection methods, yielding higher precision and better F-Measure.