Robust Distributed Estimation over Multiple Access Channels with Constant Modulus Signaling

A distributed estimation scheme where the sensors transmit with constant modulus signals over a multiple access channel is considered. The proposed estimator is shown to be strongly consistent for any sensing noise distribution in the i.i.d. case both for a per-sensor power constraint, and a total power constraint. When the distributions of the sensing noise are not identical, a bound on the variances is shown to establish strong consistency. The estimator is shown to be asymptotically normal with a variance (AsV) that depends on the characteristic function of the sensing noise. Optimization of the AsV is considered with respect to a transmission phase parameter for a variety of noise distributions exhibiting differing levels of impulsive behavior. The robustness of the estimator to impulsive sensing noise distributions such as those with positive excess kurtosis, or those that do not have finite moments is shown. The proposed estimator is favorably compared with the amplify and forward scheme under an impulsive noise scenario. The effect of fading is shown to not affect the consistency of the estimator, but to scale the asymptotic variance by a constant fading penalty depending on the fading statistics. Simulations corroborate our analytical results.Comment: 28 pages, 10 figures, submitted to IEEE Transactions on Signal Processing for consideratio

Unbalancing Sets and an Almost Quadratic Lower Bound for Syntactically Multilinear Arithmetic Circuits

We prove a lower bound of Omega(n^2/log^2 n) on the size of any syntactically multilinear arithmetic circuit computing some explicit multilinear polynomial f(x_1, ..., x_n). Our approach expands and improves upon a result of Raz, Shpilka and Yehudayoff ([Ran Raz et al., 2008]), who proved a lower bound of Omega(n^{4/3}/log^2 n) for the same polynomial. Our improvement follows from an asymptotically optimal lower bound for a generalized version of Galvin\u27s problem in extremal set theory

Unbalancing Sets and An Almost Quadratic Lower Bound for Syntactically Multilinear Arithmetic Circuits

We prove a lower bound of Ω(n²/log²n) on the size of any syntactically multilinear arithmetic circuit computing some explicit multilinear polynomial f(x₁,...,x_n). Our approach expands and improves upon a result of Raz, Shpilka and Yehudayoff ([34]), who proved a lower bound of Ω(n^(4/3)/log²n) for the same polynomial. Our improvement follows from an asymptotically optimal lower bound for a generalized version of Galvin's problem in extremal set theory. A special case of our combinatorial result implies, for every n, a tight Ω(n) lower bound on the minimum size of a family F of subsets of cardinality 2n of a set X of size 4n, so that any subset of X of size 2n has intersection of size exactly n with some member of F. This settles a problem of Galvin up to a constant factor, extending results of Frankl and Rödl [15] and Enomoto et al. [12], who proved in 1987 the above statement (with a tight constant) for odd values of n, leaving the even case open

Two-Dimensional Golay Complementary Array Sets With Arbitrary Lengths for Omnidirectional MIMO Transmission

This paper presents a coding approach for achieving omnidirectional transmission of certain common signals in massive multi-input multi-output (MIMO) networks such that the received power at any direction in a cell remains constant for any given distance. Specifically, two-dimensional (2D) Golay complementary array set (GCAS) can be used to design the massive MIMO precoding matrix so as to achieve omnidirectional transmission due to its complementary autocorrelation property. In this paper, novel constructions of new 2D GCASs with arbitrary array lengths are proposed. Our key idea is to carefully truncate the columns of certain larger arrays generated by 2D generalized Boolean functions. Finally, the power radiation patterns and numerical results are provided to verify the omnidirectional property of the GCAS-based precoding. The error performances of the proposed precoding scheme are presented to validate its superiority over the existing alternatives

Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms

Cryptanalytic attacks can be divided into two classes: pure mathematical attacks and Side Channel Attacks (SCAs). Pure mathematical attacks are traditional cryptanalytic techniques that rely on known or chosen input-output pairs of the cryptographic function and exploit the inner structure of the cipher to reveal the secret key information. On the other hand, in SCAs, it is assumed that attackers have some access to the cryptographic device and can gain some information from its physical implementation. Cold-boot attack is a SCA which exploits the data remanence property of Random Access Memory (RAM) to retrieve its content which remains readable shortly after its power has been removed. Fault analysis is another example of SCAs in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, by careful inspection of faulty outputs, the attacker recovers the secret information, such as secret inner state or secret key. Scan-based Design-For-Test (DFT) is a widely deployed technique for testing hardware chips. Scan-based SCAs exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature. In the first part of this work, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks. We also present a fault analysis on both NTRUEncrypt and NTRUSign cryptosystems. For this specific original instantiation of the NTRU encryption system with parameters $(N,p,q)$, our attack succeeds with probability $\approx 1-\frac{1}{p}$ and when the number of faulted coefficients is upper bounded by $t$, it requires $O((pN)^t)$ polynomial inversions in $\mathbb Z/p\mathbb Z[x]/(x^{N}-1)$. We also investigate several techniques to strengthen hardware implementations of NTRUEncrypt against this class of attacks. For NTRUSign with parameters ($N$, $q=p^l$, $\mathcal{B}$, \emph{standard}, $\mathcal{N}$), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault to succeed with probability $\approx 1-\frac{1}{p}$ and requires $O((qN)^t)$ steps when the number of faulted polynomial coefficients is upper bounded by $t$. The attack is also applicable to NTRUSign utilizing the \emph{transpose} NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are also investigated. Furthermore, we present a scan-based SCA on NTRUEncrypt hardware implementations that employ scan-based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key. Several key agreement schemes based on matrices were recently proposed. For example, \'{A}lvarez \emph{et al.} proposed a scheme in which the secret key is obtained by multiplying powers of block upper triangular matrices whose elements are defined over $\mathbb{Z}_p$. Climent \emph{et al.} identified the elements of the endomorphisms ring $End(\mathbb{Z}_p \times \mathbb{Z}_{p^2})$ with elements in a set, $E_p$, of matrices of size $2\times 2$, whose elements in the first row belong to $\mathbb{Z}_{p}$ and the elements in the second row belong to $\mathbb{Z}_{p^2}$. Keith Salvin presented a key exchange protocol using matrices in the general linear group, $GL(r,\mathbb{Z}_n)$, where $n$ is the product of two distinct large primes. The system is fully specified in the US patent number 7346162 issued in 2008. In the second part of this work, we present mathematical cryptanalytic attacks against these three schemes and show that they can be easily broken for all practical choices of their security parameters