Verifying Functional Specifications by Regression Techniques on Lissajous Test Signatures

In this paper, a low-cost method to verify functional specifications of analog VLSI circuits is proposed. The method is based on the analysis of Lissajous signatures combined with regression techniques. In order to obtain Lissajous signatures, the observation space is partitioned into zones using hyperplanes, and a set of integer values used as the digital signature of the circuit is generated by Lissajous curve zone crossings. A predictor function obtained by nonlinear regression techniques predicts the functional specification parameters of the circuit under consideration. The viability of this methodology is analyzed and applied to verify the center frequency f ₀ of a bandpass biquad filter. Experimental measurements show an accurate prediction of the center frequency of the designed filter.     

Modelling Market-Based Decentralised Management Systems

A centralised approach to management of distributed systems works well when applied to relatively small-scale systems. As the scale grows, so do the problems of making appropriate system-wide decisions and co-ordinating their execution. As a result, large centrally managed systems tend to be ponderous and rigid. Devolving decision-making responsibility to local units means that locally appropriate responses to changed circumstances can be made rapidly. However, it is quite possible that local decisions in different elements of the system will interfere adversely. How does one co-ordinate local decisions in large systems without re-introducing central control and its associated problems? The decentralised approach adopted here is to craft the interactions between local decision-making elements (agents), in order that effective management of the overall system is an emergent result of repeated local decisions and interactions. The general solution to this problem is an ambitious long-term research goal. This paper presents some results that offer a way forward within a particular class of problem in which the interactions between agents can be modelled as sale and purchase of commodity items.     

Decentralised Workflows and Software Agents

This paper argues that the combination of software agents with existing workflow management systems can facilitate the degree of co-ordination and collaboration required to make virtual enterprises a reality. It describes the use of software agents in the setting-up of decentralised workflows, the reactive and proactive redistribution of work during process failures, the promotion of interoperability between workflow management systems, and the visualisation and monitoring of decentralised business processes.An implementation is described which uses a number of industry standard components, such as the agent communication language defined by the Foundation for Intelligent Physical Agents, the Common Object Request Broker Architecture, Java and the Process Interchange Format.     

Multi-Verifier Signatures

Multi-verifier signatures generalize public-key signatures to a secret-key setting. Just like public-key signatures, these signatures are both transferable and secure under arbitrary (unbounded) adaptive chosen-message attacks. In contrast to public-key signature schemes, however, we exhibit practical constructions of multi-verifier signature schemes that are provably secure and are based only on pseudorandom functions in the plain model without any random oracles.     

Security Arguments for Digital Signatures and Blind Signatures

Since the appearance of public-key cryptography in the seminal Diffie—Hellman paper, many new schemes have been proposed and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years is often considered as a kind of validation procedure. A much more convincing line of research has tried to provide ``provable' security for cryptographic protocols. Unfortunately, in many cases, provable security is at the cost of a considerable loss in terms of efficiency. Another way to achieve some kind of provable security is to identify concrete cryptographic objects, such as hash functions, with ideal random objects and to use arguments from relativized complexity theory. The model underlying this approach is often called the ``random oracle model.' We use the word ``arguments' for security results proved in this model. As usual, these arguments are relative to well-established hard algorithmic problems such as factorization or the discrete logarithm. In this paper we offer security arguments for a large class of known signature schemes. Moreover, we give for the first time an argument for a very slight variation of the well-known El Gamal signature scheme. In spite of the existential forgery of the original scheme, we prove that our variant resists existential forgeries even against an adaptively chosen-message attack. This is provided that the discrete logarithm problem is hard to solve. Next, we study the security of blind signatures which are the most important ingredient for anonymity in off-line electronic cash systems. We first define an appropriate notion of security related to the setting of electronic cash. We then propose new schemes for which one can provide security arguments. Received 24 October 1997 and revised 22 May 1998     

Decentralised learning MACs for collision-free access in WLANs

By combining the features of CSMA and TDMA, fully decentralised WLAN MAC schemes have recently been proposed that converge to collision-free schedules. In this paper we describe a MAC with optimal long-run throughput that is almost decentralised. We then design two schemes that are practically realisable, decentralised approximations of this optimal scheme and operate with different amounts of sensing information. We achieve this by (1) introducing learning algorithms that can substantially speed up convergence to collision free operation; (2) developing a decentralised schedule length adaptation scheme that provides long-run fair (uniform) access to the medium while maintaining collision-free access for arbitrary numbers of stations.     

Decentralised detection of periodic encounter communities in opportunistic networks

We tackle the problem of individuals being able to self-detect the encounter communities within which they periodically occur. This has widespread applicability, not least for future communication systems where content can be locally shared via wireless opportunistic networking when devices carried by participants come into close range. In this paper, we introduce a comprehensive model and decentralised algorithm to accomplish the detection of periodic communities in opportunistic networks. To the best of our knowledge, this is the first decentralised algorithm for the detection of periodic communities. We investigate the behaviour of our approach both analytically and with real-world data.     

RSA-Based Undeniable Signatures

We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems. In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and a sample RSA signature on a single public message. Our scheme possesses several attractive properties. First, provable security, as forging the undeniable signatures is as hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition, these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small number of exponentiations). Furthermore, the RSA-based structure of our scheme provides with simple and elegant solutions to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of the signing and confirmation operations. Due to the above properties and the fact that our undeniable nsignatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations. Received 25 July 1997 and revised 5 November 1998     

Decentralised transmission zeros of linear multivariable continuous-time systems

The set Lt, of decentralised transmission zeros is introduced for a practically important class of linear multivariable continuous-time systems, and high-gain decentralised stabilisability is shown to be crucially dependent on the set Lt in addition to the set Mf of fixed modes.     

Fully Leakage-Resilient Signatures

A signature scheme is fully leakage resilient (Katz and Vaikuntanathan, ASIACRYPT’09) if it is existentially unforgeable under an adaptive chosen-message attack even in a setting where an adversary may obtain bounded (yet arbitrary) leakage information on all intermediate values that are used throughout the lifetime of the system. This is a strong and meaningful notion of security that captures a wide range of side-channel attacks. One of the main challenges in constructing fully leakage-resilient signature schemes is dealing with leakage that may depend on the random bits used by the signing algorithm, and constructions of such schemes are known only in the random-oracle model. Moreover, even in the random-oracle model, known schemes are only resilient to leakage of less than half the length of their signing key. In this paper we construct the first fully leakage-resilient signature schemes without random oracles. We present a scheme that is resilient to any leakage of length (1?o(1))L bits, where L is the length of the signing key. Our approach relies on generic cryptographic primitives, and at the same time admits rather efficient instantiations based on specific number-theoretic assumptions. In addition, we show that our approach extends to the continual-leakage model, recently introduced by Dodis, Haralambiev, Lopez-Alt and Wichs (FOCS’10), and by Brakerski, Tauman Kalai, Katz and Vaikuntanathan (FOCS’10). In this model the signing key is allowed to be refreshed, while its corresponding verification key remains fixed, and the amount of leakage is assumed to be bounded only in between any two successive key refreshes.     

Implementation of a Decentralised Sensing Network aboard Multiple UAVs

This paper presents real-time results of a decentralised airborne data fusion system tracking multiple ground based targets. These target estimates are then used to construct a composite map of the environment. A decentralised communication strategy which is robust to communication latencies and dropouts results in each sensing node having a local estimate using global information. In addition, this paper describes the hardware and algorithms for the sensing nodes used in this demonstration. The problems introduced by locating the sensing nodes on air vehicles are both interesting and challenging.     

Decentralised distributed fountain coding: asymptotic analysis and design

A class of generic decentralised distributed fountain coding schemes is introduced and the tools of analysis of the performance of such schemes are presented. It is demonstrated that the developed approach can be used to formulate a robust code design methodology in a number of instances. We show that two non-standard applications of fountain codes, fountain codes for distributed source coding and fountain codes for unequal error protection lie within this decentralised distributed fountain coding framework.     

限制联合验证者签名

基于门限的思想,该文提出一种新签名方案限制联合验证者签名的精确定义和安全模型,并构造了一个有效的限制联合验证者签名方案。新方案支持将消息的知情权和签名的验证权控制给t个验证者,并且当且仅当t个验证者合作才能验证签名,同时签名的长度不随验证者的增加而增加。在随机预言模型下,新方案达到了所需的安全要求。     

Weakness in Quaternion Signatures

This note continues a sequence of attempts to define efficient digital signature schemes based on low-degree polynomials, or to break such schemes. We consider a scheme proposed by Satoh and Araki [5], which generalizes the Ong—Schnorr—Shamir scheme to the noncommutative ring of quaternions. We give two different ways to break the scheme. Received 9 December 1998 and revised 14 December 1998     

Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles

We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al.’s sequential aggregates and can be verified more efficiently than Boneh et al.’s aggregates. We also consider applications to secure routing and proxy signatures.     

Asymptotically Efficient Lattice-Based Digital Signatures

We present a general framework that converts certain types of linear collision-resistant hash functions into one-time signatures. Our generic construction can be instantiated based on both general and ideal (e.g., cyclic) lattices, and the resulting signature schemes are provably secure based on the worst-case hardness of approximating the shortest vector (and other standard lattice problems) in the corresponding class of lattices to within a polynomial factor. When instantiated with ideal lattices, the time complexity of the signing and verification algorithms, as well as key and signature size, is almost linear (up to poly-logarithmic factors) in the dimension n of the underlying lattice. Since no sub-exponential (in n) time algorithm is known to solve lattice problems in the worst case, even when restricted to ideal lattices, our construction gives a digital signature scheme with an essentially optimal performance/security trade-off.     

Security of Blind Signatures Revisited

We revisit the security definitions of blind signatures as proposed by Pointcheval and Stern (J Cryptol 13(3):361–396, 2000). Security comprises the notions of one-more unforgeability, preventing a malicious user to generate more signatures than requested, and of blindness, averting a malicious signer to learn useful information about the user’s messages. Although this definition is well established nowadays, we show that there are still desirable security properties that fall outside of the model. More precisely, in the original unforgeability definition is not excluded that an adversary verifiably uses the same message m for signing twice and is then still able to produce another signature for a new message \(m'\ne m\). Intuitively, this should not be possible; yet, it is not captured in the original definition, because the number of signatures equals the number of requests. We thus propose a stronger notion, called honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that turns any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one.