The $$\mathbb {}$$-curve Construction for Endomorphism-Accelerated Elliptic Curves

We give a detailed account of the use of \(\mathbb {Q}\)-curve reductions to construct elliptic curves over \(\mathbb {F}_{p^2}\) with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant–Lambert–Vanstone (GLV) and Galbraith–Lin–Scott (GLS) endomorphisms. Like GLS (which is a degenerate case of our construction), we offer the advantage over GLV of selecting from a much wider range of curves and thus finding secure group orders when \(p\) is fixed for efficient implementation. Unlike GLS, we also offer the possibility of constructing twist-secure curves. We construct several one-parameter families of elliptic curves over \(\mathbb {F}_{p^2}\) equipped with efficient endomorphisms for every \(p > 3\), and exhibit examples of twist-secure curves over \(\mathbb {F}_{p^2}\) for the efficient Mersenne prime \(p = 2^{127}-1\).     

Minimizing the Two-Round Even–Mansour Cipher

The r-round (iterated) Even–Mansour cipher (also known as key-alternating cipher) defines a block cipher from r fixed public n-bit permutations \(P_1,\ldots ,P_r\) as follows: Given a sequence of n-bit round keys \(k_0,\ldots ,k_r\), an n-bit plaintext x is encrypted by xoring round key \(k_0\), applying permutation \(P_1\), xoring round key \(k_1\), etc. The (strong) pseudorandomness of this construction in the random permutation model (i.e., when the permutations \(P_1,\ldots ,P_r\) are public random permutation oracles that the adversary can query in a black-box way) was studied in a number of recent papers, culminating with the work of Chen and Steinberger (EUROCRYPT 2014), who proved that the r-round Even–Mansour cipher is indistinguishable from a truly random permutation up to \(\mathcal {O}(2^{\frac{rn}{r+1}})\) queries of any adaptive adversary (which is an optimal security bound since it matches a simple distinguishing attack). All results in this entire line of work share the common restriction that they only hold under the assumption that the round keys \(k_0,\ldots ,k_r\) and the permutations \(P_1,\ldots ,P_r\) are independent. In particular, for two rounds, the current state of knowledge is that the block cipher \(E(x)=k_2\oplus P_2(k_1\oplus P_1(k_0\oplus x))\) is provably secure up to \(\mathcal {O}(2^{2n/3})\) queries of the adversary, when \(k_0\), \(k_1\), and \(k_2\) are three independent n-bit keys, and \(P_1\) and \(P_2\) are two independent random n-bit permutations. In this paper, we ask whether one can obtain a similar bound for the two-round Even–Mansour cipher from just one n-bit key and one n-bit permutation. Our answer is positive: When the three n-bit round keys \(k_0\), \(k_1\), and \(k_2\) are adequately derived from an n-bit master key k, and the same permutation P is used in place of \(P_1\) and \(P_2\), we prove a qualitatively similar \(\widetilde{\mathcal {O}}(2^{2n/3})\) security bound (in the random permutation model). To the best of our knowledge, this is the first “beyond the birthday bound” security result for AES-like ciphers that does not assume independent round keys.     

Electrical Transport Mechanisms and Photoconduction in Undoped Crystalline Flash-Evaporated Lead Iodide Thin Films

The flash-evaporation technique was utilized to fabricate undoped 1.35-μm and 1.2-μm thick lead iodide films at substrate temperatures \( T_{\rm{s}} = 150 \)°C and 200°C, respectively. The films were deposited onto a coplanar comb-like copper (Cu-) electrode pattern, previously coated on glass substrates to form lateral metal–semiconductor–metal (MSM-) structures. The as-measured constant-temperature direct-current (dc)-voltage (\( I\left( {V;T} \right) - V \)) curves of the obtained lateral coplanar Cu-PbI₂-Cu samples (film plus electrode) displayed remarkable ohmic behavior at all temperatures (\( T = 18 - 90\,^\circ {\hbox{C}} \)). Their dc electrical resistance \( R_{\rm{dc}} (T \)) revealed a single thermally-activated conduction mechanism over the temperature range with activation energy \( E_{\rm{act}} \approx 0.90 - 0.98 \,{\hbox{eV}} \), slightly less than half of room-temperature bandgap energy \( E_{\rm{g}} \) (\( \approx \,2.3\, {\hbox{eV}} \)) of undoped 2H-polytype PbI₂ single crystals. The undoped flash-evaporated \( {\hbox{PbI}}_{\rm{x}} \) thin films were homogeneous and almost stoichiometric (\( x \approx 1.87 \)), in contrast to findings on lead iodide films prepared by other methods, and were highly crystalline hexagonal 2H-polytypic structure with c-axis perpendicular to the surface of substrates maintained at \( T_{\rm{s}} { \gtrsim }150^\circ {\hbox{C}} \). Photoconductivity measurements made on these lateral Cu-PbI₂-Cu-structures under on–off visible-light illumination reveal a feeble photoresponse for long wavelengths (\( \lambda > 570\,{\hbox{nm}} \)), but a strong response to blue light of photon energy \( E_{\rm{ph}} \) \( \approx \,2.73 \, {\hbox{eV}} \) (\( > E_{\rm{g}} \)), due to photogenerated electron–hole (e–h) pairs via direct band-to-band electronic transitions. The constant-temperature/dc voltage current–time \( I\left( {T,V} \right) - t \) curves of the studied lateral PbI₂ MSM-structures at low ambient temperatures (\( T < 50^\circ {\hbox{C}} \)), after cutting off the blue-light illumination, exhibit two trapping mechanisms with different relaxation times. These strongly depend on \( V \) and \( T \), with thermally generated charge carriers in the PbI₂ mask photogenerated (e–h) pairs at higher temperatures.     

Comparison of $$(1+\alpha )$$ Fractional-Order Transfer Functions to Approximate Lowpass Butterworth Magnitude Responses

Three fractional-order transfer functions are analyzed for differences in realizing (\(1+\alpha \)) order lowpass filters approximating a traditional Butterworth magnitude response. These transfer functions are realized by replacing traditional capacitors with fractional-order capacitors (\(Z=1/s^{\alpha }C\) where \(0\le \alpha \le 1\)) in biquadratic filter topologies. This analysis examines the differences in least squares error, stability, \(-\)3 dB frequency, higher-order implementations, and parameter sensitivity to determine the most suitable (\(1+\alpha \)) order transfer function for the approximated Butterworth magnitude responses. Each fractional-order transfer function for \((1+\alpha )=1.5\) is realized using a Tow–Thomas biquad a verified using SPICE simulations.     

A 3.1–10.6 GHz UWB LNA Based on Self Cascode Technique for Improved Bandwidth and High Gain

In this work, we present a self cascode based ultra-wide band (UWB) low noise amplifier (LNA) with improved bandwidth and gain for 3.1–10.6 GHz wireless applications. The self cascode (SC) or split-length compensation technique is employed to improve the bandwidth and gain of the proposed LNA. The improvement in the bandwidth of SC based structure is around 1.22 GHz as compared to simple one. The significant enhancement in the characteristics of the introduced circuit is found without extra passive components. The SC based CS–CG structure in the proposed LNA uses the same DC current for operating first stage transistors. In the designed UWB LNA, a common source (CS) stage is used in the second stage to enhance the overall gain in the high frequency regime. With a standard 90 nm CMOS technology, the presented UWB LNA results in a gain \(\hbox {S}_{21}\) of \(20.10 \pm 1.65\,\hbox {dB}\) across the 3.1–10.6 GHz frequency range, and dissipating 11.52 mW power from a 1 V supply voltage. However, input reflection, \(\hbox {S}_{11}\), lies below \(-\,10\) dB from 4.9–9.1 GHz frequency. Moreover, the output reflection (\(\hbox {S}_{22}\)) and reverse isolation (\(\hbox {S}_{12}\)), is below \(-\,10\) and \(-\,48\) dB, respectively for the ultra-wide band region. Apart from this, the minimum noise figure (\(\hbox {NF}_{min}\)) value of the proposed UWB LNA exists in the range of 2.1–3 dB for 3.1–10.6 GHz frequency range with a a small variation of \(\pm \,0.45\,\hbox {dB}\) in its \(\hbox {NF}_{min}\) characteristics. Linearity of the designed LNA is analysed in terms of third order input intercept point (IIP3) whose value is \(-\,4.22\) dBm, when a two tone signal is applied at 6 GHz with a spacing of 10 MHz. The other important benefits of the proposed circuit are its group-delay variation and gain variation of \(\pm \,115\,\hbox {ps}\) and \(\pm \,1.65\,\hbox {dB}\), respectively.     

Error performance of optically preamplified hybrid BPSK-PPM systems with transmitter and receiver imperfections

In this paper, we investigate the impact of the transmitter finite extinction ratio and the receiver carrier recovery phase offset on the error performance of two optically preamplified hybrid M-ary pulse position modulation (PPM) systems with coherent detection. The first system, referred to as PB-mPPM, combines polarization division multiplexing (PDM) with binary phase-shift keying and M-ary PPM, and the other system, referred to as PQ-mPPM, combines PDM with quadrature phase-shift keying and M-ary PPM. We provide new expressions for the probability of bit error for PB-mPPM and PQ-mPPM under finite extinction ratios and phase offset. The extinction ratio study indicates that the coherent systems PB-mPPM and PQ-mPPM outperform the direct-detection ones. It also shows that at \(P_b=10^{-9}\) PB-mPPM has a slight advantage over PQ-mPPM. For example, for a symbol size \(M=16\) and extinction ratio \(r=30\) dB, PB-mPPM requires 0.6 dB less SNR per bit than PQ-mPPM to achieve \(P_b=10^{-9}\). This investigation demonstrates that PB-mPPM is less complex and less sensitive to the variations of the offset angle \(\theta \) than PQ-mPPM. For instance, for \(M=16\), \(r=30\) dB, and \(\theta =10^{\circ }\) PB-mPPM requires 1.6 dB less than PQ-mPPM to achieve \(P_b=10^{-9}\). However, PB-mPPM enhanced robustness to phase offset comes at the expense of a reduced bandwidth efficiency when compared to PQ-mPPM. For example, for \(M=2\) its bandwidth efficiency is 60 % that of PQ-mPPM and \(\approx 86\,\%\) for \(M=1024\). For these reasons, PB-mPPM can be considered a reasonable design trade-off for M-ary PPM systems.     

5.18–7.42 GHz LC-VCO in subthreshold regime with low power low phase noise and immunity to PVT variations in 130 nm CMOS technology

In this paper, we propose an LC-VCO using automatic amplitude control and filtering technique to eliminate frequency noise around 2\(\omega _0\). The LC-VCO is designed with TSMC 130 nm CMOS RF technology, and biased in subthreshold regime in order to get more negative transconductance to overcome the losses in the LC-Tank and achieve less power consumption. The designed VCO operates at 5.17 GHz and can be tuned from 5.17 to 7.398 GHz, which is corresponding to 35.5% tuning range. The VCO consumes through it 495–440.5 \(\upmu\)W from 400 mV dc supply. This VCO achieves a phase noise of \(-\,122.3\) and \(-\,111.7\) dBc/Hz at 1 MHz offset from 5.17 and 7.39 GHz carrier, respectively. The calculated Figure-of-merits (FoM) at 1 MHz offset from 5.17 and 7.39 GHz is \(-\,199.7\) and \(-\,192.4\) dBc/Hz, respectively. And it is under \(-\,190.5\) dBc/Hz through all the tuning range. The FoM\(_T\) at 1 MHz offset from 5.17 GHz carrier is \(-\,210.6\) dBc/Hz. The proposed design was simulated for three different temperatures (\(-\,55\), 27, \(125\,^{\circ }\hbox {C}\)), and three supply voltages (0.45, 0.4, 0.35 V), it was concluded that the designed LC-VCO presents high immunity to PVT variations, and can be used for multi-standard wireless LAN communication protocols 802.11a/b/g.     

Efficient Slide Attacks

The slide attack, presented by Biryukov and Wagner, has already become a classical tool in cryptanalysis of block ciphers. While it was used to mount practical attacks on a few cryptosystems, its practical applicability is limited, as typically, its time complexity is lower bounded by \(2^n\) (where n is the block size). There are only a few known scenarios in which the slide attack performs better than the \(2^n\) bound. In this paper, we concentrate on efficient slide attacks, whose time complexity is less than \(2^n\). We present a number of new attacks that apply in scenarios in which previously known slide attacks are either inapplicable, or require at least \(2^n\) operations. In particular, we present the first known slide attack on a Feistel construction with a 3-round self-similarity, and an attack with practical time complexity of \(2^{40}\) on a 128-bit key variant of the GOST block cipher with unknown S-boxes. The best previously known attack on the same variant, with known S-boxes (by Courtois), has time complexity of \(2^{91}\).     

Generalized $${\varvec{H}_{\infty }}$$ model reduction for stable two-dimensional discrete systems

For model reduction, the approximation performance sometimes needs to be enhanced over a specific frequency range. Motivated by this fact, the paper investigates generalized \(H_{\infty }\) model reduction for stable two-dimensional (2-D) discrete systems represented by the Roesser model and the Fornasini–Machesini local state-space model, respectively. The generalized \(H_{\infty }\) norm of 2-D systems is introduced to evaluate the approximation error over a specific finite frequency (FF) domain. In light of the 2-D generalized Kalman–Yakubovich–Popov lemmas, sufficient conditions in terms of linear matrix inequalities are derived for the existence of a stable reduced-order model satisfying a specified generalized \(H_{\infty }\) level. Several examples are provided to illustrate the effectiveness and advantages of the proposed method. Compared with most of the existing 2-D model reduction results, the proposed method has the following merits: (1) The generalized \(H_\infty \) model reduction problems are considered for both important types of 2-D models, and no structural assumption is made for the plant model, so that our method has a broader applicable scope. (2) The reduced-order model is guaranteed to be stable, and an upper bound on the generalized \(H_{\infty }\) error is provided. Moreover, no frequency weighting function is needed. (3) The proposed method is applicable for 2-D model reduction with multiple FF specifications.     

Design and Performance Study of Dynamic Fractors in Any of the Four Quadrants

A fractor is a simple fractional-order system. Its transfer function is \(1/Fs^{\alpha }\); the coefficient, F, is called the fractance, and \(\alpha \) is called the exponent of the fractor. This paper presents how a fractor can be realized, using RC ladder circuit, meeting the predefined specifications on both F and \(\alpha \). Besides, commonly reported fractors have \(\alpha \) between 0 and 1. So, their constant phase angles (CPA) are always restricted between \(0^{\circ }\) and \(-90^{\circ }\). This work has employed GIC topology to realize fractors from any of the four quadrants, which means fractors with \(\alpha \) between \(-\)2 and +2. Hence, one can achieve any desired CPA between \(+180^{\circ }\) and \(-180^{\circ }\). The paper also exhibits how these GIC parameters can be used to tune the fractance of emulated fractors in real time, thus realizing dynamic fractors. In this work, a number of fractors are developed as per proposed technique, their impedance characteristics are studied, and fractance values are tuned experimentally.     

Automata Evaluation and Text Search Protocols with Simulation-Based Security

This paper presents efficient protocols for securely computing the following two problems: (1) The fundamental problem of pattern matching. This problem is defined in the two-party setting, where party \(P_1\) holds a pattern and party \(P_2\) holds a text. The goal of \(P_1\) is to learn where the pattern appears in the text, without revealing it to \(P_2\) or learning anything else about \(P_2\)’s text. This problem has been widely studied for decades due to its broad applicability. We present several protocols for several notions of security. We further generalize one of our solutions to solve additional pattern matching-related problems of interest. (2) Our construction from above, in the malicious case, is based on a novel protocol for secure oblivious automata evaluation which is of independent interest. In this problem, party \(P_1\) holds an automaton and party \(P_2\) holds an input string, and they need to decide whether the automaton accepts the input, without learning anything else. Our protocol obtains full security in the face of malicious adversaries.     

Synchronization of Coupled Neutral-Type Delay Partial Differential Systems

This paper considers the asymptotical synchronization and \(H_\infty \) synchronization for coupled neutral-type delay partial differential systems (NDPDSs). First, we construct a coupled synchronization error dynamic. Using the method of nonsingular matrix transformation, we decouple these coupled synchronization error dynamical systems. Then we study the asymptotical stability of the decoupled synchronization error dynamical systems through the Lyapunov–Krasovskii functional method, which implies the asymptotical synchronization of the coupled NDPDSs. Furthermore, when external disturbances enter the coupled NDPDSs, the \(H_\infty \) synchronization problem is also considered. The equivalence between the \(H_\infty \) stability of decoupled synchronization error dynamical systems and the \(H_\infty \) synchronization of coupled NDPDSs is proved by rigorous mathematical analysis. Then the criterion for the \(H_\infty \) stabilization is presented, which guarantees the \(H_\infty \) synchronization of the coupled NDPDSs. Moreover, as a remarkable difference between the ordinary differential systems and partial differential systems, the effect of the spatial domain on the synchronization is revealed through the obtained criteria. At last, numerical examples are given to illustrate the correctness of our results.     

Locally Computable UOWHF with Linear Shrinkage

We study the problem of constructing locally computable universal one-way hash functions (UOWHFs) \(\mathcal {H}:\{0,1\}^n \rightarrow \{0,1\}^m\). A construction with constant output locality, where every bit of the output depends only on a constant number of bits of the input, was established by Applebaum et al. (SIAM J Comput 36(4):845–888, 2006). However, this construction suffers from two limitations: (1) it can only achieve a sublinear shrinkage of \(n-m=n^{1-\epsilon }\) and (2) it has a super-constant input locality, i.e., some inputs influence a large super-constant number of outputs. This leaves open the question of realizing UOWHFs with constant output locality and linear shrinkage of \(n-m= \epsilon n\), or UOWHFs with constant input locality and minimal shrinkage of \(n-m=1\). We settle both questions simultaneously by providing the first construction of UOWHFs with linear shrinkage, constant input locality and constant output locality. Our construction is based on the one-wayness of “random” local functions—a variant of an assumption made by Goldreich (Studies in Complexity and Cryptography, 76–87, 2011; ECCC 2010). Using a transformation of Ishai et al. (STOC, 2008), our UOWHFs give rise to a digital signature scheme with a minimal additive complexity overhead: signing n-bit messages with security parameter \(\kappa \) takes only \(O(n+\kappa )\) time instead of \(O(n\kappa )\) as in typical constructions. Previously, such signatures were only known to exist under an exponential hardness assumption. As an additional contribution, we obtain new locally computable hardness amplification procedures for UOWHFs that preserve linear shrinkage.     

Low Voltage High Output Impedance Bulk-Driven Quasi-Floating Gate Self-Biased High-Swing Cascode Current Mirror

A low voltage self-biased high-swing cascode current mirror using bulk-driven quasi-floating gate MOSFET is proposed in this paper. The proposed current mirror bandwidth and especially the output impedance show a significant improvement compared to prior arts. The current mirror presented is designed using bulk-driven and bulk-driven quasi-floating gate N-channel MOS transistors, which helped it to operate at very low supply voltage of \({\pm }0.2\,\hbox {V}\). To achieve high output resistance, the current mirror uses regulated cascode stage followed by super cascode architecture. The small-signal analysis carried out proves the improvement achieved by proposed current mirror. The current mirror circuit operates well for input current ranging from 0 to \(250\,{\upmu }\mathrm{A}\) with good linearity and shows the bandwidth of 285 MHz. The input and output resistances are found as \(240\,\Omega \) and \(19.5\,\hbox {G}\Omega \), respectively. Further, the THD analysis and Monte Carlo simulations carried prove the robustness of proposed current mirror. The complete analysis is done using HSpice on UMC \(0.18\,\upmu \mathrm{m}\) technology.     

Ultra-Fast Current Mode Sense Amplifier for Small $$I_{\mathrm{CELL}}$$ SRAM in FinFET with Improved Offset Tolerance

In this paper, a novel, high-performance and robust sense amplifier (SA) design is presented for small \(I_\mathrm{CELLl}\) SRAM, using fin-shaped field effect transistors (FinFET) in 22-nm technology. The technique offers data-line-isolated current sensing approach. Compared with the conventional CSA (CCSA) and hybrid SA (HSA), the proposed current feed-SA (CF-SA) demonstrates 2.15\(\times \) and 3.02\(\times \) higher differential current, respectively, for \({V}_{\mathrm{DD}}\) of 0.6 V. Our results indicate that even at the worst corner, CF-SA can provide 2.23\(\times \) and 1.7\(\times \) higher data-line differential voltage compared with CCSA and HSA, respectively. Further, 66.89 and 31.47 % reductions in the cell access time are achieved compared to the CCSA and HSA, respectively, under similar \(I_\mathrm{CELLl}\) and bit-line and data-line capacitance. Statistical simulations have proved that the CF-SA provides high read yield with 32.39 and 22.24 % less \(\upsigma _{\mathrm{Delay}}\). It also offers a much better read effectiveness and robustness against the data-line capacitance as well as \({V}_{\mathrm{DD}}\) variation. Furthermore, the CF-SA is able to tolerate a large offset of the input devices, up to 80 mV at \({V}_{\mathrm{DD}}=0.6\hbox {V}\).     

Mixed RF/FSO bidirectional system achieving spectral efficiency

The performance of two-way relay (TWR)-assisted mixed radio-frequency/free-space optical (RF/FSO) system is evaluated in this letter. The proposed system employs decode-and-forward relaying phenomena where the relay is basically an interfacing node between two source nodes \(S_1\) and \(S_2\), where \(S_1\) supports RF signal, while \(S_2\) supports FSO signal. The TWR-assisted system helps in achieving spectral efficiency by managing bidirectional communication in three time slots, thus maximizing the achievable rate of the network. The RF link is subjected to generalized \(\eta -\mu \) distribution, and the optical channel is affected by path loss, pointing errors and gamma–gamma (gg) distributed atmospheric turbulence. The novel expressions for the probability density function and cumulative distribution function of the equivalent end-to-end signal-to-noise ratio (SNR) are derived. Capitalizing on these derived statistics of end-to-end SNR, the expressions of outage probability and the bit-error rate for different binary modulations and M-ary modulations are provided.     

Secret-Sharing Schemes for Very Dense Graphs

A secret-sharing scheme realizes a graph if every two vertices connected by an edge can reconstruct the secret while every independent set in the graph does not get any information on the secret. Similar to secret-sharing schemes for general access structures, there are gaps between the known lower bounds and upper bounds on the share size for graphs. Motivated by the question of what makes a graph “hard” for secret-sharing schemes (that is, they require large shares), we study very dense graphs, that is, graphs whose complement contains few edges. We show that if a graph with \(n\) vertices contains \(\left( {\begin{array}{c}n\\ 2\end{array}}\right) -n^{1+\beta }\) edges for some constant \(0 \le \beta <1\), then there is a scheme realizing the graph with total share size of \(\tilde{O}(n^{5/4+3\beta /4})\). This should be compared to \(O(n^2/\log (n))\), the best upper bound known for the total share size in general graphs. Thus, if a graph is “hard,” then the graph and its complement should have many edges. We generalize these results to nearly complete \(k\)-homogeneous access structures for a constant \(k\). To complement our results, we prove lower bounds on the total share size for secret-sharing schemes realizing very dense graphs, e.g., for linear secret-sharing schemes, we prove a lower bound of \(\Omega (n^{1+\beta /2})\) for a graph with \(\left( {\begin{array}{c}n\\ 2\end{array}}\right) -n^{1+\beta }\) edges.     

On the equivalence of multivariate polynomial matrices

The equivalence of system is an important concept in multidimensional (\(n\)D) system, which is closely related to equivalence of multivariate polynomial matrices. This paper mainly investigates the equivalence of some \(n\)D polynomial matrices, several new results and conditions on the reduction by equivalence of a given \(n\)D polynomial matrix to its Smith form are obtained.     

Stabilization of Discrete-time Fuzzy Systems Via Delta Operators and its Application to Truck–Trailer Model

This paper addresses the problem of robust \(L_2{-}L_\infty \) control in delta domain for a class of Takagi–Sugeno (TS) fuzzy systems with interval time-varying delays and disturbance input. In particular, the system under study involves state time delay, uncertainties and fast sampling period \(\mathcal {T}\). The main aim of this work was to design a \(L_2{-}L_\infty \) controller such that the proposed TS fuzzy system is robustly asymptotically stable with a \(L_2{-}L_\infty \) prescribed performance level \(\gamma >0\). Based on the proper Lyapunov–Krasovskii functional (LKF) involving lower and upper bound of time delay and free-weighting technique, a new set of delay-dependent sufficient conditions in terms of linear matrix inequalities (LMIs) are established for obtaining the required result. The result reveals that the asymptotic stability is achieved quickly when the sampling frequency is high. Finally, a numerical example based on the truck–trailer model is given to demonstrate the effectiveness and potential of the proposed design technique.