The $$\mathbb {}$$-curve Construction for Endomorphism-Accelerated Elliptic Curves

We give a detailed account of the use of \(\mathbb {Q}\)-curve reductions to construct elliptic curves over \(\mathbb {F}_{p^2}\) with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant–Lambert–Vanstone (GLV) and Galbraith–Lin–Scott (GLS) endomorphisms. Like GLS (which is a degenerate case of our construction), we offer the advantage over GLV of selecting from a much wider range of curves and thus finding secure group orders when \(p\) is fixed for efficient implementation. Unlike GLS, we also offer the possibility of constructing twist-secure curves. We construct several one-parameter families of elliptic curves over \(\mathbb {F}_{p^2}\) equipped with efficient endomorphisms for every \(p > 3\), and exhibit examples of twist-secure curves over \(\mathbb {F}_{p^2}\) for the efficient Mersenne prime \(p = 2^{127}-1\).     

Automata Evaluation and Text Search Protocols with Simulation-Based Security

This paper presents efficient protocols for securely computing the following two problems: (1) The fundamental problem of pattern matching. This problem is defined in the two-party setting, where party \(P_1\) holds a pattern and party \(P_2\) holds a text. The goal of \(P_1\) is to learn where the pattern appears in the text, without revealing it to \(P_2\) or learning anything else about \(P_2\)’s text. This problem has been widely studied for decades due to its broad applicability. We present several protocols for several notions of security. We further generalize one of our solutions to solve additional pattern matching-related problems of interest. (2) Our construction from above, in the malicious case, is based on a novel protocol for secure oblivious automata evaluation which is of independent interest. In this problem, party \(P_1\) holds an automaton and party \(P_2\) holds an input string, and they need to decide whether the automaton accepts the input, without learning anything else. Our protocol obtains full security in the face of malicious adversaries.     

Intermittent Fault Diagnosability of Hyper Petersen Network

The problem of permanent fault diagnosis has been discussed widely, and the diagnosability of many well-known networks have been explored. Faults of a multiprocessor system generally include permanent and intermittent, with intermittent faults regarded as the most challenging to diagnose. In this paper, we investigate the intermittent fault diagnosability of hyper Petersen networks. First, we derive that an \(n\)-dimensional hyper Petersen network \(HP_{n}\) with fault-free edges is \((n - 1)_{i}\)-diagnosable under the PMC model. Then, we investigate the intermittent fault diagnosability of \(HP_{n}\) with faulty edges under the PMC model. Finally, we prove that an \(n\)-dimensional hyper Petersen network \(HP_{n}\) is \((n - 2)_{i}\)-diagnosable under the MM* model.     

An Optimally Fair Coin Toss

We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve (Proceedings of the 18th annual ACM symposium on theory of computing, pp 364–369, 1986) showed that for any two-party \(r\)-round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by \(\varOmega (1/r)\). However, the best previously known protocol only guarantees \(O(1/\sqrt{r})\) bias, and the question of whether Cleve’s bound is tight has remained open for more than 20 years. In this paper, we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve’s lower bound is tight: We construct an \(r\)-round protocol with bias \(O(1/r)\).     

$$L_{1}$$-norm constrained normalized subband adaptive filter algorithm with variable norm-bound parameter and improved version

The \(L_{1}\)-norm constrained normalized subband adaptive filter with variable norm-bound parameter \((L_{1}\hbox {NCNSAF-V})\) algorithm and its variable step size version VSS-\(L_{1}\)NCNSAF-V are proposed in this paper, which are more superior to some existing algorithms in the sparse system. The proposed \(L_{1}\)NCNSAF-V is derived by using the Lagrange multiplier method, and the VSS-\(L_{1}\)NCNSAF-V is obtained by minimizing the statistical square of the Euclidean norm of the noise-free subband a posterior error vector. The simulation results demonstrate that the proposed algorithms achieve good performance.     

The Hunting of the SNARK

The existence of succinct non-interactive arguments for NP (i.e., non-interactive computationally sound proofs where the verifier’s work is essentially independent of the complexity of the NP non-deterministic verifier) has been an intriguing question for the past two decades. Other than CS proofs in the random oracle model (Micali in SIAM J Comput 30(4):1253–1298, 2000), prior to our work the only existing candidate construction is based on an elaborate assumption that is tailored to a specific protocol (Di Crescenzo and Lipmaa in Proceedings of the 4th conference on computability in Europe, 2008). We formulate a general and relatively natural notion of an extractable collision-resistant hash function (ECRH) and show that, if ECRHs exist, then a modified version of Di Crescenzo and Lipmaa’s protocol is a succinct non-interactive argument for NP. Furthermore, the modified protocol is actually a succinct non-interactive adaptive argument of knowledge (SNARK). We then propose several candidate constructions for ECRHs and relaxations thereof. We demonstrate the applicability of SNARKs to various forms of delegation of computation, to succinct non-interactive zero-knowledge arguments, and to succinct two-party secure computation. Finally, we show that SNARKs essentially imply the existence of ECRHs, thus demonstrating the necessity of the assumption. Going beyond \(\hbox {ECRH}\)s, we formulate the notion of extractable one-way functions (\(\hbox {EOWF}\)s). Assuming the existence of a natural variant of \(\hbox {EOWF}\)s, we construct a two-message selective-opening-attack-secure commitment scheme and a three-round zero-knowledge argument of knowledge. Furthermore, if the \(\hbox {EOWF}\)s are concurrently extractable, the three-round zero-knowledge protocol is also concurrent zero knowledge. Our constructions circumvent previous black-box impossibility results regarding these protocols by relying on \(\hbox {EOWF}\)s as the non-black-box component in the security reductions.     

Effects of Multiple Stacking Faults on the Electronic and Optical Properties of Armchair MoS$$_{}$$ Nanoribbons: First-Principles Calculations

The electronic and optical properties of armchair MoS\(_{2}\) nanoribbons with multiple stacking faults are investigated using first-principles calculations. It’s interesting that the band gaps approach zero for armchair MoS\(_{2}\) nanoribbons with two and four stacking faults. The gaps of armchair MoS\(_{2}\) nanoribbons with one stacking fault and three stacking faults are converged to 0.46 eV and 0.36 eV, respectively, which is smaller than perfect MoS\(_{2}\) nanoribbons. The partial charge density of armchair MoS\(_{2}\) nanoribbons with two stacking faults shows that the defect levels are originated from stacking faults. The frequency-dependent optical response (dielectric function, absorption, reflectance and electron energy loss spectra) is also presented. The optical results of monolayer MoS\(_{2}\) are in agreement with previous study. The peaks in the imaginary part of perfect armchair MoS\(_{2}\) nanoribbons are about 2.8 eV, 4.0 eV and 5.4 eV and the peaks of the imaginary part of armchair MoS\(_{2}\) nanoribbons with stacking faults are mainly 2.8 eV and 5.4 eV. They are independent of ribbon width. The peaks in electron energy loss spectra move toward larger wavelengths (redshift) due to the introduction of stacking faults.     

Study on the Effect of Mn,Zn, and Sb on Undercooling Behavior of Sn-Ag-Cu Alloys Using Differential Thermal Analysis

Differential thermal analysis (DTA) has been conducted on directionally solidified near-eutectic Sn-3.0 wt.%Ag-0.5 wt.%Cu (SAC), SAC \(+\) 0.2 wt.%Sb, SAC \(+\) 0.2 wt.%Mn, and SAC \(+\) 0.2 wt.%Zn. Laser ablation inductively coupled plasma mass spectroscopy was used to study element partitioning behavior and estimate DTA sample compositions. Mn and Zn additives reduced the undercooling of SAC from 20.4\(^\circ \hbox {C}\) to \(4.9^\circ \hbox {C}\) and \(2^\circ \hbox {C}\), respectively. Measurements were performed at cooling rate of \(10^\circ \hbox {C}\) per minute. After introducing 200 ppm \(\hbox {O}_2\) into the DTA, this undercooling reduction ceased for SAC \(+\) Mn but persisted for SAC \(+\) Zn.     

Design considerations of CMOS active inductor for low power applications

Previous studies have shown that \(g_m/I_D\) (transconductance-to-drain-current) ratio based design is useful for optimizing analog circuits. In this paper, we explore challenges associated with designing a low-power active inductor. We focus in particular on sizing issues that arise as the transistor speed is maximized and the current consumption is minimized. Finally, we apply the results to design an amplifier integrated with an active inductor in \(0.18\,\upmu \hbox{m}\) CMOS process and show that by systematically working through sizing issues, a \(10\,\upmu \hbox{A}\) sub GHz amplifier can be designed.     

Low-Voltage CMOS Switch for High-Speed Rail-To-Rail Sampling

Sampling switches have a dominant role in switched-capacitor circuits and analog-to-digital convertors. Since they act as input gates, their nonlinearities directly degrade the quality of the input signals. The scaling-down trend of CMOS technology and increasing demands for high-speed and power-efficient circuits pose design challenge in high-speed sampling switches for low-voltage applications. To address this issue, an optimized CMOS switch is proposed in this paper consisting of a bootstrapped NMOS switch and a boosted PMOS switch as a transmission gate. By utilizing this technique, the nonlinearity resulting from the threshold voltage variation (body effect) of NMOS switch is mitigated, considerably. To evaluate the proposed switch, it is designed in 0.18 \(\upmu \hbox {m}\) CMOS process technology. According to the obtained simulation results, this switch can achieve total harmonic distortion of \(-\)78.81 and \(-\)62.99 dB in 100 MS/s at \(V_\mathrm{dd}\) = 1 Volt and 50 MS/s at \(V_\mathrm{dd}\) = 0.8 V, respectively.     

Design and Performance Study of Dynamic Fractors in Any of the Four Quadrants

A fractor is a simple fractional-order system. Its transfer function is \(1/Fs^{\alpha }\); the coefficient, F, is called the fractance, and \(\alpha \) is called the exponent of the fractor. This paper presents how a fractor can be realized, using RC ladder circuit, meeting the predefined specifications on both F and \(\alpha \). Besides, commonly reported fractors have \(\alpha \) between 0 and 1. So, their constant phase angles (CPA) are always restricted between \(0^{\circ }\) and \(-90^{\circ }\). This work has employed GIC topology to realize fractors from any of the four quadrants, which means fractors with \(\alpha \) between \(-\)2 and +2. Hence, one can achieve any desired CPA between \(+180^{\circ }\) and \(-180^{\circ }\). The paper also exhibits how these GIC parameters can be used to tune the fractance of emulated fractors in real time, thus realizing dynamic fractors. In this work, a number of fractors are developed as per proposed technique, their impedance characteristics are studied, and fractance values are tuned experimentally.     

Efficient Slide Attacks

The slide attack, presented by Biryukov and Wagner, has already become a classical tool in cryptanalysis of block ciphers. While it was used to mount practical attacks on a few cryptosystems, its practical applicability is limited, as typically, its time complexity is lower bounded by \(2^n\) (where n is the block size). There are only a few known scenarios in which the slide attack performs better than the \(2^n\) bound. In this paper, we concentrate on efficient slide attacks, whose time complexity is less than \(2^n\). We present a number of new attacks that apply in scenarios in which previously known slide attacks are either inapplicable, or require at least \(2^n\) operations. In particular, we present the first known slide attack on a Feistel construction with a 3-round self-similarity, and an attack with practical time complexity of \(2^{40}\) on a 128-bit key variant of the GOST block cipher with unknown S-boxes. The best previously known attack on the same variant, with known S-boxes (by Courtois), has time complexity of \(2^{91}\).     

Electrochemical,Structural and Magnetic Analysis of Electrodeposited CoCu/Cu Multilayers: Influence of Cu Layer Deposition Potential

The electrochemical, structural and magnetic properties of CoCu/Cu multilayers electrodeposited at different cathode potentials were investigated from a single bath. The Cu layer deposition potentials were selected as \(-\,0.3,\,\hbox {V}\) \(-\,0.4\,\,\hbox {V}\), and \(-\,0.5\,\hbox {V}\) with respect to saturated calomel electrode (SCE) while the Co layer deposition potential was constant at \(-\,1.5\,\hbox {V}\) versus SCE. For the electrochemical analysis, the current-time transients were obtained. The amount of noble non-magnetic (Cu) metal materials decreased with the increase of deposition potentials due to anomalous codeposition. Further, current-time transient curves for the Co layer deposition and capacitance were calculated. In the structural analysis, the multilayers were found to be polycrystalline with both Co and Cu layers adopting the face-centered cubic structure. The (111) peak shifts towards higher angle with the increase of the deposition potentials. Also, the lattice parameters of the multilayers decrease from 0.3669 nm to 0.3610 nm with the increase of the deposition potentials from \(-\,0.3\,\hbox {V}\) to \(-\,0.5\,\hbox {V}\), which corresponds to the bulk values of Cu and Co, respectively. The electrochemical and structural results demonstrate that the amount of Co atoms increased and the Cu atoms decreased in the layers with the increase of deposition potentials due to anomalous codeposition. For magnetic measurements, the saturation magnetizations, \(M_s\) obtained from the magnetic curves of the multilayers were obtained as 212 kA/m, 276 kA/m, and 366 kA/m with \(-\,0.3\,\hbox {V}\), \(-\,0.4\,\hbox {V}\), and \(-\,0.5\,\hbox {V}\) versus SCE, respectively. It is seen that the \(M_s\) values increased with the increase of the deposition potentials confirming the increase of the Co atoms and decrease of the Cu amount. The results of electrochemical and structural analysis show that the deposition potentials of non-magnetic layers plays important role on the amount of magnetic and non-magnetic materials in the layers and thus on the magnetic properties of the multilayers.     

A 3.1–10.6 GHz UWB LNA Based on Self Cascode Technique for Improved Bandwidth and High Gain

In this work, we present a self cascode based ultra-wide band (UWB) low noise amplifier (LNA) with improved bandwidth and gain for 3.1–10.6 GHz wireless applications. The self cascode (SC) or split-length compensation technique is employed to improve the bandwidth and gain of the proposed LNA. The improvement in the bandwidth of SC based structure is around 1.22 GHz as compared to simple one. The significant enhancement in the characteristics of the introduced circuit is found without extra passive components. The SC based CS–CG structure in the proposed LNA uses the same DC current for operating first stage transistors. In the designed UWB LNA, a common source (CS) stage is used in the second stage to enhance the overall gain in the high frequency regime. With a standard 90 nm CMOS technology, the presented UWB LNA results in a gain \(\hbox {S}_{21}\) of \(20.10 \pm 1.65\,\hbox {dB}\) across the 3.1–10.6 GHz frequency range, and dissipating 11.52 mW power from a 1 V supply voltage. However, input reflection, \(\hbox {S}_{11}\), lies below \(-\,10\) dB from 4.9–9.1 GHz frequency. Moreover, the output reflection (\(\hbox {S}_{22}\)) and reverse isolation (\(\hbox {S}_{12}\)), is below \(-\,10\) and \(-\,48\) dB, respectively for the ultra-wide band region. Apart from this, the minimum noise figure (\(\hbox {NF}_{min}\)) value of the proposed UWB LNA exists in the range of 2.1–3 dB for 3.1–10.6 GHz frequency range with a a small variation of \(\pm \,0.45\,\hbox {dB}\) in its \(\hbox {NF}_{min}\) characteristics. Linearity of the designed LNA is analysed in terms of third order input intercept point (IIP3) whose value is \(-\,4.22\) dBm, when a two tone signal is applied at 6 GHz with a spacing of 10 MHz. The other important benefits of the proposed circuit are its group-delay variation and gain variation of \(\pm \,115\,\hbox {ps}\) and \(\pm \,1.65\,\hbox {dB}\), respectively.     

Ab␣Initio Study of Aluminium Impurity and Interstitial-Substitutional Complexes in Ge Using a Hybrid Functional (HSE)

The results of an ab?initio modelling of aluminium substitutional impurity (\({\hbox {Al}}_{\rm Ge}\)), aluminium interstitial in Ge [\({\hbox {I}}_{\rm Al}\) for the tetrahedral (T) and hexagonal (H) configurations] and aluminium interstitial-substitutional pairs in Ge (\({\hbox {I}}_{\rm Al}{\hbox {Al}}_{\rm Ge}\)) are presented. For all calculations, the hybrid functional of Heyd, Scuseria, and Ernzerhof in the framework of density functional theory was used. Defects formation energies, charge state transition levels and minimum energy configurations of the \({\hbox {Al}}_{\rm Ge}\), \({\hbox {I}}_{\rm Al}\) and \({\hbox {I}}_{\rm Al}{\hbox {Al}}_{\rm Ge}\) were obtained for ?2, ?1, 0, \(+\)1 and \(+\)2 charge states. The calculated formation energy shows that for the neutral charge state, the \({\hbox {I}}_{\rm Al}\) is energetically more favourable in the T than the H configuration. The \({\hbox {I}}_{\rm Al}{\hbox {Al}}_{\rm Ge}\) forms with formation energies of ?2.37 eV and ?2.32 eV, when the interstitial atom is at the T and H sites, respectively. The \({\hbox {I}}_{\rm Al}{\hbox {Al}}_{\rm Ge}\) is energetically more favourable when the interstitial atom is at the T site with a binding energy of 0.8 eV. The \({\hbox {I}}_{\rm Al}\) in the T configuration, induced a deep donor (\(+\)2/\(+1\)) level at \(E_{\mathrm {V}}+0.23\) eV and the \({\hbox {Al}}_{\rm Ge}\) induced a single acceptor level (0/?1) at \(E_{\mathrm {V}}+0.14\) eV in the band gap of Ge. The \({\hbox {I}}_{\rm Al}{\hbox {Al}}_{\rm Ge}\) induced double-donor levels are at \(E_{\rm V}+0.06\) and \(E_{\rm V}+0.12\) eV, when the interstitial atom is at the T and H sites, respectively. The \({\hbox {I}}_{\rm Al}\) and \({\hbox {I}}_{\rm Al}{\hbox {Al}}_{\rm Ge}\) exhibit properties of charge state-controlled metastability.     

Correction to: A subthreshold low-power CMOS LC-VCO with high immunity to PVT variations

This paper presents a capacitor-free low dropout (LDO) linear regulator based on a dual loop topology. The regulator utilizes two feedback loops to satisfy the challenges of hearing aid devices, which include fast transient performance and small voltage spikes under rapid load-current changes. The proposed design works without the need of a decoupling capacitor connected at the output and operates with a 0–100 pF capacitive load. The design has been taped out in a \(0.18\,\upmu \hbox {m}\) CMOS process. The proposed regulator has a low component count, area of \(0.012\, \hbox {mm}^2\) and is suitable for system-on-chip integration. It regulates the output voltage at 0.9 V from a 1.0–1.4 V supply. The measured results for a current step load from 250 to 500 \(\upmu \hbox {A}\) with a rise and fall time of \(1.5\,\upmu \hbox {s}\) are an overshoot of 26 mV and undershoot of 26 mV with a settling time of \(3.5\,\upmu \hbox {s}\) when \({C_L}\) between 0 and 100 pF. The proposed LDO regulator consumes a quiescent current of only \(10.5\,\upmu \hbox {A}\). The design is suitable for application with a current step edge time of 1 ns while maintaining \(\Delta V_{out}\) of 64 mV.     

Two-channel perfect reconstruction (PR) quadrature mirror filter (QMF) bank design using logarithmic window function and spline function

In this work, two-channel perfect reconstruction quadrature mirror filter (QMF) bank has been proposed based on the prototype filter using windowing method. A novel window function based on logarithmic function along with the spline function is utilized for the design of prototype filter. The proposed window has a variable parameter ‘\(\alpha \)’, which varies the peak side lobe level and rate of fall-off side lobe level which in turn affects the peak reconstruction error (PRE) and amplitude distortion (\(e_{am}\)) of the QMF bank . The transition width of the prototype is controlled by the spline function using the parameter ‘\(\mu \)’. The perfect reconstruction condition is satisfied by setting the cutoff frequency (\(\omega _{c}\)) of the prototype low-pass filter at ‘\(\pi /2\)’. The performance of the proposed design method has been evaluated in terms of mean square error in the pass band, mean square error in the stop band, first side lobe attenuation (\(A_{1}\)), peak reconstruction error (PRE) and amplitude error (\(e_{am}\)) for different values of ‘\(\alpha \)’ and ‘\(\mu \)’. The results are provided and compared with the existing methods.     

Error performance of optically preamplified hybrid BPSK-PPM systems with transmitter and receiver imperfections

In this paper, we investigate the impact of the transmitter finite extinction ratio and the receiver carrier recovery phase offset on the error performance of two optically preamplified hybrid M-ary pulse position modulation (PPM) systems with coherent detection. The first system, referred to as PB-mPPM, combines polarization division multiplexing (PDM) with binary phase-shift keying and M-ary PPM, and the other system, referred to as PQ-mPPM, combines PDM with quadrature phase-shift keying and M-ary PPM. We provide new expressions for the probability of bit error for PB-mPPM and PQ-mPPM under finite extinction ratios and phase offset. The extinction ratio study indicates that the coherent systems PB-mPPM and PQ-mPPM outperform the direct-detection ones. It also shows that at \(P_b=10^{-9}\) PB-mPPM has a slight advantage over PQ-mPPM. For example, for a symbol size \(M=16\) and extinction ratio \(r=30\) dB, PB-mPPM requires 0.6 dB less SNR per bit than PQ-mPPM to achieve \(P_b=10^{-9}\). This investigation demonstrates that PB-mPPM is less complex and less sensitive to the variations of the offset angle \(\theta \) than PQ-mPPM. For instance, for \(M=16\), \(r=30\) dB, and \(\theta =10^{\circ }\) PB-mPPM requires 1.6 dB less than PQ-mPPM to achieve \(P_b=10^{-9}\). However, PB-mPPM enhanced robustness to phase offset comes at the expense of a reduced bandwidth efficiency when compared to PQ-mPPM. For example, for \(M=2\) its bandwidth efficiency is 60 % that of PQ-mPPM and \(\approx 86\,\%\) for \(M=1024\). For these reasons, PB-mPPM can be considered a reasonable design trade-off for M-ary PPM systems.