In this paper, we propose an efficient method for computing the weight spectrum of LDPC convolutional codes based on circulant matrices of quasi-cyclic codes. In the proposed method, we reduce the memory size of their parity-check matrices with the same distance profile as the original codes, and apply a forward and backward tree search algorithm to the parity-check matrices of reduced memory. We show numerical results of computing the free distance and the low-part weight spectrum of LDPC convolutional codes of memory about 130.

Cassuto and Blaum proposed new error correcting codes which are called symbol-pair codes. They presented a coding framework for channels whose outputs are overlapping pairs of symbols in storage applications. Such channels are called symbol-pair read channels. The pair distance and pair error are used in symbol-pair read channels. Cassuto et al. and Yaakobi et al. presented decoding algorithms for symbol-pair codes. However, their decoding algorithms cannot always correct errors whose number is not more than half the minimum pair distance. In this paper, we propose a new decoding algorithm using syndromes of symbol-pair codes. In addition, we show that the proposed algorithm can correct all pair errors within the pair error correcting capability.

In the analysis of maximum-likelihood decoding performance of low-density parity-check (LDPC) codes, the weight distribution is an important factor. We presented a probabilistic method for computing the weight distribution of LDPC codes, and showed results of computing the weight distribution of several LDPC codes. In this paper, we improve our previously presented method and propose a probabilistic computation method with reliability for the weight distribution of LDPC codes. Using the proposed method, we can determine the weight distribution with small failure probability.

The theory of finite fields has been successfully applied to the constructing of the various algebraic codes, digital signal processing, and techniques of cryptography. Especially the theories on four operations are very important, because it is strongly related to the size and the throughput of the gate circuits for the various encoders and decoders. In this paper we shall give a new method for constructing the gate circuit that yields the multiplicative inverses over GF (2m). The method is based on a new algorithm for computing multiplicative inverses in GF (2m). The operations needed for our algorithm are rarely performed on GF (2m), but primarily on the subfields of GF (2m). When performing the multiplication and division over finite fields, the idea of using the subfield has been given wide attention. However the conventional algorithms taking advantage of this idea are not necessarily efficient from the practical point of view. We see that our algorithm proved superior to the conventional methods when GF (2m) has the subfield GF (22).

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for data access control on cloud storage systems. In ABE, to revoke users' attributes, it is necessary to make them unable to decrypt ciphertexts. Some CP-ABE schemes for efficient attribute revocation have been proposed. However, they have not been given a formal security proof against a revoked user, that is, whether they satisfy forward secrecy has not been shown or they just do not achieve fine-grained access control of shared data. We propose an attribute revocable attribute-based encryption with the forward secrecy for fine-grained access control of shared data. The proposed scheme can use both “AND” and “OR” policy and is IND-CPA secure under the Decisional Parallel Bilinear Diffie-Hellman Exponent assumption in the standard model.

Internet of Things (IoT) has been widely applied in various fields. IoT data can also be put to cloud, but there are still concerns regarding security and privacy. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is attracted attention in cloud storage as a suitable encryption scheme for confidential data share and transmission. In CP-ABE, the secret key of a user is associated with a set of attributes; when attributes satisfy the access structure, the ciphertext is able to be decrypted. It is necessary that multiple authorities issue and manage secret keys independently. Authorities that generate the secret key can be regarded as managing the attributes of a user in CP-ABE. CP-ABE schemes that have multiple authorities have been proposed. The other hand, it should consider that a user's operation at the terminals is not necessary when a user drop an attribute and key is updated and the design of the communication system is a simple. In this paper, we propose CP-ABE scheme that have multiple key authorities and can revoke attribute immediately with no updating user's secret key for attribute revocation. In addition, the length of ciphertext is fixed. The proposed scheme is IND-CPA secure in DBDH assumption under the standard model. We compare the proposed scheme and the other CP-ABE schemes and show that the proposed scheme is more suitable for cloud storage.

The stream cipher Sprout with a short internal state was proposed in FSE 2015. Although the construction guaranteed resistance to generic Time Memory Data Tradeoff attacks, there were some weaknesses in the design and the cipher was completely broken. In this paper we propose a family of stream ciphers LILLE in which the size of the internal state is half the size of the secret key. Our main goal is to develop robust lightweight stream cipher. To achieve it, our cipher based on the two-key Even Mansour construction and thus its security against key/state recovery attacks reduces to a well analyzed problem. We also prove that like Sprout, the construction is resistant to generic Time Memory Data Tradeoff attacks. Unlike Sprout, the construction of the cipher guarantees that there are no weak key-IV pairs which produce a keystream sequence with short period or which make the algebraic structure of the cipher weaker and easy to cryptanalyze. The reference implementations of all members of the LILLE family with standard cell libraries based on the STM 90nm and 65nm processes were also found to be smaller than Grain v1 while security of LILLE family depend on reliable problem in the symmetric cryptography.

Symbol-pair read channels output overlapping pairs of symbols in storage applications. Pair distance and pair error are used in the channels. In this paper, we discuss error-trapping decoding for cyclic codes over symbol-pair read channels. By putting some restrictions on the correctable pair error patterns, we propose a novel error-trapping decoding algorithm over the channels and show a circuitry for implementing the decoding algorithm. In addition, we discuss how to modify the restrictions on the correctable pair error patterns.

Dedicated Short Range Communication (DSRC) is currently standardized as a leading technology for the implementation of Vehicular Networks. Non-safety application in DSRC is emerging beyond the initial safety application. However, it suffers from a typical issue of low data delivery ratio in urban environments, where static and moving obstacles block or attenuate the radio propagation, as well as other technical issues such as temporal-spatial restriction, capital cost for infrastructure deployments and limited radio coverage range. On the other hand, Content-Centric Networking (CCN) advocates ubiquitous in-network caching to enhance content distribution. The major characteristics of CCN are compatible with the requirements of vehicular networks so that CCN could be available by vehicular networks. In this paper, we propose a CCN-based vehicle-to-vehicle (V2V) communication scheme on the top of DSRC standard for content dissemination, while demonstrate its feasibility by analyzing the frame format of Beacon and WAVE service advertisement (WSA) messages of DSRC specifications. The simulation-based validations derived from our software platform with OMNeT++, Veins and SUMO in realistic traffic environments are supplied to evaluate the proposed scheme. We expect our research could provide references for future more substantial revision of DSRC standardization for CCN-based V2V communication.

In the context of Cyber-Physical System (CPS), analyzing the real world data accumulated in cyberspace would improve the efficiency and productivity of various social systems. Towards establishing data-driven society, it is desired to share data safely and smoothly among multiple services. In this paper, we propose a scheme that services authenticate users using information registered on a blockchain. We show that the proposed scheme has resistance to tampering and a spoofing attack.

System administrators and security officials of an organization need to deal with vulnerable IT assets, especially those with severe vulnerabilities, to minimize the risk of these vulnerabilities being exploited. The Common Vulnerability Scoring System (CVSS) can be used as a means to calculate the severity score of vulnerabilities, but it currently requires human operators to choose input values. A word-level Convolutional Neural Network (CNN) has been proposed to estimate the input parameters of CVSS and derive the severity score of vulnerability notes, but its accuracy needs to be improved further. In this paper, we propose a character-level CNN for estimating the severity scores. Experiments show that the proposed scheme outperforms conventional one in terms of accuracy and how errors occur.

A reversible watermark algorithm with large capacity has been developed by applying the difference expansion of a generalized integer transform. In this algorithm, a watermark signal is inserted in the LSB of the difference values among pixels. In this paper, we apply the prediction errors calculated by a predictor in JPEG-LS for embedding watermark, which contributes to increase the amount of embedded information with less degradation. As one of the drawbacks discovered in the above conventional method is the large size of the embedded location map introduced to make it reversible, we decrease the large size of the location map by vectorization, and then modify the composition of the map using the local characteristics. We also exclude the positions such that the modification in the embedding operation cannot increase the capacity but merely degrade the image quality, which can be applicable to the conventional methods.

For the construction of a large fingerprinting system, conventional protocols need many computations to provide each fingerprinted contents to each user. In order to reduce the computational cost, we introduce a new concept of distributed providers in the fingerprinting protocol. Before a sale, our practical fingerprinting protocol using a concept of secure oblivious transfer is performed between a contents supplier and each provider. Then each provider obtains fingerprinted contents such that each bit of fingerprinting information is embedded in each segment of the contents. When a user orders some contents to the supplier, each segment of the contents is distributed from each provider specified by the supplier. The selection of providers who distribute the segments of contents is executed based on the user's identity so that the sequence of embedded bits in the collected segments may indicate the user's identity.

Kreyvium is a NLFSR-based stream cipher which is oriented to homomorphic-ciphertext compression. This is a variant of Trivium with 128-bit security. Designers have evaluated the security of Kreyvium and concluded that the resistance of Kreyvium to the conditional differential cryptanalysis is at least the resistance of Trivium, and even better. However, we consider that this attack is effective for reduced Kreyvium due to the structure of it. This paper shows the conditional differential cryptanalysis for Kreyvium, and we propose distinguishing and key recovery attacks. We show how to arrange differences and conditions to obtain good higher-order conditional differential characteristics. We use two types of higher-order conditional differential characteristics to find a distinguisher, e.g. the bias of higher-order conditional differential characteristics of a keystream and the probabilistic bias of them. In the first one, we obtain the distinguisher on Kreyvium with 730 rounds from 20-th order characteristics. In the second one, we obtain the distinguisher on Kreyvium with 899 rounds from 25-th order conditional differential characteristics. Moreover, we show the key recovery attack on Kreyvium with 736 rounds from 20-th order characteristics. We experimentally confirm all our attacks. The second distinguisher shows that we can obtain the distinguisher on Kreyvium with more rounds than the distinguisher on Trivium. Therefore, Kreyvium has a smaller security margin than Trivium for the conditional differential cryptanalysis.

The network load is increasing due to the spread of content distribution services. Caching is recognized as a technique to reduce the peak network load by storing popular content into memories of users. Coded caching is a new caching approach based on a carefully designed content placement to create coded multicasting opportunities. Coded caching schemes in single-rate networks are evaluated by the tradeoff between the size of memory and that of delivered data. For considering the network with multiple transmission rates, it is crucial how to operate multicast. In multicast delivery, a sender must communicate to intended receivers at a rate that is available to all receivers. Multicast scheduling method of determining rates to deliver are evaluated by throughput and delay in multi-rate wireless networks. In this paper, we discuss coded caching in the multi-rate wireless networks. We newly define a measure for evaluating the coded caching scheme as coded caching delay and propose a new coded caching scheme. Also, we compare the proposed coded caching scheme with conventional coded caching schemes and show that the proposed scheme is suitable for multi-rate wireless networks.

In this paper, we propose an effective key recovery attack on stream ciphers Py and Pypy with chosen IVs. Our method uses an internal-state correlation based on the vulnerability that the randomization of the internal state in the KSA is inadequate, and it improves two previous attacks proposed by Wu and Preneel (a WP-1 attack and a WP-2 attack). For a 128-bit key and a 128-bit IV, the WP-1 attack can recover a key with 223 chosen IVs and time complexity 272. First, we improve the WP-1 attack by using the internal-state correlation (called a P-1 attack). For a 128-bit key and a 128-bit IV, the P-1 attack can recover a key with 223 chosen IVs and time complexity 248, which is 1/224 of that of the WP-1 attack. The WP-2 attack is another improvement on the WP-1 attack, and it has been known as the best previous attack against Py and Pypy. For a 128-bit key and a 128-bit IV, the WP-2 attack can recover a key with 223 chosen IVs and time complexity 224. Second, we improve the WP-2 attack by using the internal-state correlation as well as the P-1 attack (called a P-2 attack). For a 128-bit key and a 128-bit IV, the P-2 attack can recover a key with 223 chosen IVs and time complexity 224, which is the same capability as that of the WP-2 attack. However, when the IV size is from 64 bits to 120 bits, the P-2 attack is more effective than the WP-2 attack. Thus, the P-2 attack is the known best attack against Py and Pypy.

Epidemic cyber incidents are caused by malicious websites using exploit kits. The exploit kit facilitate attackers to perform the drive-by download (DBD) attack. However, it is reported that malicious websites using an exploit kit have similarity in their website structure (WS)-trees. Hence, malicious website identification techniques leveraging WS-trees have been studied, where the WS-trees can be estimated from HTTP traffic data. Nevertheless, the defensive component of the exploit kit prevents us from capturing the WS-tree perfectly. This paper shows, hence, a new WS-tree construction procedure by using the fact that a DBD attack happens in a certain duration. This paper proposes, moreover, a new malicious website identification technique by clustering the WS-tree of the exploit kits. Experiment results assuming the D3M dataset verify that the proposed technique identifies exploit kits with a reasonable accuracy even when HTTP traffic from the malicious sites are partially lost.

New good convolutional codes with optimal free distance are tabulated for the number of memories M 22 and rate R=1/2, which were selected based on the criterion of minimizing the decoding error rate and bit error rate. Furthermore, for R=1/3, 1/4 and M 13, we give the new good codes and make clear the existance of the codes with minimum free distance which achieve to Heller's upper bound for M 16.

For improving the RSA cryptosystem, more desirable conditions on key structures have been intensively studied. Recently, M.J.Wiener presented a cryptanalytic attack on the use of small RSA secret exponents. To be secure against the Wiener's attack, the size of a secret exponent d should be chosen more than one-quarter of the size of the modulus n = pq (in bits). Besides, it is more desirable, in frequent cases, to make the public exponent e as small as possible. However if small d is chosen first, in such case as the digital signature system with smart card, the size of e is inevitably increased to that of n when we use the conventional key generation algorithm. This paper presents a new algorithm, Algorithm I, for generating of the secure RSA keys against Wiener's attack. With Algorithm I, it is possible to choose the smaller sizes of the RSA exponents under certain conditions on key parameters. For example, with Algorithm I, we can construct the RSA keys with the public exponent e of two-thirds and secret exponent d of one-third of the size of modulus n (in bits). Furthermore we present a modified version of Algorithm I, Algorithm II, for generating of the strong RSA keys having the difficulty of factoring n. Finally we analyze the performances of Algorithm I and Algorithm II.