Space-time block code (STBC) with complex orthogonal designs achieves full diversity with a simple maximum-likelihood (ML) decoding, however, do not achieve a full transmission rate for more than two antennas. To attain a higher transmission rate, STBC with quasi-orthogonal designs were proposed, whereas there are interference terms caused by relaxing the orthogonality. It has an impact on decoding complexity because a receiver needs to decode two symbols at a time. Moreover, QO-STBC does not achieve full diversity. In this paper, we propose a scheme which makes possible to decode symbols one by one, and two schemes which gain full transmission diversity by upsetting the balance of the transmit power and rotating constellation.

Cooperative wireless communication is a communication mechanism to attain diversity through virtual antenna array that is formed by sharing resources among different users. Different strategies of resource utilization such as amplify-and-forward (AF) and decode-and-forward (DF) already exist in cooperative networks. Although the implementation of these strategies is simple, their utilization of the channel state information (CSI) is generally poor. As a result, the outage and bit error rate (BER) performances need much more improvement in order to satisfy the upcoming high data rate demands. For that to happen the spectral efficiency supported by a wireless system at a very low outage probability should be increased. In this paper a new approach, based on the previously existing ones, called CSI directed estimate and forward (CDEF) with a reduced estimation domain is proposed. A closed form solution for the optimal signal estimation at the relay using minimum mean square error (MMSE) as well as a possible set reduction of the estimation domain is given. It will be shown that this new strategy attains better symbol error rate (SER) and outage performance than AF or DF when the source relay link is comparatively better than the relay destination link. Simulation results also show that it has got better spectral efficiency at low outage probability for a given signal to noise ratio (SNR) as well as for a fixed outage probability in any operating SNR range.

This paper investigates the average block error rate (BLER) performance of star 16QAM schemes considering the effective peak-to-average power ratio (PAPR) criterion called a cubic metric (CM) for uplink discrete Fourier transform (DFT)-precoded orthogonal frequency division multiple access (OFDMA). We clarify the best ring amplitude ratio for the (4, 12) and (8, 8) star 16QAM schemes from the viewpoint of the required average signal-to-noise power ratio (SNR) that satisfy the target average BLER based on link-level simulations. We also validate the agreement of the best ring amplitude ratios with those maximizing the mutual information based throughput. Then, employing the best ring amplitude ratios for the respective coding rates of the turbo code, we show that (8, 8) star 16QAM achieves better average BLER performance compared to that for (4, 12) star 16QAM. Moreover, we show the effectiveness of the (8, 8) star 16QAM scheme compared to square 16QAM in terms of the required average received SNR considering the CM when the coding rate is low such as 1/3 for uplink DFT-precoded OFDMA.

This paper presents frequency diversity effects of localized transmission, clustered transmission, and intra-subframe frequency hopping (FH) using a frequency domain equalizer (FDE) for discrete Fourier transform (DFT)-precoded Orthogonal Frequency Division Multiple Access (OFDMA). In the evaluations, we employ the normalized frequency mean square covariance (NFMSV) as a measure of the frequency diversity effect, i.e., randomization level of the frequency domain interleaving associated with turbo coding. Link-level computer simulation results show that frequency diversity is very effective in decreasing the required average received signal-to-noise power ratio (SNR) at the target average block error rate (BLER) using a linear minimum mean-square error (LMMSE) based FDE according to the increase in the entire transmission bandwidth for DFT-precoded OFDMA. Moreover, we show that the NFMSV is an accurate measure of the frequency diversity effect for the 3 transmission schemes for DFT-precoded OFDMA. We also clarify the frequency diversity effects of the 3 transmission schemes from the viewpoint of the required average received SNR satisfying the target average BLER for the various key radio parameters for DFT-precoded OFDMA in frequency-selective Rayleigh fading channels.

In this paper, a priority control problem between uplink and downlink flows in IEEE 802.11 wireless LANs is considered. The minimum contention window size (CWmin) has a nonnegative integer value. CWmin control scheme is one of the solutions for priority control to achieve the fairness between links. However, it has the problem that CWmin control scheme cannot achieve precise priority control when the CWmin values become small. As the solution of this problem, this paper proposes a new CWmin control method called a virtual continuous CWmin control (VCCC) scheme. The key concept of this method is that it involves the use of small and large CWmin values probabilistically. The proposed scheme realizes the expected value of CWmin as a nonnegative real number and solves the precise priority control problem. Moreover, we proposed a theoretical analysis model for the proposed VCCC scheme. Computer simulation results show that the proposed scheme improves the throughput performance and achieves fairness between the uplink and the downlink flows in an infrastructure mode of the IEEE 802.11 based wireless LAN. Throughput of the proposed scheme is 31% higher than that of a conventional scheme when the number of wireless stations is 18. The difference between the theoretical analysis results and computer simulation results of the throughput is within 1% when the number of STAs is less than 10.

We theoretically study the performance of multiple-input multiple-output (MIMO) free-space optical (FSO) systems using subcarrier quadrature modulation (SC-QAM) signaling. The system average symbol-error rate (ASER) is derived taking into account the atmospheric turbulence effects on the MIMO/FSO channel, which is modeled by log-normal and the gamma-gamma distributions for weak and moderate-to-strong turbulence conditions. We quantitatively discuss the influence of index of refraction structure parameter, link distance, and different MIMO configurations on the system ASER. We also analytically derive and discuss the MIMO/FSO average (ergodic) channel capacity (ACC), which is expressed in terms of average spectral efficiency (ASE), under the impact of various channel conditions. Monte Carlo simulations are also performed to validate the mathematical analysis, and a good agreement between numerical and simulation results is confirmed.

Multiple access (MA) technology is of most importance for beyond long term evolution (LTE) system. Non-orthogonal multiple access (NOMA) utilizing power domain and advanced receiver has been considered as a candidate MA technology recently. In this paper, power assignment method, which plays a key role in performance of NOMA, is investigated. The power assignment on the basis of maximizing geometric mean user throughput requires exhaustive search and thus has an unacceptable computational complexity for practical systems. To solve this problem, a novel power assignment method is proposed by exploiting tree search and characteristic of serial interference cancellation (SIC) receiver. The proposed method achieves the same performance as the exhaustive search while greatly reduces the computational complexity. On the basis of the proposed power assignment method, the performance of NOMA is investigated by link-level and system-level simulations in order to provide insight into suitability of using NOMA for future MA. Simulation results verify effectiveness of the proposed power assignment method and show NOMA is a very promising MA technology for beyond LTE system.

This paper considers coordinated linear precoding for rate optimization in downlink multicell, multiuser orthogonal frequency-division multiple access networks. We focus on two different design criteria. In the first, the weighted sum-rate is maximized under transmit power constraints per base station. In the second, we minimize the total transmit power satisfying the signal-to-interference-plus-noise-ratio constraints of the subcarriers per cell. Both problems are solved using standard conic optimization packages. A less complex, fast, and provably convergent algorithm that maximizes the weighted sum-rate with per-cell transmit power constraints is formulated. We approximate the non-convex weighted sum-rate maximization (WSRM) problem with a solvable convex form by means of a sequential parametric convex approximation approach. The second-order cone formulations of an objective function and the constraints of the optimization problem are derived through a proper change of variables, first-order linear approximation, and hyperbolic constraints transformation. This algorithm converges to the suboptimal solution while taking fewer iterations in comparison to other known iterative WSRM algorithms. Numerical results are presented to demonstrate the effectiveness and superiority of the proposed algorithm.

To improve the data rate in OFDMA-based wireless networks, Carrier Aggregation (CA) technology has been included in the LTE-Advanced standard. Different Carrier Component (CC) capacities of users under the same eNodeB (eNB, i.e. Base Station) make it challenging to allocate resources with CA. In this paper, we jointly consider CC and Resource Block (RB) assignments, and power allocation to achieve proportional fairness in the long term. The goal of the problem is to maximize the overall throughput with fairness consideration. We consider a more general CC assignment framework that each User Equipment (UE) (i.e. Mobile Station) can support any number of CCs. Furthermore, we have proved the problem is NP-hard, even if power is equally allocated to RBs. Thus, first an optimal RB assignment and power allocation algorithm is proposed and then a carrier aggregation enabled joint resource allocation algorithm called CARA is proposed. By jointly considering CC and RB assignments, and power allocation, the proposed approach can achieve better performance. Simulation results show the proposed algorithm can significantly improve performance, e.g., total throughput compared with the existing algorithm.

An amplitude shift keying transmitter and receiver chipset with low power consumption using 40nm CMOS technology for wireless communication systems is described, in which a maximum data rate of 10Gbps and power consumption of 98.4mW are obtained with a carrier frequency of 135GHz. A simple circuit and a modulation method to reduce power consumption are selected for the chipsets. To realize multi-gigabit wireless communication, the receiver is designed considering the group delay optimization. In the receiver design, the low-noise amplifier and detector are designed considering the total optimization of the gain and group delay in the millimeter-wave modulated signal region.

This paper presents an experimental study of on-body ultra-wideband (UWB) radio propagation channels within an enclosed space. To facilitate high-speed wireless body area networks, UWB is a promising technology because of its low power consumption and anti-multipath capabilities. The motivation of this study is to examine the effects of nearby humans on the UWB channels by varying the population within an elevator cabin from one (subject alone) to 20 (full capacity of the elevator). The first domain (0 < delay, t ≤ 4ns) in the measured delay profiles was either a direct (for line-of-sight) or diffracted (for non-line-of-sight) wave, which was found almost unrelated to the population; whereas the second domain (t > 4ns) highly depended on it. Total received power and delay spreads decreased with increasing the population. In addition, by varying human population, average power delay profiles were modeled based on measurements.

In this paper, we present a fully integrated single conversion front-end for a satellite low-noise block down-converter (LNB), focusing on a Ku-band noise-canceling radio frequency amplifier (RF-AMP) and an L-band intermediate frequency variable-gain amplifier (IF-VGA). LNB, which is set on a satellite dish antenna, converts the satellite signal in Ku-band (10.7GHz to 12.75GHz) to L-band (950MHz to 2150MHz). To obtain a lower noise figure (NF) at the high frequency, we implemented a wideband noise-canceling RF-AMP with an LC ladder filter. Furthermore, we implemented a current-reusing RF-AMP and mixer for lower current consumption. The IF-VGA has a constant output third-order intercept point (OIP3) for various gains thanks to a digital control of the gate width in the transconductor stage. We fabricated a single conversion front-end IC using a 1P5M 130-nm RF-CMOS process and achieved NF of 9dB and a constant OIP3 of 11dBm for various gains. The current consumption was 27mA at a 2.8-V supply voltage.

This paper presents indoor experimental results on 4-by-2 multi-user (MU)-MIMO transmission with carrier aggregation (90-MHz bandwidth) achieving real-time 1-Gbps data transmission using adaptive modulation and coding (AMC) in the LTE-Advanced downlink employing OFDMA radio access. In the experiments, eigenvalue decomposition (EVD)-based channel state information (CSI) feedback based on subband unit for MU-MIMO operation and inter-user interference whitening filter applied before maximum likelihood detection (MLD) are employed to achieve such a high data rate with realistic numbers of transmitter and receiver antennas. The indoor experiments are conducted in a conference room under line-of-sight conditions with multiple reflected waves where one mobile station (MS) travels at walking speed and the other MS is static. The experimental results show that the total throughput for the 2 MSs is greater than 1Gbps at the average received signal-to-interference plus noise power ratio (SINR) of approximately 25 and 17dB for the first and second streams of each MS, respectively, when the moving speed is up to approximately 1km/h. The results also show that a centralized transmitter antenna arrangement is more effective in order to achieve a high data rate such as 1Gbps compared to a distributed antenna arrangement for the measurement environment.

CLEFIA is a 128-bit block cipher proposed by Shirai et al. at FSE2007. It has been reported that CLEFIA has a 9-round saturation characteristic, in which 32bits of the output of 9-th round 112-th order differential equals to zero. By using this characteristic, a 14-round CLEFIA with 256-bit secret key is attacked with 2¹¹³ blocks of chosen plaintext and 2^244.5 times of data encryption. In this paper, we focused on a higher order differential of CLEFIA. This paper introduces two new concepts for higher order differential which are control transform for the input and observation transform for the output. With these concepts, we found a new 6-round saturation characteristic, in which 24bits of the output of 6-th round 9-th order differential equals to zero. We also show a new 9-round saturation characteristic using 105-th order differential which is a 3-round extension of the 6-round one. If we use it, instead of 112-th order differential, using the meet-in-the-middle attack technique for higher order differential table, the data and computational complexity for the attack to 14-round CLEFIA can be reduced to around 2^-5, 2^-34 of the conventional attack, respectively.

The current paper presents an integral cryptanalysis in the single-key setting against light-weight block-cipher LBlock reduced to 22 rounds. Our attack uses the same 15-round integral distinguisher as the previous attacks, but many techniques are taken into consideration in order to achieve comprehensive understanding of the attack; choosing the best balanced-byte position, meet-in-the-middle technique to identify right key candidates, partial-sum technique, relations among subkeys, and combination of the exhaustive search with the integral analysis. Our results indicate that the integral cryptanalysis is particularly useful for LBlock like structures. At the end of this paper, which factor makes the LBlock structure weak against the integral cryptanalysis is discussed. Because designing light-weight cryptographic primitives is an actively discussed topic, we believe that this paper returns some useful feedback to future designs.

After the disclosure of the RC4 algorithm in 1994, a number of keystream biases of RC4 were reported, e.g., Mantin and Shamir showed that the second byte of the keystream is biased to 0, Sepehrdad et al. found that the l-th byte of the keystream is biased to -l, and Maitra et al. showed that 3rd to 255th bytes of the keystream are also biased to 0, where l is the keylength in byte. However, it is unknown that which bias is strongest in each byte of initial bytes. This paper comprehensively analyzes initial keystream biases of RC4. In particular, we introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases. Combining the new biases with the known ones, a complete list of strongest single-byte biases in the first 257bytes of the RC4 keystream is constructed for the first time. Then, we show that our set of these biases are applicable to plaintext recovery attacks, key recovery attacks and distinguishing attacks.

Recently nonlinear feedback shift registers (NFSRs) have frequently been used as basic building blocks for stream ciphers. A major problem concerning NFSRs is to construct NFSRs which generate de Bruijn sequences, namely maximum period sequences. In this paper, we present a new necessary condition for NFSRs to generate de Bruijn sequences. The new condition can not be deduced from the previously proposed necessary conditions. It is shown that the number of NFSRs whose feedback functions satisfy all the previous necessary conditions but not the new one is very large.

This paper presents a chosen-IV (Initial Vector) correlation power analysis on the international standard stream cipher KCipher-2 together with an effective countermeasure. First, we describe a power analysis technique which can reveal the secret key (initial key) of KCipher-2 and then evaluate the validity of the CPA with experiments using both FPGA and ASIC implementations of KCipher-2 processors. This paper also proposes a masking-based countermeasure against the CPA. The concept of the proposed countermeasure is to mask intermediate data which pass through the non-linear function part including integer addition, substitution functions, and internal registers L1 and L2. We design two types of masked integer adders and two types of masked substitution circuits in order to minimize circuit area and delay, respectively. The effectiveness of the countermeasure is demonstrated through an experiment on the same FPGA platform. The performance of the proposed method is evaluated through the ASIC fabricated by TSMC 65nm CMOS process technology. In comparison with the conventional design, the design with the countermeasure can be achieved by the area increase of 1.6 times at most.

This paper presents two types of cryptanalysis on a Merkle-Damgård hash based MAC, which computes a MAC value of a message M by Hash(K||l||M) with a shared key K and the message length l. This construction is often called LPMAC. Firstly, we present a distinguishing-H attack against LPMAC instantiated with any narrow-pipe Merkle-Damgård hash function with O(2^n/2) queries, which indicates the incorrectness of the widely believed assumption that LPMAC instantiated with a secure hash function should resist the distinguishing-H attack up to 2ⁿ queries. In fact, all of the previous distinguishing-H attacks considered dedicated attacks depending on the underlying hash algorithm, and most of the cases, reduced rounds were attacked with a complexity between 2^n/2 and 2ⁿ. Because it works in generic, our attack updates these results, namely full rounds are attacked with O(2^n/2) complexity. Secondly, we show that an even stronger attack, which is a powerful form of an almost universal forgery attack, can be performed on LPMAC. In this setting, attackers can modify the first several message-blocks of a given message and aim to recover an internal state and forge the MAC value. For any narrow-pipe Merkle-Damgård hash function, our attack can be performed with O(2^n/2) queries. These results show that the length prepending scheme is not enough to achieve a secure MAC.

This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs. For such a compression function, we observe that second-order differential paths will be constructed by finding a sub-path in each branch independently. This leads to 4-sum attacks on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. Then new properties called a (partial) 2-dimension sum and a q-multi-second-order collision are considered. The partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with complexities of 2³⁵ and 2³⁶, respectively. Theoretically, the 2-dimension sum is generated faster than the brute force attack up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with complexities of 2¹⁰¹ and 2¹⁵⁸, respectively. The results on RIPEMD-128 can also be viewed as q-multi-second-order collision attacks. The practical attacks have been implemented and examples are presented. We stress that our results do not impact to the security of full RIPEMD-128 and RIPEMD-160 hash functions.

Recently, there have been many studies on constructing cryptographic primitives that are secure even if some secret information leaks. In this paper, we consider the problem of constructing public-key encryption schemes that are resilient to leaking the randomness used in the encryption algorithm. In particular, we consider the case in which public-key encryption schemes are constructed from the KEM/DEM framework, and the leakage of randomness in the encryption algorithms of KEM and DEM occurs independently. For this purpose, we define a new security notion for KEM. Then we provide a generic construction of a public-key encryption scheme that is resilient to randomness leakage from any KEM scheme satisfying this security. Also we construct a KEM scheme that satisfies the security from hash proof systems.

The notion of pseudo-free groups was first introduced and formalized by Hohenberger and Rivest in order to unify cryptographic assumptions. Catalano, Fiore and Warinschi proposed a generalized notion called adaptive pseudo-free groups, and showed that the RSA group $Z_N^ imes$ is adaptive pseudo-free with some specific parametric distribution under the strong RSA assumption. In this paper, we develop an alternative parametric distribution and show that the RSA group $Z_N^ imes$ is adaptive pseudo-free with the parametric distribution under the RSA assumption rather than the strong RSA assumption.

Verifiable random functions (VRF), proposed in 1999, and selectively convertible undeniable signature (SCUS) schemes, proposed in 1990, are apparently thought as independent primitives in the literature. In this paper, we show that they are tightly related in the following sense: VRF is exactly SCUS; and the reverse also holds true under a condition. This directly yields several deterministic SCUS schemes based on existing VRF constructions. In addition, we create a new probabilistic SCUS scheme, which is very compact. We build efficient confirmation and disavowal protocols for the proposed SCUS schemes, based on what we call zero-knowledge protocols for generalized DDH and non-DDH. These zero-knowledge protocols are built either sequential, concurrent, or universally composable.

We present the relationship between privacy definitions for Radio Frequency Identification (RFID) authentication protocols. The security model is necessary for ensuring security or privacy, but many researchers present different privacy concepts for RFID authentication and the technical relationship among them is unclear. We reconsider the zero-knowledge based privacy proposed by Deng et al. at ESORICS 2010 and show that this privacy is equivalent to indistinguishability based privacy proposed by Juels and Weis. We also provide the implication and separation between these privacy definitions and the simulation based privacy proposed by Paise and Vaudenay at AsiaCCS 2008 based on the public verifiability of the communication message.

The security of pairing-based cryptosystems is determined by the difficulty of solving the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the η_T pairing over supersingular curves on finite fields of characteristic 3. Indeed many high-speed implementations of this pairing have been reported, and it is an attractive candidate for practical deployment of pairing-based cryptosystems. Since the embedding degree of the η_T pairing is 6, we deal with the difficulty of solving a DLP over the finite field GF(3⁶ⁿ), where the function field sieve (FFS) is known as the asymptotically fastest algorithm of solving it. Moreover, several efficient algorithms are employed for implementation of the FFS, such as the large prime variation. In this paper, we estimate the time complexity of solving the DLP for the extension degrees n=97, 163, 193, 239, 313, 353, and 509, when we use the improved FFS. To accomplish our aim, we present several new computable estimation formulas to compute the explicit number of special polynomials used in the improved FFS. Our estimation contributes to the evaluation for the key length of pairing-based cryptosystems using the η_T pairing.

Multivariate Public Key Cryptosystems (MPKC) are candidates for post-quantum cryptography. Rainbow is a digital signature scheme in MPKC, whose signature generation and verification are relatively efficient. However, the security of MPKC depends on the difficulty in solving a system of multivariate polynomials, and the key length of MPKC becomes substantially large compared with that of RSA cryptosystems for the same level of security. The size of the secret and public keys in MPKC has been reduced in previous research. The NC-Rainbow is a signature scheme in MPKC, which was proposed in order to reduce the size of secret key of Rainbow. So far, several attacks against NC-Rainbow have been proposed. In this paper, we summarize attacks against NC-Rainbow, containing attacks against the original Rainbow, and analyze the total security of NC-Rainbow. Based on the cryptanalysis, we estimate the security parameter of NC-Rainbow at the several security level.

PEiD is a packer identification tool widely used for malware analysis but its accuracy is becoming lower and lower recently. There exist two major reasons for that. The first is that PEiD does not provide a way to create signatures, though it adopts a signature-based approach. We need to create signatures manually, and it is difficult to catch up with packers created or upgraded rapidly. The second is that PEiD utilizes exact matching. If a signature contains any error, PEiD cannot identify the packer that corresponds to the signature. In this paper, we propose a new automated packer identification method to overcome the limitations of PEiD and report the results of our numerical study. Our method applies string-kernel-based support vector machine (SVM): it can measure the similarity between packed programs without our operations such as manually creating signature and it provides some error tolerant mechanism that can significantly reduce detection failure caused by minor signature violations. In addition, we use the byte sequence starting from the entry point of a packed program as a packer's feature given to SVM. That is, our method combines the advantages from signature-based approach and machine learning (ML) based approach. The numerical results on 3902 samples with 26 packer classes and 3 unpacked (not-packed) classes shows that our method achieves a high accuracy of 99.46% outperforming PEiD and an existing ML-based method that Sun et al. have proposed.

In this paper we propose a unified coprocessor architecture that, by using a Glitch PUF and a block cipher, efficiently unifies necessary functions for secure key storage and challenge-response authentication. Based on the fact that a Glitch PUF uses a random logic for the purpose of generating glitches, the proposed architecture is designed around a block cipher circuit such that its round functions can be shared with a Glitch PUF as a random logic. As a concrete example, a circuit structure using a Glitch PUF and an AES circuit is presented, and evaluation results for its implementation on FPGA are provided. In addition, a physical random number generator using the same circuit is proposed. Evaluation results by the two major test suites for randomness, NIST SP 800-22 and Diehard, are provided, proving that the physical random number generator passes the test suites.

In modern hardware security applications, silicon physical unclonable functions (PUFs) are of interest for their potential use as a unique identity or secret key that is generated from inherent characteristics caused by process variations. However, arbiter-based PUFs utilizing the relative delay-time difference between equivalent paths have a security issue in which the generated challenge-response pairs (CRPs) can be predicted by a machine learning attack. We previously proposed the RG-DTM PUF, in which a response is decided from divided time domains allocated to response 0 or 1, to improve the uniqueness of the conventional arbiter-PUF in a small circuit. However, its resistance against machine learning attacks has not yet been studied. In this paper, we evaluate the resistance against machine learning attacks by using a support vector machine (SVM) and logistic regression (LR) in both simulations and measurements and compare the RG-DTM PUF with the conventional arbiter-PUF and with the XOR arbiter-PUF, which strengthens the resistance by using XORing output from multiple arbiter-PUFs. In numerical simulations, prediction rates using both SVM and LR were above 90% within 1,000 training CRPs on the arbiter-PUF. The machine learning attack using the SVM could never predict responses on the XOR arbiter-PUF with over six arbiter-PUFs, whereas the prediction rate eventually reached 95% using the LR and many training CRPs. On the RG-DTM PUF, when the division number of the time domains was over eight, the prediction rates using the SVM were equal to the probability by guess. The machine learning attack using LR has the potential to predict responses, although an adversary would need to steal a significant amount of CRPs. However, the resistance can exponentially be strengthened with an increase in the division number, just like with the XOR arbiter-PUF. Over one million CRPs are required to attack the 16-divided RG-DTM PUF. Differences between the RG-DTM PUF and the XOR arbiter-PUF relate to the area penalty and the power penalty. Specifically, the XOR arbiter-PUF has to make up for resistance against machine learning attacks by increasing the circuit area, while the RG-DTM PUF is resistant against machine learning attacks with less area penalty and power penalty since only capacitors are added to the conventional arbiter-PUF. We also attacked RG-DTM PUF chips, which were fabricated with 0.18-µm CMOS technology, to evaluate the effect of physical variations and unstable responses. The resistance against machine learning attacks was related to the delay-time difference distribution, but unstable responses had little influence on the attack results.

In this paper, a new digital true random number generator based on Cross Feedback Ring Oscillators (CFRO) is proposed. The random sources of CFRO lie in delay variations (jitter), unpredictable transition behaviors as well as metastability. The CFRO is proved to be truly random by restarting from the same initial states. Compared with the so-called Fibonacci Ring Oscillator (FIRO) and Galois Ring Oscillator (GARO), the CFRO needs less than half of their time to accumulate relatively high entropy and enable extraction of one random bit. Only a simple XOR corrector is used to reduce the bias of output sequences. TRNG based on CFRO can be run continuously at a constant high speed of 150Mbps. For higher security, the TRNG can be set in stateless mode at a cost of slower speed of 10Mbps. The total logical resources used are relatively small and no special placement and routing is needed. The TRNG both in continuous mode and in stateless mode can pass the NIST tests and the DIEHARD tests.

CLEFIA is a 128-bit block cipher proposed by Shirai et al. at FSE 2007, and it was selected as several standards. CLEFIA adopts a generalized Feistel structure with the switching diffusion mechanism, which realizes a compact hardware implementation for CLEFIA, and it seems one of the promising candidates to be used for restricted environments, which require that a cryptographic primitive is versatile. It means that we need to evaluate the security of CLEFIA even for unusual scenario such as known-key scenario. As Knudsen and Rijmen did for 7-round AES at Asiacrypt 2007, we construct 17-round known-key distinguisher using two integral characteristics. To combine the 17-round known-key distinguisher with the standard subkey recovery technique for a secret-key scenario, we can construct a known-key distinguisher for full CLEFIA-128 from a random permutation under the framework of middletext distinguisher proposed by Minier et al. at Africacrypt 2009. The known-key distinguisher requires query of 2¹¹² texts, time complexity of 2¹¹², and memory complexity of 2³ blocks, with the advantage of e^-1, where e is the base of the natural logarithm. Note that there is no practical impact on the security of CLEFIA-128 for the current usages, since the result can only work under the known-key setting and data used by the adversary are enormous and needs a special form.

In TCC2010, Lyubashevsky et al. proposed a public-key cryptosystem provably as secure as subset sum problem which will be referred to as LPS scheme. This fact gave an impact at the study of the knapsack schemes. However, this scheme seems to be very weak in practical use. In this paper, we propose an attack against LPS scheme by converting from the problem of computing the secret key into a low-density subset sum problem. Moreover, we confirm the effectiveness of the proposed attack with the computer experiment by using the conventional low-density attack proposed Coster et al. This result means that even a scheme with the provable security does not always have the practical security.

We implemented a scalar multiplication method over elliptic curves using division polynomials. We adapt an algorithm for computing elliptic nets proposed by Stange. According to our experimental results, the scalar multiplication method using division polynomials is faster than the binary method in an affine coordinate system.

Recently, return-oriented programming (ROP) attacks have been rapidly increasing. In this letter, we introduce a fast and space-efficient defense technique, called zero-sum defender, that can respond against general ROP attacks. Our technique generates additional codes, at compile time, just before return instructions to check whether the execution has been abused by ROP attacks. We achieve very low runtime overhead with very small increase in file size. In our experimental results, performance overhead is 1.7%, and file size overhead is 4.5%.

This paper describes low-power dynamic multiple-input and multiple-output (MIMO) detection for a 4×4 MIMO-orthogonal frequency-division multiplexing (MIMO-OFDM) receiver. MIMO-OFDM systems achieve high-speed and large capacity communications. However, they impose high computational cost in MIMO detection when separating spatially multiplexed signals and they consume vast amounts of power. We propose low-power dynamic MIMO detection that controls detection speed according to wireless environments. The power consumption is reduced by dynamic voltage and frequency scaling (DVFS) that controls the operating voltage and clock frequency in the MIMO detector. We implemented dynamic MIMO detection in a pipelined minimum mean square error (MMSE) MIMO detector that we developed in our previous work. A power saving of 92% was achieved under lowest clock frequency mode conditions.

We first find simple characterizations of $rac{1}{N} mathbb{Z}$-invariance of arbitrary principal shift-invariant space $V(phi)$. Then we find several equivalent conditions for $V(phi)$ to admit periodic oversampling for a class of continuous frame generators $phi$. In particular, when $phi$ is band-limited and $hat{phi}$ is piecewise continuous, we find very simple and general sufficient conditions for $V(phi)$ to admit periodic oversampling, which involve the extra invariance of $V(phi)$, together with an illustrating example.

In signal restoration problems, we expect to improve the restoration performance with a priori information about unknown target signals. In this paper, the parametric Wiener filter with linear constraints for unknown target signals is discussed. Since the parametric Wiener filter is usually defined as the minimizer of the criterion not for the unknown target signal but for the filter, it is difficult to impose constraints for the unknown target signal in the criterion. To overcome this difficulty, we introduce a criterion for the parametric Wiener filter defined for the unknown target signal whose minimizer is equivalent to the solution obtained by the original formulation. On the basis of the newly obtained criterion, we derive a closed-form solution for the parametric Wiener filter with linear constraints.

A macroscopic structure was analyzed for a system comprising multiple elements in which the dynamics is affected by their distribution. First, a nonlinear Boltzmann equation, which has an integration term with respect to the distribution of the elements, was derived. Next, the moment vector equation (MVE) for the Boltzmann equation was derived. The average probability density function (pdf) in a steady state was derived using eigen analysis of the coefficient matrix of the MVE. The macroscopic structure of the system and the mechanism that provides the average pdf and the transient response were then analyzed using eigen analysis. Evaluation of the average pdf and transient response showed that using eigen analysis is effective for analyzing not only the transient and stationary properties of the system but also the macroscopic structure and the mechanism providing the properties.

To improve immunity against process gradients, a common centroid constraint, in which every pair of capacitors should be placed symmetrically with respect to a common center point, is widely used. The pair of capacitors are derived by dividing some original capacitors into two halves. Xiao et al. proposed a method to obtain a placement which satisfies the common centroid constraints, but this method has a defect. In this paper, we propose a decoding algorithm to obtain a placement which satisfies common centroid constraints.

We propose a parallel pth powering method over an arbitrary finite field GF(p^m). Using the proposed method, we present the explicit formulae for the computation of cubing over a ternary field GF(3^m) which is defined by irreducible trinomials. We show that the field cubing computation for irreducible trinomials, which plays an important role in calculating pairing, can be implemented very efficiently.

The implementation security of the RSA cryptosystem, under the threat of side-channel analysis, has attracted the attentions of many researchers. Boer et al. had proposed the MRED-DPA attack on RSA-CRT by choosing ciphertexts of equi-distant data. Their attack can be applied to RSA-OAEP decryption but not RSA-PSS signing because of the PSS random padding. We propose a new DPA attack on an implementation of RSA-CRT, with the Montgomery reduction. The proposed attack assumes only known ciphertexts, and can be applied to both RSA-OAEP decryption and RSA-PSS signing even if a random padding technique is used in practice. This study also presents experimental results to verify the proposed attack. Finally, this study proposes a CRT-based message blinding technique as a low-cost DPA countermeasure.

Two classes of 3rd order correlation immune symmetric Boolean functions have been constructed respectively in [1] and [2], in which some interesting phenomena of the algebraic degree have been observed as well. However, a good explanation has not been given. In this paper, we obtain the formulas for the degree of these functions, which can well explain the behavior of their degree.

HyRAL is a blockcipher whose block size is 128bits, and it supports the key lengths of 128, 129, ..., 256bits. The cipher was proposed for the CRYPTREC project, and previous analyses did not identify any security weaknesses. In this paper, we first consider the longest key version, 256-bit key HyRAL, and present the analysis in terms of equivalent keys. We first show that there are 2^51.0 equivalent keys (or 2^50.0 pairs of equivalent keys). Next, we propose an algorithm that derives an instance of equivalent keys with the expected time complexity of 2^48.8 encryptions and a limited amount of memory. Finally, we implement the proposed algorithm and fully verify its correctness by showing several instances of equivalent keys. We then consider shorter key lengths, and show that there are equivalent keys in 249-, 250-, ..., 255-bit key HyRAL. For each of these key lengths, we present the expected time complexity to derive an instance of equivalent keys.

We propose an adaptive reversible data hiding method with superior visual quality and capacity in which an adaptive generalized difference expansion (AGDE) method is applied to an integer-to-integer subband transform (I2I-ST). I2I-ST performs the reversible subband transform and the AGDE method is a state-of-the-art method of reversible data hiding. The results of experiments we performed objectively and perceptually show that the proposed method has better visual quality than conventional methods at the same embedding rate due to low variance in the frequency domain.

The separation time-overlapping ultrasound signals is necessary to obtain accurate estimate of transit time and material properties. In this letter, a method to determine the optimal transform order of fractional Fourier transform (FRFT) for decomposition of overlapping ultrasonic signals is proposed. The optimal transform order is obtained by minimizing the mean square error (MSE) between the output and the reference signal. Furthermore, windowing in FRFT domain is discussed. Numerical simulation results show the performances of the proposed method in separating signals overlapping in time.

We propose a novel approach to the target localization problem using Doppler frequency shift measurements. We first reformulate the maximum likelihood estimation (MLE) as a constrained weighted least squares (CWLS) estimation, and then perform the semidefinite relaxation to relax the CWLS problem as a convex semidefinite programming (SDP) problem, which can be efficiently solved using modern convex optimization methods. Finally, the SDP solution can be used to initialize the original MLE which can provide estimates achieve the Cramer-Rao lower bound accuracy. Simulations corroborate the good performance of the proposed method.

We introduce a new nonlinear control method to globally asymptotically stabilize a class of uncertain nonlinear systems. First, we provide a system reconfiguration method which reconfigures the nonlinear systems with smooth positive functions. Then, we provide a nonlinear controller design method to globally asymptotically stabilize the reconfigured systems by utilizing Lyapunov equations. As a result, a class of uncertain nonlinear systems which have not been treated in the existing results can be globally asymptotically stabilized by our control method. Examples are given for easy following and illustration.

This paper presents a new phase unwrapping algorithm, based on an extended particle filter (EPF) for SAR interferometry. This technique is not limited by the nonlinearity of the model, and is able to accurately unwrap noisy interferograms by applying EPF to simultaneously perform noise suppression and phase unwrapping. Results obtained from synthetic and real data validate the effectiveness of the proposed method.

A decentralized secure protocol for casting trust rating in reputation systems (StR protocol) is lately proposed by Dimitriou and Michalas, and the StR protocol is verified to be faster than the previous work providing anonymous feedback. In this letter, we present new enhanced scheme of StR. Compared with StR protocol, our new approach attains the exactly same security, but requires less processing time and about half communication overheads. Therefore, we improve the performance without sacrificing any security, especially the communication delay is dramatically reduced.

An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2 [16] and AMP⁺ [15]) have been standardized in IEEE 1363.2 [9] and ISO/IEC 11770-4 [10]. In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 [16]) and KAM3 (based on AMP⁺ [15]) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.

Remote data possession checking for cloud storage is very important, since data owners can check the integrity of outsourced data without downloading a copy to their local computers. In a previous work, Chen proposed a remote data possession checking protocol using algebraic signature and showed that it can resist against various known attacks. In this paper, we find serious security flaws in Chen's protocol, and shows that it is vulnerable to replay attack by a malicious cloud server. Finally, we propose an improved version of the protocol to guarantee secure data storage for data owners.

In this letter, we propose an improvement on a knapsack probabilistic encryption scheme [B. Wang, Q. Wu, Y. Hu, Information Sciences 177 (2007)], which was shown vulnerable to attacks due to Youssef [A.M. Youssef, Information Sciences 179 (2009)] and Lee [M.S. Lee, Information Sciences 222 (2013)], respectively. The modified encryption scheme is secure against Youssef's and Lee's attacks only at the costs of slightly compromising the efficiency of the original proposal.

In this letter, constructions of sequences with perfect odd autocorrelation and sequence sets with zero odd correlation zone (ZOCZ) over the 8-QAM+ constellation are presented. Based on odd perfect ternary sequences, odd perfect sequences and ZOCZ sequence sets over the 8-QAM+ constellation are constructed by using shift vectors and mappings. These odd perfect sequences and ZOCZ sequence sets over 8-QAM+ constellation can be used in communication systems to achieve high transmission data rate (TDR) and low interference.

In this letter, an estimation technique for multiple CFOs is proposed that uses the properties of the Zadoff-Chu (ZC) sequence. After initial estimation of multiple CFOs by using the properties of the ZC sequence, accurate estimates are obtained in the proposed technique by an iterative procedure. The proposed technique can be applied to LTE-based CoMP systems where ZC sequences are used to generate synchronization signals in downlink and random access preambles in uplink.

N-Shift Zero Correlation Zone (NS-ZCZ) sequence is defined with the N-shift zero correlation zone in the correlation function. Namely, the N-shift zero only appears within the correlation zone symmetrically distributed in the center of the correlation function. Moreover, the traditional ZCZ sequences can be considered as the N-shift ZCZ sequence with N=1. Similar to ZCZ sequence, NS-ZCZ sequences can be applied in sequence design for co-channel interference mitigation with more sequences in the sequence set compared with the traditional N-shift sequences. In this letter, the definition and construction algorithms are proposed. The corresponding theoretical bounds are analyzed.

In IEEE 802.11 standard, the contention window (CW) sizes are not efficient because it does not consider the system load. There has been several mechanisms to achieve the maximum throughput by the optimal CW. But some parameters such as the number of stations and system utilization are difficult to measure in WLAN systems. To solve this problem, we use the network allocation vector (NAV) which represents the transmission of other stations. This parameter can be used to measure the system load. Thus, the CW sizes can be estimated by the system load. In this paper, we derive the analytical model for the optimal CW sizes and the maximum throughput using the NAV and show the relationships between the CW sizes, the throughput and the NAV.

An effective interlaced-to-progressive scanning format conversion method is presented for the interpolation of interlaced images. On the basis of the weight assignment algorithm, the proposed method is composed of three stages: (1) straightforward interpolation with pre-determined six-tap filter, (2) fuzzy metric-based weight assignment, (3) updating the interpolation results. We first deinterlace the missing line with six-tap filter in the working window. Then we compute the local weight among the adjacent pixels with a fuzzy metric. Finally we deinterlace the missing pixels using the proposed interpolator. Comprehensive simulations conducted on different images and video sequences have proved the effectiveness of the proposed method, with significant improvement over conventional methods.

This letter proposes a fast intra prediction method to reduce encoding time for the high-efficiency video coding (HEVC) standard, which involves an increase in the number of intra-modes. The proposed intra-mode coding method uses correlation between intra-modes and adjacent pixels. The proposed method skips half of the intra-modes in certain blocks, specifically those that satisfy predetermined conditions. Using the half of intra-modes reduces number of bits for intra-mode coding and offsets a decline of coding performance caused by mode skipping. The experimental results show that the proposed method achieved 5.87% reduction in encoding time compared to the HEVC test model 7.1 encoder with almost no loss in coding performance.