High security pairing-based cryptography revisited
一种高连通率的传感器网络密钥预分配方法
法利 用 区组设 计和 有 限 影 射 平面 构 造 密钥 预 分 配
任 意两 个 不 同 的 区 组 B , … 至 多 相 交 于 有 一 个 B 点, 称这 样 的区 组设 计 ( , 为一 个 ( b rk 结 ) , ,,) 构. 由这 样 的 ( B) 构造 的密 钥预 分 配 方 法 的特 ) 点 是 : 于节 点 Ⅳ 来 说 , 对 与其 有公 共密 钥 的节 点个 数达 到理 论 上 的最 大值 .D( , 设计 是 满足 以下 T k ) 条 件 的三元 组 ( , , ) I 是 一 个 有 个 点 的 I :) - 1
收稿 日期 :0 1一I O . 21 2一 2
主要 目的是 为传 感器节 点建 立共 享密钥 , 而 为网 从
络提供安全的通信链路. 大量 研究表明 , 对称密钥 管理方 法 以其简 单高效 的特 点更加 符合 未 来 WS N 网络 的安 全 应 用. N 网络 对 称 密 钥 管 理 的核 心 WS
s r n e s r so a e g o p k y n mbe o me tt e a t a e nd o s a d s n o t rg r u e u rt e h c u ld ma Ke y wor :wiee s s n o ewo k ds rl s e s r n t r s;k y p e d srb to e r - iti u in;g o p;ma rx p ln mil ru t o y o a i
全同态加密技术的历史、发展和数学理论
全同态加密技术的历史、发展和数学理论一、前言完全同态加密(Fully Homomorphic Encryption,FHE)技术是近年来迅猛发展的一项重要技术,是对外部数据和算法进行加密,保护数据隐私的一种技术。
它可以在加密的数据上进行全部的计算,而不会暴露其本质,为数据隐私保密提供了新的保障方法。
二、历史发展1. 1978年,G.R.Blakleyne在“计算机世界”杂志发表了“多轮密码”算法,这是完全同态加密技术的先声。
2. 2009年,A.Gentry提出了完全同态加密,设计出了完全同态加密系统,也是完全同态加密发展的重要标志。
3. 2016年,通过对完全同态加密技术的实验证明,完全同态加密技术取得了显著的研究成果,突破原来的局限。
4. 2018年至今,完全同态加密技术的应用及其发展逐渐受到誉和,已成为保护数据隐私的重要手段。
三、数学理论完全同态加密技术是基于困难猜测分离问题(Guessable Separation Problem,GSP)以及困难中间性质(Hard Middle Problem,HMP)的数学研究。
GSP问题指的是给定的钥匙只能用有限试探的方式猜出钥匙的明文内容。
HMP问题则是在一定范围内改变钥匙的内容,以及钥匙本身的数据进行破解,也就是给定的一组数据,需要找出中间的一个数字研究,当改变这个数字的大小即可破解钥匙,这就是HMP问题。
有了上述理论研究,完全同态加密就实现了在全加密的状态下,完成对加密数据的算法运算,而不必暴露原有的数据,从而保证了数据的隐私,使完全同态加密技术得以应用于人们的日常生活中。
四、结论完全同态加密技术在近几年发展迅猛,已成为数据隐私保护的有效手段。
它的基础理论是困难猜测分离问题(GSP)与中间性质问题(HMP),使我们能够对加密的数据进行猜测分离和中间计算,保护数据的隐私,更好的服务人们的日常生活。
融合残差和卷积注意力机制的U-Net_网络高分影像道路提取
第44卷第3期航天返回与遥感2023年6月SPACECRAFT RECOVERY & REMOTE SENSING119融合残差和卷积注意力机制的U-Net网络高分影像道路提取张亚宁张春亢王朝游晨宇(贵州大学矿业学院,贵阳550025)摘要针对在高分辨率遥感影像中因道路特征模糊或“同谱异物”现象影响,出现局部道路提取缺失和提取错误的问题,提出一种融合残差和卷积注意力机制的U-Net网络高分影像道路提取方法。
首先,以U-Net网络为基础,加入改进的残差模块缓解网络训练过程中易出现的网络性能退化问题;然后,嵌入卷积注意力机制模块加强对道路细节特征的深度表征能力;最后通过几何变换对数据集进行合理扩充,增强网络泛化能力。
在公开数据集马塞诸塞州数据集(Massachusetts Roads Dataset)和DeepGlobe 道路数据集上对模型进行测试,实验结果表明:文章提出的方法在两个数据集上整体精度分别达到97.02%和98.26%,相比其他模型具有更好的提取效果,对道路特征的深度表征性更强,抗干扰性较好,有效改善了道路提取中出现的错提、漏提现象,显著提高了道路提取的精度和完整性。
关键词道路提取残差模块卷积注意力机制高分辨率遥感影像中图分类号: P237文献标志码: A 文章编号: 1009-8518(2023)03-0119-14DOI: 10.3969/j.issn.1009-8518.2023.03.013Road Extraction Method of High-Resolution Image Based on U-Net Network Combining Residual and Convolution Attention Mechanism ZHANG Yaning ZHANG Chunkang WANG Chao YOU Chenyu(College of Mining, Guizhou University, Guiyang 550025, China)Abstract Aiming at the problems of missing local road extraction and wrong extraction due to the blurring of road features or the phenomenon of "same-spectrum foreign objects" in high-resolution remote sensing images, this paper proposes an improved method for road extraction from high-resolution remote sensing images, which is based on U-Net combining residual and convolutional attention mechanism. Firstly, based on the U-Net network, an improved residual module is added to alleviate the problem of network performance degradation that is easy to occur during network training. Secondly, the convolutional attention mechanism module is embedded to enhance the deep representation of road details. Finally, the data set is reasonably expanded through geometric transformation to enhance network generalization ability. The model is tested on the public datasets Massachusetts roads and DeepGlobe road datasets, and the experimental results show that the overall accuracy of the method收稿日期:2022-09-26基金项目:国家自然科学基金(41701464);中国科学院战略性先导科技专项子课题(XDA2806020101);贵州大学培育项目(贵大培育[2019] 26号)引用格式:张亚宁, 张春亢, 王朝, 等. 融合残差和卷积注意力机制的U-Net网络高分影像道路提取[J]. 航天返回与遥感, 2023, 44(3): 119-132.ZHANG Yaning, ZHANG Chunkang,WANG Chao, et al. Road Extraction Method of High-Resolution Image Based on U-Net Network Combining Residual and Convolution Attention Mechanism[J]. Spacecraft Recovery & Remote120航天返回与遥感2023年第44卷proposed in this paper reaches 97.02% and 98.26% respectively on the two datasets. Compared with other models, it has a better extraction effect, and has a stronger deep representation of road features and better anti-interference performance, which can effectively improve the problems of wrong and missing extraction phenomenon in road extraction, and significantly improve the accuracy and integrity of road extraction.Keywords road extraction; residual module; convolutional attention mechanism; high-resolution remote sensing images0 引言道路作为重要的基础地理信息要素,其分布错综复杂,建设范围较广,及时更新道路分布信息是地理信息数据库建设的重要基础,因此从高分辨率遥感影像中实现对道路的精准提取成为近些年国内外学者的研究热点。
13N_超高纯锗单晶的制备与性能研究
第53卷第3期2024年3月人㊀工㊀晶㊀体㊀学㊀报JOURNAL OF SYNTHETIC CRYSTALS Vol.53㊀No.3March,202413N 超高纯锗单晶的制备与性能研究顾小英1,赵青松1,牛晓东1,狄聚青1,张家瑛1,肖㊀溢1,罗㊀恺2(1.安徽光智科技有限公司,滁州㊀239000;2.广东先导稀材股份有限公司,清远㊀511517)摘要:13N 超高纯锗单晶是制作超高纯锗探测器的核心材料㊂本文通过还原法获得还原锗锭,再由水平区熔法提纯获得12N 高纯锗多晶,最后由直拉法生长得到13N 超高纯锗单晶㊂通过低温霍尔测试㊁位错密度检测㊁深能级瞬态谱(DLTS)测试对13N 超高纯锗单晶性能进行分析㊂低温霍尔测试结果显示,晶体头部截面平均迁移率为4.515ˑ104cm 2㊃V -1㊃s -1,载流子浓度为1.176ˑ1010cm -3,导电类型为p 型,位错密度为2256cm -2;尾部截面平均迁移率为4.620ˑ104cm 2㊃V -1㊃s -1,载流子浓度为1.007ˑ1010cm -3,导电类型为p 型,位错密度为2589cm -2㊂晶体深能级杂质浓度为1.843ˑ109cm -3㊂以上结果表明该晶体是13N 超高纯锗单晶㊂关键词:锗单晶;探测器;迁移率;载流子浓度;位错密度中图分类号:O78㊀㊀文献标志码:A ㊀㊀文章编号:1000-985X (2024)03-0497-06Preparation and Properties of 13N Ultra-High Purity Germanium Single CrystalsGU Xiaoying 1,ZHAO Qingsong 1,NIU Xiaodong 1,DI Juqing 1,ZHANG Jiaying 1,XIAO Yi 1,LUO Kai 2(1.Anhui Guangzhi Technology Co.,Ltd.,Chuzhou 239000,China;2.Guangdong Pioneer Thin Materials Co.,Ltd.,Qingyuan 511517,China)Abstract :13N ultra-high purity germanium single crystal is the core material for producing ultra-high purity germanium detectors.This article obtains reduced germanium ingots by reduction method,then purifies them by horizontal zone refining method to obtain 12N high-purity germanium polycrystals,and finally grows 13N ultra-high purity germanium single crystals by Czochralski method.The performance of 13N ultra-high purity germanium single crystal was tested and studied through low-temperature Hall test,dislocation density test,and deep level transient spectroscopy (DLTS)detection.The low-temperature Hall results show that the average mobility of the crystal head cross-section is 4.515ˑ104cm 2㊃V -1㊃s -1,the carrier concentration is 1.176ˑ1010cm -3,and the conductivity is p-type,the dislocation density at the crystal head is 2256cm -2.The average mobility of the tail section is 4.620ˑ104cm 2㊃V -1㊃s -1,the carrier concentration is 1.007ˑ1010cm -3,and the conductivity type is p-type,the dislocation density at the tail of the crystal is 2589cm -2.The concentration of deep level impurities in the crystal is 1.843ˑ109cm -3.The results indicate that the crystal is 13N ultra-high purity germanium single crystal.Key words :germanium single crystal;detector;mobility;carrier concentration;dislocation density㊀㊀收稿日期:2023-10-27㊀㊀基金项目:国家重点研发计划(2021YFC2902805);2022年核能开发科研项目(HNKF202224(28))㊀㊀作者简介:顾小英(1995 ),女,贵州省人㊂E-mail:xiaoying.gu@ ㊀㊀通信作者:狄聚青,博士,正高级工程师㊂E-mail:juqing.di@ 0㊀引㊀㊀言高纯锗探测器在探测射线,尤其是χ㊁γ射线,具有能量分辨率高㊁探测效果好㊁性能稳定等不可比拟的优势[1]㊂在实际应用中,高纯锗探测器的耗尽层电压与净杂质浓度成正比[2-3]㊂若净杂质浓度较高,则探测器的全耗尽电压也较高,而探测器的实际工作电压通常还要高于全耗尽电压㊂过高的电压会造成探测器的漏电流增加,能量分辨率变差㊂若净杂质浓度过低,虽然探测器的全耗尽电压会降低,但是探测器灵敏区的电场强度也会下降,不利于载流子的有效收集[4-7]㊂通常,探测器级p 型超高纯锗单晶净杂质浓度需在498㊀研究论文人工晶体学报㊀㊀㊀㊀㊀㊀第53卷(5~20)ˑ109cm-3,迁移率大于2.5ˑ104cm2㊃V-1㊃s-1,位错密度100~10000cm-2,深能级杂质不大于4.5ˑ109cm-3[8-10]㊂随着我国核电工业的增长和高能物理试验的发展,对高纯锗探测器的需求量日益增大㊂国内研发超高纯锗晶体的主要单位有深圳大学㊁广东先导先进材料股份有限公司㊁云南中科鑫圆晶体材料有限公司等㊂其中,深圳大学制备出直径为20~50mm㊁净杂质浓度小于4.0ˑ1011cm-3㊁位错密度小于5000cm-2的锗单晶[1]㊂广东先导先进材料股份有限公司获得净杂质浓度5ˑ1010cm-3的锗锭[11]㊂云南中科鑫圆晶体材料有限公司获得载流子浓度小于1ˑ1011cm-3㊁电阻率大于2ˑ103Ω㊃cm㊁迁移率大于1ˑ104cm2㊃V-1㊃s-1的超高纯多晶材料[12]㊂目前,国产13N超高纯锗单晶无法满足国内需求,超高纯锗晶体仍然依靠进口㊂本文通过二氧化锗还原㊁水平区熔提纯㊁单晶提拉生长获得锗单晶,并经低温霍尔㊁位错密度㊁深能级瞬态谱等测试,结果表明晶体性能符合13N超高纯锗标准㊂1㊀实㊀㊀验1.1㊀还原、区熔提纯与晶体生长将6N二氧化锗粉放入石墨舟中,再将装有6N二氧化锗粉的石墨舟放入还原炉中,先通氮气将炉内空气置换干净,再通入氢气将炉内氮气置换干净,打开加热开关使炉内温度升至1150ħ,将二氧化锗粉还原成锗锭㊂选用电阻率大于1Ω㊃cm的还原锗锭作为水平区熔的原料,正常情况下还原锗锭电阻率均大于1Ω㊃cm㊂将锗锭进行碱腐蚀㊁清洗㊁脱水㊁吹干,放入镀好碳膜的石英舟中㊂将装有锗锭的石英舟放入水平区熔炉中,先通高纯氮气将炉内空气置换干净,再通入高纯氢气将炉内氮气置换干净,打开加热开关使温度升至980ħ,区熔30~40次,得到12N高纯锗多晶㊂将水平区熔得到载流子浓度小于2ˑ1011cm-3的高纯锗多晶作为单晶生长原料㊂先将高纯锗多晶依次泡在三氯乙烷㊁丙酮㊁甲醇中进行超声清洗10min,去除在切割中产生的有机物以及缝隙中的杂质,再进行酸腐蚀㊁清洗㊁甲醇脱水㊁高纯氮气吹干,然后将原料装入单晶炉内㊂通入高纯氮气将炉内空气置换干净,再通入高纯氢气将炉内氮气置换干净,为了排除水㊁氧等不利因素的影响,在高纯氢气流通氛围下,将温度升至400~500ħ,进行预热2~5h㊂再将温度升到1000ħ进行化料,待锗料完全熔化后,将温度降至940~970ħ,恒温30~60min,确保锗料温度以及纯度均匀分布,有利于后续生长出纯度均匀㊁低位错晶体㊂将籽晶降低至离液面1cm处,对籽晶进行预热30min,降低籽晶与液面温度差,减少籽晶插入液面时温度波动,以及引晶时位错增长㊂将籽晶缓慢插入熔体,根据熔体界面调整功率,待有一定宽度光圈出现后等待10~20min开始引晶,逐渐增大拉速至20~30mm/h,保持此拉速引晶10~30min,控制晶体直径在5~10mm;然后进行缩颈,手动增加拉速,间隔10min均匀增加拉速10~20mm/h,至拉速升至90~150mm/h,控制晶体直径稳定在3~5mm,此条件下排出了大部分位错,使得单晶位错达到500~5000cm-2;而后进行细颈,保持拉速为90~150mm/h,在此高拉速下提拉细颈,此阶段提拉长度为90~150mm㊂为了得到低位错超高纯锗晶体,放肩分两步进行,第一步分两阶段:1)均匀降拉速;2)均匀降温度㊂先控制动能后控制热能,在此条件下均匀放肩,不会产生新的位错㊂第二步先均匀降低晶转和埚转,均匀升高拉速;然后降低频率均匀降温,使得晶体放肩和等径相互衔接,晶体在此条件下会抑制界面的反转过程,防止晶体直径放肩后变细,晶体变得不规则,并防止晶体产生缺陷㊂先进行放肩一,保持拉速为90~150mm/h,在此高拉速下提拉细颈,此阶段提拉长度为90~150mm,控制功率均匀降温,降温频率为120~180W/h,放肩1~2h,晶体直径逐渐长大至50~65mm;再进行放肩二,控制功率均匀降温,降低晶转至3~5r/min,降低埚转至3~5r/min,均匀升高拉速至30~40mm/h;降温频率为80~120W/h,继续放肩1~2h,待晶体直径稳定保持在70~80mm,停止降温㊂最后进行等径,均匀恢复拉速至20~30mm/h,观察晶体直径,手动控制功率,使得晶体直径保持为70~80mm,等径过程4~6h㊂进行收尾,调低埚升至0.3~0.8mm/h,控制功率均匀降温,降温频率为100~200W/h,收尾2~3h,至石英坩埚内熔液完全拉完㊂最后进行降温,关闭晶升㊁埚升,控制功率降温至㊀第3期顾小英等:13N 超高纯锗单晶的制备与性能研究499㊀图1㊀13N 超高纯锗单晶照片Fig.1㊀Photo of 13N ultra-high purity germanium single crystal 室温㊂为了防止温度变化过快使得晶体产生位错,降温分三个阶段:第一阶段300~400W /h,降温1h;第二阶段500~600W /h,降温2h;第三阶段800~1000W /h,降温5~7h,至室温,关闭晶转㊁埚转,完成晶体提拉㊂本文通过原料处理㊁装炉㊁通气㊁预热㊁化料㊁引晶㊁缩颈㊁细颈㊁放肩㊁等径㊁收尾㊁降温,得到13N 超高纯锗单晶CZ15晶体,如图1所示㊂1.2㊀晶体检测预处理用切割机切取10mm ˑ10mm ˑ1.2mm 规格的方片样品用于霍尔检测,经过研磨㊁抛光㊁腐蚀至镜面,腐蚀液为氢氟酸㊁硝酸溶液的混合液,体积比为1ʒ4,腐蚀时间为1~3min,腐蚀温度为室温㊂用镊子在方片四个角压锡粒,然后进行退火热处理,退火氛围为高纯氮气,退火温度为500ħ,退火时间为30min,使电极合金化,可得到良好的欧姆接触㊂由于常温和低温欧姆接触有差异,同一个样品,在常温I-V 曲线是线性,在低温下不一定是线性的,为了确认电极的欧姆接触是否良好,需在常温进行一次I-V 检测,是线性后,再在低温进行一次I-V 检测,也是线性后,方可进行低温霍尔检测㊂用切割机切取5mm 厚的片用于位错密度检测,经过研磨㊁抛光㊁腐蚀至出现均匀亮点,腐蚀液为氢氟酸㊁硝酸㊁硝酸铜溶液的混合液,体积比为2ʒ1ʒ1,腐蚀时间为10min,腐蚀温度为(10ʃ5)ħ㊂用于深能级瞬态谱(deep level transient spectroscopy,DLTS)检测的样品,用切割机切取15mm ˑ15mm ˑ2mm 规格的方片,经过研磨㊁抛光㊁腐蚀至镜面,腐蚀处理与霍尔样片相同㊂p 型晶体的正面溅射圆点锡膜,作为肖特基电极,背面用锡箔连接铜片,进行退火处理,退火氛围为高纯氮气,退火温度为250ħ,时间为30min,作为欧姆电极,此处退火温度需低于300ħ,避免造成Cu 扩散㊂2㊀结果与讨论图2㊀还原锗锭电阻率数据Fig.2㊀Reduced germanium ingot resistivity data 2.1㊀常/低温电阻率检测对还原锗锭进行常温电阻率检测,每隔5cm 检测一个点,正常情况下,整根还原锗锭电阻率均大于1Ω㊃cm,均可投入水平区熔提纯,检测结果如图2所示㊂高纯锗多晶先进行常温电阻率检测,再从电阻率大于50Ω㊃cm 区域的头尾选取大块单晶粒制作成霍尔片进行低温霍尔检测㊂将高纯锗多晶放置在23ħ恒温的房间,直至高纯锗多晶冷却至(23ʃ0.5)ħ,用常温电阻率测试设备进行电阻率检测,电阻率大于50Ω㊃cm 为初步合格段㊂电阻率大于50Ω㊃cm 的产率为70%~80%,检测结果如图3所示㊂对超高纯锗单晶先进行低温电阻率检测,再从载流子浓度小于5ˑ1010cm -3区域的头尾取霍尔片进行低温霍尔检测㊂用金刚笔对照钢尺每隔2cm 做标记,然后用画笔刷蘸取铟镓锡合金,沿着标记处画薄层,使合金不呈现任何形状的液滴状㊂用铜片缠绕在锗单晶晶体放肩和收尾处作为接触电极,将缠绕好的锗单晶晶体放置在杜瓦罐里的V 型支架上㊂向杜瓦罐里充装液氮,直至没过锗单晶,等液面稳定后,合金露出液面1~2cm,可进行低温电阻率检测[11]㊂通过霍尔公式,将低温电阻率转换为载流子浓度:N =1/(ρμq ),其中ρ是测量电阻率,单位为Ω㊃cm,N 是载流子浓度,单位为cm -3,q 是单位电荷量,q =1.602ˑ10-19C,μ是迁移率,单位为cm 2㊃V -1㊃s -1㊂其中,ρ可由检测设备测得,q 为常量,μ可根据以往霍尔检测得到的迁移率值求得平均值,将p 型晶体的μ设置为42000cm 2㊃V -1㊃s -1,低温电阻率设备的迁移率μ可手动更改,可根据不断累积的霍尔检测数据定期更新㊂CZ15晶体低温电阻率检测得到的数据,如图4所示㊂500㊀研究论文人工晶体学报㊀㊀㊀㊀㊀㊀第53卷图3㊀多晶区熔电阻率数据Fig.4㊀Crystal overall carrier concentration data Fig.3㊀Polycrystalline zone refining resistivity data图4㊀晶体整体载流子浓度数据2.2㊀低温霍尔检测对于电阻率大于50Ω㊃cm的高纯锗多晶段,在头尾分别选取大块单晶粒制作成霍尔片,进行低温霍尔检测,直至头尾载流子浓度均小于2ˑ1011cm-3,根据检测结果,合格率为40%~60%,其中一个位置的检测结果,如图5所示㊂通过实验可知,低温电阻率测试晶体表面得到的载流子浓度偏高于低温霍尔检测得到的载流子浓度,所以在载流子浓度小于5ˑ1010cm-3的锗单晶晶体段的头尾分别取霍尔片进行低温霍尔检测,每个截面取2个片,边缘和中间各1片,直至载流子浓度小于2ˑ1010cm-3为止,其中CZ15头部一个位置的检测结果,如图6所示㊂根据低温霍尔检测结果显示:CZ15晶体合格段头部截面平均迁移率为4.515ˑ104cm2㊃V-1㊃s-1,载流子浓度为1.176ˑ1010cm-3;尾部截面平均迁移率为4.620ˑ104cm2㊃V-1㊃s-1,载流子浓度为1.007ˑ1010cm-3㊂此晶段头尾迁移率均>2.5ˑ104cm2㊃V-1㊃s-1,载流子浓度均<2ˑ1010cm-3㊂经过多次实验可知,通过水平区熔得到电阻率大于50Ω㊃cm的多晶区熔的产率为70%~80%,得到载流子浓度小于2ˑ1011cm-3的高纯锗多晶的产率为40%~60%㊂在不掺杂的情况下,通过直拉法生长,得到的超高纯锗晶体前40%~60%为p型,np转化区占10%~20%,后20%~50%为n型,p型载流子浓度小于2ˑ1010cm-3的晶体段有30~80mm㊂图5㊀多晶区熔霍尔数据Fig.5㊀Hall data of polycrystalline zone refining图6㊀单晶提拉霍尔数据Fig.6㊀Hall data of single crystal pullingium㊀第3期顾小英等:13N 超高纯锗单晶的制备与性能研究501㊀2.3㊀位错密度检测晶体位错密度使用金相显微镜进行检测,显微镜下可以看到的晶体缺陷,其中CZ15晶体载流子浓度合格段的尾部CZ15-T 截面中一个点的检测结果,如图7所示㊂由于位错密度分布均匀,可选取单晶片中对角线上的9个测量点,视场为1mm 2,用显微镜检测这9个测量点的缺陷情况㊂每个检测点视场内的腐蚀坑密度(etch pit density,EPD)是所计数的腐蚀坑总数除以面积:n d =n i /S ,式中:S 为视场面积,单位为cm 2;n i 为穿过视场面积S 的腐蚀坑数目㊂平均位错密度N d =1/9ðn d ,将9个测量点在视场1mm 2的EPD 值和N d 标注在位错记录图上㊂且将肉眼观察到的宏观缺陷标记在位错记录图上,如图8所示,从图中可看出,CZ15-T 位错密度为2589cm -2且没有其他缺陷㊂根据位错密度检测结果显示,CZ15晶体载流子浓度合格段的头部CZ15-H 位错密度为2256cm -2,尾部CZ15-T 位错密度为2589cm -2,此晶段头尾位错密度均控制在100~10000cm -2,且没有其他缺陷㊂晶体生长过程中,在其他因素稳定的情况下,可通过控制缩颈直径㊁缩颈长度㊁放肩速度来降低晶体位错密度,一般能控制在100~5000cm -2㊂图7㊀显微镜下的晶体缺陷图片Fig.7㊀Photograph of crystal defects under amicroscope 图8㊀晶体尾位缺陷数据Fig.8㊀Crystal tail defect data 2.4㊀深能级杂质浓度检测深能级杂质在半导体中引入的能级位于禁带中央附近,远离导带底(或价带顶),有以下特点:深能级杂质电离能大,施主能级远离导带底,受主能级远离价带顶,不容易电离,对载流子浓度影响不大;一般会产生多重能级,甚至既产生施主能级也产生受主能级;能起到复合中心作用,使少数载流子寿命降低;深能级杂质电离以后为带电中心,对载流子起散射作用,使载流子迁移率减小,导电性能下降㊂13N 超高纯锗单晶深能级杂质主要是Cu,p 型超高纯锗要求深能级杂质浓度不大于4.5ˑ109cm -3㊂使用深能级瞬态谱仪对高纯锗晶体CZ15载流子浓度和位错密度均合格晶段的头部进行深能级杂质浓度检测,得到DLTS 谱图,如图9所示,对测试结束进行峰值拟合,拟合结果如表1所示㊂从表中可看出在陷阱深度0.042eV 中捕获到的Cu s 浓度为9.40ˑ108cm -3,在陷阱深度0.072eV 中捕获到的Cu-H 浓度为3.17ˑ108cm -3,在陷阱深度0.170eV 中捕获到的Cu-H 浓度为5.22ˑ108cm -3,在陷阱深度0.304eV 中捕获图9㊀13N p 型超高纯锗DLTS 谱图Fig.9㊀13N p-type ultra-high purity germanium DLTS spectrum 到的Cu s 浓度为6.37ˑ107cm -3,没有捕获到Cu-H-Li,通过多次检测可知,不同样品同类陷阱深度会在一定范围内波动㊂经过多次检测发现,载流子浓度和晶体缺陷都会影响样片的充放电,从而影响峰值,所以在进行p 型超高纯锗晶体DLTS 检测前,先进行低温霍尔和位错检测,在载流子浓度小于2ˑ1010cm -3,位错密度为100~10000cm -2的晶段头部取样片,进行DLTS 检测㊂本文生长出的CZ15晶体头部深能级杂质浓度为1.843ˑ109cm -3,符合13N p 型超高纯锗深能级指标要求㊂以上检测显示CZ15晶段符合13N 超高纯锗指标,对晶段进行测量,此晶段长度为45mm,直径为76mm,质量为1095g㊂502㊀研究论文人工晶体学报㊀㊀㊀㊀㊀㊀第53卷表1㊀13N p型超高纯锗DLTS拟合结果Table1㊀Fitting results of13N p-type ultra-high purity germanium DLTSImpurity centerΔE/eV Sigma/cm2N T/cm-3Cu s(1)0.042 3.80ˑ10-179.40ˑ108Cu-H(1)0.072 1.52ˑ10-20 3.17ˑ108Cu-H-Li0.16000Cu-H(2)0.170 1.88ˑ10-15 5.22ˑ108Cu s(2)0.3047.31ˑ10-14 6.37ˑ1073㊀结㊀㊀论本文通过二氧化锗还原㊁水平区熔提纯㊁直拉法生长得到13N超高纯锗单晶,其长度为45mm,直径为76mm,质量为1095g,头部截面平均迁移率为4.515ˑ104cm2㊃V-1㊃s-1,载流子浓度为1.176ˑ1010cm-3,位错密度为2256cm-2,尾部截面平均迁移率为4.620ˑ104cm2㊃V-1㊃s-1,载流子浓度为1.007ˑ1010cm-3,位错密度为2589cm-2,头部深能级杂质浓度为1.843ˑ109cm-3㊂此晶体的迁移率㊁载流子浓度㊁位错密度㊁深能级杂质浓度指标均达到了探测器级的使用标准,尺寸也达到了同轴探测器的使用标准㊂参考文献[1]㊀白尔隽,郑志鹏,高德喜,等.高纯锗探测器的广泛应用和自主研制进展[J].原子核物理评论,2016,33(1):52-56.BAI E J,ZHENG Z P,GAO D X,et al.Extensive application and independent research progress of HPGe detector[J].Nuclear Physics Review,2016,33(1):52-56(in Chinese).[2]㊀郝㊀昕,孙慧斌,赵海歌,等.高纯锗多晶材料区熔速度优化的数值模拟[J].深圳大学学报(理工版),2016,33(3):248-253.HAO X,SUN H B,ZHAO H G,et al.Numerical simulation on optimization of zone melting speed of high-purity germanium polycrystalline materials[J].Journal of Shenzhen University Science and Engineering,2016,33(3):248-253(in Chinese).[3]㊀王国干,姚建亚.对国产高纯锗单晶纯度的估计[J].核电子学与探测技术,1987,7(1):59-61.WANG G G,YAO J Y.Estimation of purity of high-purity germauium crystal made in China[J].Nuclear Electronics&Detection Technology, 1987,7(1):59-61(in Chinese).[4]㊀孙雪瑜.高纯锗单晶质量对核辐射探测器的影响[J].稀有金属,1985,9(3):42-49.SUN X Y.Influence of high purity germanium single crystal quality on nuclear radiation detector[J].Chinese Journal of Rare Metals,1985,9(3):42-49(in Chinese).[5]㊀刘㊀锋,耿博耘,韩焕鹏.辐射探测器用高纯锗单晶技术研究[J].电子工业专用设备,2012,41(5):27-31.LIU F,GENG B Y,HAN H P.Research of ultra-purity germanium single crystal s technology for radiation detector[J].Equipment for Electronic Products Manufacturing,2012,41(5):27-31(in Chinese).[6]㊀白尔雋,姜仪锡,苏荫权,等.超高纯锗多晶材料的制备[J].吉林大学自然科学学报,1988,26(3):89-90.BAI E J,JIANG Y X,SU Y Q,et al.Preparation of ultra-pure germanium polycrystalline material[J].Journal of Jilin University,1988,26(3):89-90(in Chinese).[7]㊀白尔隽.高纯锗多晶材料的制备[J].核技术,1998,21(9):558-561.BAI E J.Preparation of high purity germanium polycrystalline materials[J].Nuclear Techniques,1998,21(9):558-561(in Chinese). [8]㊀IEEE Standard Test Procedures for High-Purity Germanium Crystals for Radiation Detectors:IEEE1160-1993(R2006)[S].Institute ofElectrical and Electronics Engineers.[9]㊀SIMOEN E,CLAUWS P,BROECKX J,et al.Correlation between DLTS-measurements and the performance of high purity germanium detectors[J].IEEE Transactions on Nuclear Science,1982,29(1):789-792.[10]㊀SIMOEN E,CLAUWS P,HUYLEBROECK G,et al.Correlation between deep-level parameters and energy resolution of p-type high purity Geγ-detectors[J].Nuclear Instruments and Methods in Physics Research Section A:Accelerators,Spectrometers,Detectors and Associated Equipment,1986,251(3):519-526.[11]㊀赵青松,牛晓东,黄幸慰,等.区域熔炼提纯超高纯锗[J].广州化工,2019,47(17):88-90.ZHAO Q S,NIU X D,HUANG X W,et al.Purification of high purity germanium by zone refining[J].Guangzhou Chemical Industry,2019,47(17):88-90(in Chinese).[12]㊀李学洋,林作亮,米家蓉,等.超高纯锗多晶材料制备工艺方法研究[J].云南冶金,2020,49(1):56-60.LI X Y,LIN Z L,MI J R,et al.Research on preparation technology of ultra-high purity germanium polycrystalline material[J].Yunnan Metallurgy,2020,49(1):56-60(in Chinese).。
3GPP TS 36.331 V13.2.0 (2016-06)
3GPP TS 36.331 V13.2.0 (2016-06)Technical Specification3rd Generation Partnership Project;Technical Specification Group Radio Access Network;Evolved Universal Terrestrial Radio Access (E-UTRA);Radio Resource Control (RRC);Protocol specification(Release 13)The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organizational Partners and shall not be implemented.This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organizational Partners' Publications Offices.KeywordsUMTS, radio3GPPPostal address3GPP support office address650 Route des Lucioles - Sophia AntipolisValbonne - FRANCETel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16InternetCopyright NotificationNo part may be reproduced except as authorized by written permission.The copyright and the foregoing restriction extend to reproduction in all media.© 2016, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC).All rights reserved.UMTS™ is a Trade Mark of ETSI registered for the benefit of its members3GPP™ is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational PartnersLTE™ is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners GSM® and the GSM logo are registered and owned by the GSM AssociationBluetooth® is a Trade Mark of the Bluetooth SIG registered for the benefit of its membersContentsForeword (18)1Scope (19)2References (19)3Definitions, symbols and abbreviations (22)3.1Definitions (22)3.2Abbreviations (24)4General (27)4.1Introduction (27)4.2Architecture (28)4.2.1UE states and state transitions including inter RAT (28)4.2.2Signalling radio bearers (29)4.3Services (30)4.3.1Services provided to upper layers (30)4.3.2Services expected from lower layers (30)4.4Functions (30)5Procedures (32)5.1General (32)5.1.1Introduction (32)5.1.2General requirements (32)5.2System information (33)5.2.1Introduction (33)5.2.1.1General (33)5.2.1.2Scheduling (34)5.2.1.2a Scheduling for NB-IoT (34)5.2.1.3System information validity and notification of changes (35)5.2.1.4Indication of ETWS notification (36)5.2.1.5Indication of CMAS notification (37)5.2.1.6Notification of EAB parameters change (37)5.2.1.7Access Barring parameters change in NB-IoT (37)5.2.2System information acquisition (38)5.2.2.1General (38)5.2.2.2Initiation (38)5.2.2.3System information required by the UE (38)5.2.2.4System information acquisition by the UE (39)5.2.2.5Essential system information missing (42)5.2.2.6Actions upon reception of the MasterInformationBlock message (42)5.2.2.7Actions upon reception of the SystemInformationBlockType1 message (42)5.2.2.8Actions upon reception of SystemInformation messages (44)5.2.2.9Actions upon reception of SystemInformationBlockType2 (44)5.2.2.10Actions upon reception of SystemInformationBlockType3 (45)5.2.2.11Actions upon reception of SystemInformationBlockType4 (45)5.2.2.12Actions upon reception of SystemInformationBlockType5 (45)5.2.2.13Actions upon reception of SystemInformationBlockType6 (45)5.2.2.14Actions upon reception of SystemInformationBlockType7 (45)5.2.2.15Actions upon reception of SystemInformationBlockType8 (45)5.2.2.16Actions upon reception of SystemInformationBlockType9 (46)5.2.2.17Actions upon reception of SystemInformationBlockType10 (46)5.2.2.18Actions upon reception of SystemInformationBlockType11 (46)5.2.2.19Actions upon reception of SystemInformationBlockType12 (47)5.2.2.20Actions upon reception of SystemInformationBlockType13 (48)5.2.2.21Actions upon reception of SystemInformationBlockType14 (48)5.2.2.22Actions upon reception of SystemInformationBlockType15 (48)5.2.2.23Actions upon reception of SystemInformationBlockType16 (48)5.2.2.24Actions upon reception of SystemInformationBlockType17 (48)5.2.2.25Actions upon reception of SystemInformationBlockType18 (48)5.2.2.26Actions upon reception of SystemInformationBlockType19 (49)5.2.3Acquisition of an SI message (49)5.2.3a Acquisition of an SI message by BL UE or UE in CE or a NB-IoT UE (50)5.3Connection control (50)5.3.1Introduction (50)5.3.1.1RRC connection control (50)5.3.1.2Security (52)5.3.1.2a RN security (53)5.3.1.3Connected mode mobility (53)5.3.1.4Connection control in NB-IoT (54)5.3.2Paging (55)5.3.2.1General (55)5.3.2.2Initiation (55)5.3.2.3Reception of the Paging message by the UE (55)5.3.3RRC connection establishment (56)5.3.3.1General (56)5.3.3.1a Conditions for establishing RRC Connection for sidelink communication/ discovery (58)5.3.3.2Initiation (59)5.3.3.3Actions related to transmission of RRCConnectionRequest message (63)5.3.3.3a Actions related to transmission of RRCConnectionResumeRequest message (64)5.3.3.4Reception of the RRCConnectionSetup by the UE (64)5.3.3.4a Reception of the RRCConnectionResume by the UE (66)5.3.3.5Cell re-selection while T300, T302, T303, T305, T306, or T308 is running (68)5.3.3.6T300 expiry (68)5.3.3.7T302, T303, T305, T306, or T308 expiry or stop (69)5.3.3.8Reception of the RRCConnectionReject by the UE (70)5.3.3.9Abortion of RRC connection establishment (71)5.3.3.10Handling of SSAC related parameters (71)5.3.3.11Access barring check (72)5.3.3.12EAB check (73)5.3.3.13Access barring check for ACDC (73)5.3.3.14Access Barring check for NB-IoT (74)5.3.4Initial security activation (75)5.3.4.1General (75)5.3.4.2Initiation (76)5.3.4.3Reception of the SecurityModeCommand by the UE (76)5.3.5RRC connection reconfiguration (77)5.3.5.1General (77)5.3.5.2Initiation (77)5.3.5.3Reception of an RRCConnectionReconfiguration not including the mobilityControlInfo by theUE (77)5.3.5.4Reception of an RRCConnectionReconfiguration including the mobilityControlInfo by the UE(handover) (79)5.3.5.5Reconfiguration failure (83)5.3.5.6T304 expiry (handover failure) (83)5.3.5.7Void (84)5.3.5.7a T307 expiry (SCG change failure) (84)5.3.5.8Radio Configuration involving full configuration option (84)5.3.6Counter check (86)5.3.6.1General (86)5.3.6.2Initiation (86)5.3.6.3Reception of the CounterCheck message by the UE (86)5.3.7RRC connection re-establishment (87)5.3.7.1General (87)5.3.7.2Initiation (87)5.3.7.3Actions following cell selection while T311 is running (88)5.3.7.4Actions related to transmission of RRCConnectionReestablishmentRequest message (89)5.3.7.5Reception of the RRCConnectionReestablishment by the UE (89)5.3.7.6T311 expiry (91)5.3.7.7T301 expiry or selected cell no longer suitable (91)5.3.7.8Reception of RRCConnectionReestablishmentReject by the UE (91)5.3.8RRC connection release (92)5.3.8.1General (92)5.3.8.2Initiation (92)5.3.8.3Reception of the RRCConnectionRelease by the UE (92)5.3.8.4T320 expiry (93)5.3.9RRC connection release requested by upper layers (93)5.3.9.1General (93)5.3.9.2Initiation (93)5.3.10Radio resource configuration (93)5.3.10.0General (93)5.3.10.1SRB addition/ modification (94)5.3.10.2DRB release (95)5.3.10.3DRB addition/ modification (95)5.3.10.3a1DC specific DRB addition or reconfiguration (96)5.3.10.3a2LWA specific DRB addition or reconfiguration (98)5.3.10.3a3LWIP specific DRB addition or reconfiguration (98)5.3.10.3a SCell release (99)5.3.10.3b SCell addition/ modification (99)5.3.10.3c PSCell addition or modification (99)5.3.10.4MAC main reconfiguration (99)5.3.10.5Semi-persistent scheduling reconfiguration (100)5.3.10.6Physical channel reconfiguration (100)5.3.10.7Radio Link Failure Timers and Constants reconfiguration (101)5.3.10.8Time domain measurement resource restriction for serving cell (101)5.3.10.9Other configuration (102)5.3.10.10SCG reconfiguration (103)5.3.10.11SCG dedicated resource configuration (104)5.3.10.12Reconfiguration SCG or split DRB by drb-ToAddModList (105)5.3.10.13Neighbour cell information reconfiguration (105)5.3.10.14Void (105)5.3.10.15Sidelink dedicated configuration (105)5.3.10.16T370 expiry (106)5.3.11Radio link failure related actions (107)5.3.11.1Detection of physical layer problems in RRC_CONNECTED (107)5.3.11.2Recovery of physical layer problems (107)5.3.11.3Detection of radio link failure (107)5.3.12UE actions upon leaving RRC_CONNECTED (109)5.3.13UE actions upon PUCCH/ SRS release request (110)5.3.14Proximity indication (110)5.3.14.1General (110)5.3.14.2Initiation (111)5.3.14.3Actions related to transmission of ProximityIndication message (111)5.3.15Void (111)5.4Inter-RAT mobility (111)5.4.1Introduction (111)5.4.2Handover to E-UTRA (112)5.4.2.1General (112)5.4.2.2Initiation (112)5.4.2.3Reception of the RRCConnectionReconfiguration by the UE (112)5.4.2.4Reconfiguration failure (114)5.4.2.5T304 expiry (handover to E-UTRA failure) (114)5.4.3Mobility from E-UTRA (114)5.4.3.1General (114)5.4.3.2Initiation (115)5.4.3.3Reception of the MobilityFromEUTRACommand by the UE (115)5.4.3.4Successful completion of the mobility from E-UTRA (116)5.4.3.5Mobility from E-UTRA failure (117)5.4.4Handover from E-UTRA preparation request (CDMA2000) (117)5.4.4.1General (117)5.4.4.2Initiation (118)5.4.4.3Reception of the HandoverFromEUTRAPreparationRequest by the UE (118)5.4.5UL handover preparation transfer (CDMA2000) (118)5.4.5.1General (118)5.4.5.2Initiation (118)5.4.5.3Actions related to transmission of the ULHandoverPreparationTransfer message (119)5.4.5.4Failure to deliver the ULHandoverPreparationTransfer message (119)5.4.6Inter-RAT cell change order to E-UTRAN (119)5.4.6.1General (119)5.4.6.2Initiation (119)5.4.6.3UE fails to complete an inter-RAT cell change order (119)5.5Measurements (120)5.5.1Introduction (120)5.5.2Measurement configuration (121)5.5.2.1General (121)5.5.2.2Measurement identity removal (122)5.5.2.2a Measurement identity autonomous removal (122)5.5.2.3Measurement identity addition/ modification (123)5.5.2.4Measurement object removal (124)5.5.2.5Measurement object addition/ modification (124)5.5.2.6Reporting configuration removal (126)5.5.2.7Reporting configuration addition/ modification (127)5.5.2.8Quantity configuration (127)5.5.2.9Measurement gap configuration (127)5.5.2.10Discovery signals measurement timing configuration (128)5.5.2.11RSSI measurement timing configuration (128)5.5.3Performing measurements (128)5.5.3.1General (128)5.5.3.2Layer 3 filtering (131)5.5.4Measurement report triggering (131)5.5.4.1General (131)5.5.4.2Event A1 (Serving becomes better than threshold) (135)5.5.4.3Event A2 (Serving becomes worse than threshold) (136)5.5.4.4Event A3 (Neighbour becomes offset better than PCell/ PSCell) (136)5.5.4.5Event A4 (Neighbour becomes better than threshold) (137)5.5.4.6Event A5 (PCell/ PSCell becomes worse than threshold1 and neighbour becomes better thanthreshold2) (138)5.5.4.6a Event A6 (Neighbour becomes offset better than SCell) (139)5.5.4.7Event B1 (Inter RAT neighbour becomes better than threshold) (139)5.5.4.8Event B2 (PCell becomes worse than threshold1 and inter RAT neighbour becomes better thanthreshold2) (140)5.5.4.9Event C1 (CSI-RS resource becomes better than threshold) (141)5.5.4.10Event C2 (CSI-RS resource becomes offset better than reference CSI-RS resource) (141)5.5.4.11Event W1 (WLAN becomes better than a threshold) (142)5.5.4.12Event W2 (All WLAN inside WLAN mobility set becomes worse than threshold1 and a WLANoutside WLAN mobility set becomes better than threshold2) (142)5.5.4.13Event W3 (All WLAN inside WLAN mobility set becomes worse than a threshold) (143)5.5.5Measurement reporting (144)5.5.6Measurement related actions (148)5.5.6.1Actions upon handover and re-establishment (148)5.5.6.2Speed dependant scaling of measurement related parameters (149)5.5.7Inter-frequency RSTD measurement indication (149)5.5.7.1General (149)5.5.7.2Initiation (150)5.5.7.3Actions related to transmission of InterFreqRSTDMeasurementIndication message (150)5.6Other (150)5.6.0General (150)5.6.1DL information transfer (151)5.6.1.1General (151)5.6.1.2Initiation (151)5.6.1.3Reception of the DLInformationTransfer by the UE (151)5.6.2UL information transfer (151)5.6.2.1General (151)5.6.2.2Initiation (151)5.6.2.3Actions related to transmission of ULInformationTransfer message (152)5.6.2.4Failure to deliver ULInformationTransfer message (152)5.6.3UE capability transfer (152)5.6.3.1General (152)5.6.3.2Initiation (153)5.6.3.3Reception of the UECapabilityEnquiry by the UE (153)5.6.4CSFB to 1x Parameter transfer (157)5.6.4.1General (157)5.6.4.2Initiation (157)5.6.4.3Actions related to transmission of CSFBParametersRequestCDMA2000 message (157)5.6.4.4Reception of the CSFBParametersResponseCDMA2000 message (157)5.6.5UE Information (158)5.6.5.1General (158)5.6.5.2Initiation (158)5.6.5.3Reception of the UEInformationRequest message (158)5.6.6 Logged Measurement Configuration (159)5.6.6.1General (159)5.6.6.2Initiation (160)5.6.6.3Reception of the LoggedMeasurementConfiguration by the UE (160)5.6.6.4T330 expiry (160)5.6.7 Release of Logged Measurement Configuration (160)5.6.7.1General (160)5.6.7.2Initiation (160)5.6.8 Measurements logging (161)5.6.8.1General (161)5.6.8.2Initiation (161)5.6.9In-device coexistence indication (163)5.6.9.1General (163)5.6.9.2Initiation (164)5.6.9.3Actions related to transmission of InDeviceCoexIndication message (164)5.6.10UE Assistance Information (165)5.6.10.1General (165)5.6.10.2Initiation (166)5.6.10.3Actions related to transmission of UEAssistanceInformation message (166)5.6.11 Mobility history information (166)5.6.11.1General (166)5.6.11.2Initiation (166)5.6.12RAN-assisted WLAN interworking (167)5.6.12.1General (167)5.6.12.2Dedicated WLAN offload configuration (167)5.6.12.3WLAN offload RAN evaluation (167)5.6.12.4T350 expiry or stop (167)5.6.12.5Cell selection/ re-selection while T350 is running (168)5.6.13SCG failure information (168)5.6.13.1General (168)5.6.13.2Initiation (168)5.6.13.3Actions related to transmission of SCGFailureInformation message (168)5.6.14LTE-WLAN Aggregation (169)5.6.14.1Introduction (169)5.6.14.2Reception of LWA configuration (169)5.6.14.3Release of LWA configuration (170)5.6.15WLAN connection management (170)5.6.15.1Introduction (170)5.6.15.2WLAN connection status reporting (170)5.6.15.2.1General (170)5.6.15.2.2Initiation (171)5.6.15.2.3Actions related to transmission of WLANConnectionStatusReport message (171)5.6.15.3T351 Expiry (WLAN connection attempt timeout) (171)5.6.15.4WLAN status monitoring (171)5.6.16RAN controlled LTE-WLAN interworking (172)5.6.16.1General (172)5.6.16.2WLAN traffic steering command (172)5.6.17LTE-WLAN aggregation with IPsec tunnel (173)5.6.17.1General (173)5.7Generic error handling (174)5.7.1General (174)5.7.2ASN.1 violation or encoding error (174)5.7.3Field set to a not comprehended value (174)5.7.4Mandatory field missing (174)5.7.5Not comprehended field (176)5.8MBMS (176)5.8.1Introduction (176)5.8.1.1General (176)5.8.1.2Scheduling (176)5.8.1.3MCCH information validity and notification of changes (176)5.8.2MCCH information acquisition (178)5.8.2.1General (178)5.8.2.2Initiation (178)5.8.2.3MCCH information acquisition by the UE (178)5.8.2.4Actions upon reception of the MBSFNAreaConfiguration message (178)5.8.2.5Actions upon reception of the MBMSCountingRequest message (179)5.8.3MBMS PTM radio bearer configuration (179)5.8.3.1General (179)5.8.3.2Initiation (179)5.8.3.3MRB establishment (179)5.8.3.4MRB release (179)5.8.4MBMS Counting Procedure (179)5.8.4.1General (179)5.8.4.2Initiation (180)5.8.4.3Reception of the MBMSCountingRequest message by the UE (180)5.8.5MBMS interest indication (181)5.8.5.1General (181)5.8.5.2Initiation (181)5.8.5.3Determine MBMS frequencies of interest (182)5.8.5.4Actions related to transmission of MBMSInterestIndication message (183)5.8a SC-PTM (183)5.8a.1Introduction (183)5.8a.1.1General (183)5.8a.1.2SC-MCCH scheduling (183)5.8a.1.3SC-MCCH information validity and notification of changes (183)5.8a.1.4Procedures (184)5.8a.2SC-MCCH information acquisition (184)5.8a.2.1General (184)5.8a.2.2Initiation (184)5.8a.2.3SC-MCCH information acquisition by the UE (184)5.8a.2.4Actions upon reception of the SCPTMConfiguration message (185)5.8a.3SC-PTM radio bearer configuration (185)5.8a.3.1General (185)5.8a.3.2Initiation (185)5.8a.3.3SC-MRB establishment (185)5.8a.3.4SC-MRB release (185)5.9RN procedures (186)5.9.1RN reconfiguration (186)5.9.1.1General (186)5.9.1.2Initiation (186)5.9.1.3Reception of the RNReconfiguration by the RN (186)5.10Sidelink (186)5.10.1Introduction (186)5.10.1a Conditions for sidelink communication operation (187)5.10.2Sidelink UE information (188)5.10.2.1General (188)5.10.2.2Initiation (189)5.10.2.3Actions related to transmission of SidelinkUEInformation message (193)5.10.3Sidelink communication monitoring (195)5.10.6Sidelink discovery announcement (198)5.10.6a Sidelink discovery announcement pool selection (201)5.10.6b Sidelink discovery announcement reference carrier selection (201)5.10.7Sidelink synchronisation information transmission (202)5.10.7.1General (202)5.10.7.2Initiation (203)5.10.7.3Transmission of SLSS (204)5.10.7.4Transmission of MasterInformationBlock-SL message (205)5.10.7.5Void (206)5.10.8Sidelink synchronisation reference (206)5.10.8.1General (206)5.10.8.2Selection and reselection of synchronisation reference UE (SyncRef UE) (206)5.10.9Sidelink common control information (207)5.10.9.1General (207)5.10.9.2Actions related to reception of MasterInformationBlock-SL message (207)5.10.10Sidelink relay UE operation (207)5.10.10.1General (207)5.10.10.2AS-conditions for relay related sidelink communication transmission by sidelink relay UE (207)5.10.10.3AS-conditions for relay PS related sidelink discovery transmission by sidelink relay UE (208)5.10.10.4Sidelink relay UE threshold conditions (208)5.10.11Sidelink remote UE operation (208)5.10.11.1General (208)5.10.11.2AS-conditions for relay related sidelink communication transmission by sidelink remote UE (208)5.10.11.3AS-conditions for relay PS related sidelink discovery transmission by sidelink remote UE (209)5.10.11.4Selection and reselection of sidelink relay UE (209)5.10.11.5Sidelink remote UE threshold conditions (210)6Protocol data units, formats and parameters (tabular & ASN.1) (210)6.1General (210)6.2RRC messages (212)6.2.1General message structure (212)–EUTRA-RRC-Definitions (212)–BCCH-BCH-Message (212)–BCCH-DL-SCH-Message (212)–BCCH-DL-SCH-Message-BR (213)–MCCH-Message (213)–PCCH-Message (213)–DL-CCCH-Message (214)–DL-DCCH-Message (214)–UL-CCCH-Message (214)–UL-DCCH-Message (215)–SC-MCCH-Message (215)6.2.2Message definitions (216)–CounterCheck (216)–CounterCheckResponse (217)–CSFBParametersRequestCDMA2000 (217)–CSFBParametersResponseCDMA2000 (218)–DLInformationTransfer (218)–HandoverFromEUTRAPreparationRequest (CDMA2000) (219)–InDeviceCoexIndication (220)–InterFreqRSTDMeasurementIndication (222)–LoggedMeasurementConfiguration (223)–MasterInformationBlock (225)–MBMSCountingRequest (226)–MBMSCountingResponse (226)–MBMSInterestIndication (227)–MBSFNAreaConfiguration (228)–MeasurementReport (228)–MobilityFromEUTRACommand (229)–Paging (232)–ProximityIndication (233)–RNReconfiguration (234)–RNReconfigurationComplete (234)–RRCConnectionReconfiguration (235)–RRCConnectionReconfigurationComplete (240)–RRCConnectionReestablishment (241)–RRCConnectionReestablishmentComplete (241)–RRCConnectionReestablishmentReject (242)–RRCConnectionReestablishmentRequest (243)–RRCConnectionReject (243)–RRCConnectionRelease (244)–RRCConnectionResume (248)–RRCConnectionResumeComplete (249)–RRCConnectionResumeRequest (250)–RRCConnectionRequest (250)–RRCConnectionSetup (251)–RRCConnectionSetupComplete (252)–SCGFailureInformation (253)–SCPTMConfiguration (254)–SecurityModeCommand (255)–SecurityModeComplete (255)–SecurityModeFailure (256)–SidelinkUEInformation (256)–SystemInformation (258)–SystemInformationBlockType1 (259)–UEAssistanceInformation (264)–UECapabilityEnquiry (265)–UECapabilityInformation (266)–UEInformationRequest (267)–UEInformationResponse (267)–ULHandoverPreparationTransfer (CDMA2000) (273)–ULInformationTransfer (274)–WLANConnectionStatusReport (274)6.3RRC information elements (275)6.3.1System information blocks (275)–SystemInformationBlockType2 (275)–SystemInformationBlockType3 (279)–SystemInformationBlockType4 (282)–SystemInformationBlockType5 (283)–SystemInformationBlockType6 (287)–SystemInformationBlockType7 (289)–SystemInformationBlockType8 (290)–SystemInformationBlockType9 (295)–SystemInformationBlockType10 (295)–SystemInformationBlockType11 (296)–SystemInformationBlockType12 (297)–SystemInformationBlockType13 (297)–SystemInformationBlockType14 (298)–SystemInformationBlockType15 (298)–SystemInformationBlockType16 (299)–SystemInformationBlockType17 (300)–SystemInformationBlockType18 (301)–SystemInformationBlockType19 (301)–SystemInformationBlockType20 (304)6.3.2Radio resource control information elements (304)–AntennaInfo (304)–AntennaInfoUL (306)–CQI-ReportConfig (307)–CQI-ReportPeriodicProcExtId (314)–CrossCarrierSchedulingConfig (314)–CSI-IM-Config (315)–CSI-IM-ConfigId (315)–CSI-RS-Config (317)–CSI-RS-ConfigEMIMO (318)–CSI-RS-ConfigNZP (319)–CSI-RS-ConfigNZPId (320)–CSI-RS-ConfigZP (321)–CSI-RS-ConfigZPId (321)–DMRS-Config (321)–DRB-Identity (322)–EPDCCH-Config (322)–EIMTA-MainConfig (324)–LogicalChannelConfig (325)–LWA-Configuration (326)–LWIP-Configuration (326)–RCLWI-Configuration (327)–MAC-MainConfig (327)–P-C-AndCBSR (332)–PDCCH-ConfigSCell (333)–PDCP-Config (334)–PDSCH-Config (337)–PDSCH-RE-MappingQCL-ConfigId (339)–PHICH-Config (339)–PhysicalConfigDedicated (339)–P-Max (344)–PRACH-Config (344)–PresenceAntennaPort1 (346)–PUCCH-Config (347)–PUSCH-Config (351)–RACH-ConfigCommon (355)–RACH-ConfigDedicated (357)–RadioResourceConfigCommon (358)–RadioResourceConfigDedicated (362)–RLC-Config (367)–RLF-TimersAndConstants (369)–RN-SubframeConfig (370)–SchedulingRequestConfig (371)–SoundingRS-UL-Config (372)–SPS-Config (375)–TDD-Config (376)–TimeAlignmentTimer (377)–TPC-PDCCH-Config (377)–TunnelConfigLWIP (378)–UplinkPowerControl (379)–WLAN-Id-List (382)–WLAN-MobilityConfig (382)6.3.3Security control information elements (382)–NextHopChainingCount (382)–SecurityAlgorithmConfig (383)–ShortMAC-I (383)6.3.4Mobility control information elements (383)–AdditionalSpectrumEmission (383)–ARFCN-ValueCDMA2000 (383)–ARFCN-ValueEUTRA (384)–ARFCN-ValueGERAN (384)–ARFCN-ValueUTRA (384)–BandclassCDMA2000 (384)–BandIndicatorGERAN (385)–CarrierFreqCDMA2000 (385)–CarrierFreqGERAN (385)–CellIndexList (387)–CellReselectionPriority (387)–CellSelectionInfoCE (387)–CellReselectionSubPriority (388)–CSFB-RegistrationParam1XRTT (388)–CellGlobalIdEUTRA (389)–CellGlobalIdUTRA (389)–CellGlobalIdGERAN (390)–CellGlobalIdCDMA2000 (390)–CellSelectionInfoNFreq (391)–CSG-Identity (391)–FreqBandIndicator (391)–MobilityControlInfo (391)–MobilityParametersCDMA2000 (1xRTT) (393)–MobilityStateParameters (394)–MultiBandInfoList (394)–NS-PmaxList (394)–PhysCellId (395)–PhysCellIdRange (395)–PhysCellIdRangeUTRA-FDDList (395)–PhysCellIdCDMA2000 (396)–PhysCellIdGERAN (396)–PhysCellIdUTRA-FDD (396)–PhysCellIdUTRA-TDD (396)–PLMN-Identity (397)–PLMN-IdentityList3 (397)–PreRegistrationInfoHRPD (397)–Q-QualMin (398)–Q-RxLevMin (398)–Q-OffsetRange (398)–Q-OffsetRangeInterRAT (399)–ReselectionThreshold (399)–ReselectionThresholdQ (399)–SCellIndex (399)–ServCellIndex (400)–SpeedStateScaleFactors (400)–SystemInfoListGERAN (400)–SystemTimeInfoCDMA2000 (401)–TrackingAreaCode (401)–T-Reselection (402)–T-ReselectionEUTRA-CE (402)6.3.5Measurement information elements (402)–AllowedMeasBandwidth (402)–CSI-RSRP-Range (402)–Hysteresis (402)–LocationInfo (403)–MBSFN-RSRQ-Range (403)–MeasConfig (404)–MeasDS-Config (405)–MeasGapConfig (406)–MeasId (407)–MeasIdToAddModList (407)–MeasObjectCDMA2000 (408)–MeasObjectEUTRA (408)–MeasObjectGERAN (412)–MeasObjectId (412)–MeasObjectToAddModList (412)–MeasObjectUTRA (413)–ReportConfigEUTRA (422)–ReportConfigId (425)–ReportConfigInterRAT (425)–ReportConfigToAddModList (428)–ReportInterval (429)–RSRP-Range (429)–RSRQ-Range (430)–RSRQ-Type (430)–RS-SINR-Range (430)–RSSI-Range-r13 (431)–TimeToTrigger (431)–UL-DelayConfig (431)–WLAN-CarrierInfo (431)–WLAN-RSSI-Range (432)–WLAN-Status (432)6.3.6Other information elements (433)–AbsoluteTimeInfo (433)–AreaConfiguration (433)–C-RNTI (433)–DedicatedInfoCDMA2000 (434)–DedicatedInfoNAS (434)–FilterCoefficient (434)–LoggingDuration (434)–LoggingInterval (435)–MeasSubframePattern (435)–MMEC (435)–NeighCellConfig (435)–OtherConfig (436)–RAND-CDMA2000 (1xRTT) (437)–RAT-Type (437)–ResumeIdentity (437)–RRC-TransactionIdentifier (438)–S-TMSI (438)–TraceReference (438)–UE-CapabilityRAT-ContainerList (438)–UE-EUTRA-Capability (439)–UE-RadioPagingInfo (469)–UE-TimersAndConstants (469)–VisitedCellInfoList (470)–WLAN-OffloadConfig (470)6.3.7MBMS information elements (472)–MBMS-NotificationConfig (472)–MBMS-ServiceList (473)–MBSFN-AreaId (473)–MBSFN-AreaInfoList (473)–MBSFN-SubframeConfig (474)–PMCH-InfoList (475)6.3.7a SC-PTM information elements (476)–SC-MTCH-InfoList (476)–SCPTM-NeighbourCellList (478)6.3.8Sidelink information elements (478)–SL-CommConfig (478)–SL-CommResourcePool (479)–SL-CP-Len (480)–SL-DiscConfig (481)–SL-DiscResourcePool (483)–SL-DiscTxPowerInfo (485)–SL-GapConfig (485)。
密码学高级算法
密码学高级算法
一些常见的密码学高级算法包括:
1. 高级加密标准(Advanced Encryption Standard,AES):一种对称密钥加密算法,用于替代DES加密算法。
2. 椭圆曲线密码学(Elliptic Curve Cryptography,ECC):一种非对称密钥加密算法,具有相同的安全性能却使用更短的密钥。
3. 公钥基础设施(Public Key Infrastructure,PKI):用于建立和管理公钥密码体系结构,包括数字证书、证书颁发机构等。
4. RSA加密算法:一种非对称密钥加密算法,广泛用于数据加密和数字签名中。
5. Diffie-Hellman密钥交换:一种协议,用于在通信双方之间安全地共享密码。
6. 密码哈希函数(Cryptographic Hash Function):用于将数据转换为固定长度的哈希值,常用于密码验证和数字签名中。
7. 高级消息认证码(HMAC):一种用于验证消息完整性和真实性的算法,结合了密钥和哈希函数。
8. 蜜罐技术(Honeypot):一种诱骗黑客攻击的虚拟环境,用于收集攻击者的信息和行为。
以上只是一些常见的密码学高级算法,随着技术的不断发展,还会涌现出更多新的算法。
2024年电信5G基站建设理论考试题库(附答案)
2024年电信5G基站建设理论考试题库(附答案)一、单选题1.在赛事保障值守过程中,出现网络突发故障,需要启用红黄蓝应急预案进行应急保障,确保快速处理和恢复。
红黄蓝应急预案的应急逻辑顺序为()A、网络安全->用户感知->网络性能B、网络性能->用户感知->网络安全C、用户感知->网络安全->网络性能D、用户感知->网络性能->网络安全参考答案:D2.2.1G规划,通过制定三步走共享实施方案,降配置,省TCO不包含哪项工作?A、低业务小区并网B、低业务小区关小区C、低业务小区拆小区D、高业务小区覆盖增强参考答案:D3.Type2-PDCCHmonsearchspaceset是用于()。
A、A)OthersysteminformationB、B)PagingC、C)RARD、D)RMSI参考答案:B4.SRIOV与OVS谁的转发性能高A、OVSB、SRIOVC、一样D、分场景,不一定参考答案:B5.用NR覆盖高层楼宇时,NR广播波束场景化建议配置成以下哪项?A、SCENARTO_1B、SCENARIO_0C、SCENARIO_13D、SCENARIO_6参考答案:C6.NR的频域资源分配使用哪种方式?A、仅在低层配置(非RRC)B、使用k0、k1和k2参数以实现分配灵活性C、使用SLIV控制符号级别的分配D、使用与LTE非常相似的RIV或bitmap分配参考答案:D7.SDN控制器可以使用下列哪种协议来发现SDN交换机之间的链路?A、HTTPB、BGPC、OSPFD、LLDP参考答案:D8.NR协议规定,采用Min-slot调度时,支持符号长度不包括哪种A、2B、4C、7D、9参考答案:D9.5G控制信道采用预定义的权值会生成以下那种波束?A、动态波束B、静态波束C、半静态波束D、宽波束参考答案:B10.TS38.211ONNR是下面哪个协议()A、PhysicalchannelsandmodulationB、NRandNG-RANOverallDescriptionC、RadioResourceControl(RRC)ProtocolD、BaseStation(BS)radiotransmissionandreception参考答案:A11.在NFV架构中,哪个组件完成网络服务(NS)的生命周期管理?A、NFV-OB、VNF-MC、VIMD、PIM参考答案:A12.5G需要满足1000倍的传输容量,则需要在多个维度进行提升,不包括下面哪个()A、更高的频谱效率B、更多的站点C、更多的频谱资源D、更低的传输时延参考答案:D13.GW-C和GW-U之间采用Sx接口,采用下列哪种协议A、GTP-CB、HTTPC、DiameterD、PFCP参考答案:D14.NR的频域资源分配使用哪种方式?A、仅在低层配置(非RRC)B、使用k0、k1和k2参数以实现分配灵活性C、使用SLIV控制符号级别的分配D、使用与LTE非常相似的RIV或bitmap分配参考答案:D15.下列哪个开源项目旨在将电信中心机房改造为下一代数据中心?A、OPNFVB、ONFC、CORDD、OpenDaylight参考答案:C16.NR中LongTruncated/LongBSR的MACCE包含几个bit()A、4B、8C、2D、6参考答案:B17.对于SCS120kHz,一个子帧内包含几个SlotA、1B、2C、4D、8参考答案:D18.SA组网中,UE做小区搜索的第一步是以下哪项?A、获取小区其他信息B、获取小区信号质量C、帧同步,获取PCI组编号D、半帧同步,获取PCI组内ID参考答案:D19.SA组网时,5G终端接入时需要选择融合网关,融合网关在DNS域名的'app-protocol'name添加什么后缀?A、+nc-nrB、+nr-ncC、+nr-nrD、+nc-nc参考答案:A20.NSAOption3x组网时,语音业务适合承载以下哪个承载上A、MCGBearB、SCGBearC、MCGSplitBearD、SCGSplitBear参考答案:A21.5G需要满足1000倍的传输容量,则需要在多个维度进行提升,不包括下面哪个()A、更高的频谱效率B、更多的站点C、更多的频谱资源D、更低的传输时延参考答案:D22.以SCS30KHz,子帧配比7:3为例,1s内调度次数多少次,其中下行多少次。
基于多级全局信息传递模型的视觉显著性检测
2021⁃01⁃10计算机应用,Journal of Computer Applications 2021,41(1):208-214ISSN 1001⁃9081CODEN JYIIDU http ://基于多级全局信息传递模型的视觉显著性检测温静*,宋建伟(山西大学计算机与信息技术学院,太原030006)(∗通信作者电子邮箱wjing@ )摘要:对神经网络中的卷积特征采用分层处理的思想能明显提升显著目标检测的性能。
然而,在集成分层特征时,如何获得丰富的全局信息以及有效融合较高层特征空间的全局信息和底层细节信息仍是一个没有解决的问题。
为此,提出了一种基于多级全局信息传递模型的显著性检测算法。
为了提取丰富的多尺度全局信息,在较高层级引入了多尺度全局特征聚合模块(MGFAM ),并且将多层级提取出的全局信息进行特征融合操作;此外,为了同时获得高层特征空间的全局信息和丰富的底层细节信息,将提取到的有判别力的高级全局语义信息以特征传递的方式和较低层次特征进行融合。
这些操作可以最大限度提取到高级全局语义信息,同时避免了这些信息在逐步传递到较低层时产生的损失。
在ECSSD 、PASCAL -S 、SOD 、HKU -IS 等4个数据集上进行实验,实验结果表明,所提算法相较于较先进的NLDF 模型,其F -measure (F )值分别提高了0.028、0.05、0.035和0.013,平均绝对误差(MAE )分别降低了0.023、0.03、0.023和0.007。
同时,所提算法在准确率、召回率、F -measure 值及MAE 等指标上也优于几种经典的图像显著性检测方法。
关键词:显著性检测;全局信息;神经网络;信息传递;多尺度池化中图分类号:TP391.413文献标志码:AVisual saliency detection based on multi -level global information propagation modelWEN Jing *,SONG Jianwei(School of Computer and Information Technology ,Shanxi University ,Taiyuan Shanxi 030600,China )Abstract:The idea of hierarchical processing of convolution features in neural networks has a significant effect onsaliency object detection.However ,when integrating hierarchical features ,it is still an open problem how to obtain rich global information ,as well as effectively integrate the global information and of the higher -level feature space and low -leveldetail information.Therefore ,a saliency detection algorithm based on a multi -level global information propagation model was proposed.In order to extract rich multi -scale global information ,a Multi -scale Global Feature Aggregation Module(MGFAM )was introduced to the higher -level ,and feature fusion operation was performed to the global information extracted from multiple levels.In addition ,in order to obtain the global information of the high -level feature space and the rich low -level detail information at the same time ,the extracted discriminative high -level global semantic information was fused with the lower -level features by means of feature propagation.These operations were able to extract the high -level global semantic information to the greatest extent ,and avoid the loss of this information when it was gradually propagated to the lower -level.Experimental results on four datasets including ECSSD ,PASCAL -S ,SOD ,HKU -IS show that compared with the advanced NLDF (Non -Local Deep Features for salient object detection )model ,the proposed algorithm has the F -measure (F )valueincreased by 0.028、0.05、0.035and 0.013respectively ,the Mean Absolute Error (MAE )decreased by 0.023、0.03、0.023and 0.007respectively ,and the proposed algorithm was superior to several classical image saliency detection methods in terms of precision ,recall ,F -measure and MAE.Key words:saliency detection;global information;neural network;information propagation;multi -scale pooling引言视觉显著性源于认知学中的视觉注意模型,旨在模拟人类视觉系统自动检测出图片中最与众不同和吸引人眼球的目标区域。
多服务器架构下基于混沌映射的认证密钥协商协议
计算机 工程与设计
CC I M PUTER ENGI NEERI NG AND DES I GN
S e p .2 0 1 5 V0 1 . 3 6 NO . 9
多服务 器架构下基于 混沌映射 的认证密钥协商协议
潘 恒 ,郑秋 生 。
d 0 i :1 0 . 1 6 2 0 8 / j . i s s n l 0 0 0 — 7 0 2 4 . 2 0 1 5 . 0 9 . O l 1
Au t h e n t i c a t e d k e y a g r e e me n t p r o t o c o l b a s e d o n c h a o t i c ma p s f o r mu l t i — s e r v e r a r c h i t e c t u r e
P AN He n g ,Z HENG Qi u — s h e n g
( 1 . He n a n En g i n e e r i n g L a b o f Co mp u t e r I n f o r ma t i o n S y s t e m S e c u r i t y As s e s s me n t ,Z h e n g z h o u 4 5 0 0 0 7 ,Ch i n a ; 2 .S c h o o l o f Co mp u t e r S c i e n c e ,Z h o n g y u a n Un i v e r s i t y o f Te c h n o l o g y,Zh e n g z h o u 4 5 0 0 0 7 ,Ch i n a )
安 全 基 础 设 施 维 护 成 本 高 昂的 问题 ,基 于 扩展 的 切 比雪 夫混 沌 映 射 机 制 ,设 计 一 种 使 用 智 能 卡 的远 程 来自 户认 证 密 钥 协 商 协
高效无双线性对的基于证书代理重加密方案
高效无双线性对的基于证书代理重加密方案作者:徐海琳陈莺陆阳来源:《计算机应用》2016年第05期摘要:针对已有基于证书代理重加密(PRE)方案需要复杂的双线性对运算,计算效率较低的问题,提出了一个高效的不依赖于双线性对的基于证书代理重加密方案。
基于计算性DiffieHellman(CDH)问题的困难性假设,该方案在随机预言模型下被严格证明满足适应性选择密文攻击下的不可区分安全性,即满足选择密文安全性。
所提方案的构造基于椭圆曲线群,避免了计算开销高昂的双线性对运算,因此方案的计算性能得到了显著提高。
对比分析表明,相对于已有使用双线性对的基于证书代理重加密方案,所提方案在计算效率和通信代价两个方面都具有明显的优势,更适用于计算受限以及低通信带宽的应用场合。
关键词:公共云;基于证书代理重加密;椭圆曲线;随机预言模型;选择密文安全性中图分类号:TP309.7 文献标志码:AAbstract: All the previous certificatebased Proxy ReEncryption (PRE) schemes are based on the computationallyheavy bilinear pairings, and thus have low computation efficiency. To solve this problem, a certificatebased proxy reencryption scheme without relying on the bilinear pairings was proposed over the elliptic curve group. Under the hardness assumption of the Computational DiffieHellman (CDH) problem, the proposed scheme was formally proven to be indistinguishable against adaptively chosenciphertext attacks in the random oracle model. Due to avoiding the timeconsuming bilinear pairing operations, the proposed scheme significantly reduced the computation cost. Compared with the previous certificatebased proxy reencryption schemes with bilinear pairings, the analysis shows that the proposed scheme has obvious advantages in both the computation efficiency and the communication cost, and the scheme is more suitable for the computationconstrained and bandwidthlimited applications.Key words:public cloud; certificatebased proxy reencryption; elliptic curve; Random Oracle Model (ROM); chosenciphertext security0 引言云计算是近年来互联网领域发展的热点,它旨在通过计算机网络把多个成本相对较低的计算实体整合成一个具有强大计算能力的完美系统,搭建高可扩展性、超大规模、高可用性以及低廉成本的云计算平台已经成为当前信息化建设的方向。
基于TMS570的SIL4级列控系统安全平台设计
基于TMS570的SIL4级列控系统安全平台设计裴志斌,吕媛媛(北京全路通信信号研究设计院集团有限公司,北京 100070)摘要:研究TMS570 CPU 的安全特性,并将其应用于列控系统中,以TMS570处理器为基础,构建一个二乘二取二架构的S I L4级安全平台,提出C P U 安全自检设计的具体实现方案,并讨论安全自检中的技术要点和异常处理措施,有助于用户通过简单的配置和处理实现E N 50129标准中要求的安全功能。
关键词:TMS570;SIL4;CPU 自检中图分类号:U284.48 文献标志码:A 文章编号:1673-4440(2023)09-0015-04Design of SIL4 Safety Platform for Train Control System Based on TMS570Pei Zhibin, L ü Yuanyuan(CRSC Research & Design Institute Group Co., Ltd., Beijing 100070, China)Abstract: This paper researches the security characteristics of TMS570 CPU and applies it to the train control system. A SIL4 level safety platform based on TMS570 processor is constructed with dual two out of two architecture, the specific implementation scheme of CPU security self-test design is proposed, and the technical points and exception handling measures of CPU security self-test are discussed, which is helpful for users to realize the security functions required in EN 50129 standard through simple configuration and processing.Keywords: TMS570; SIL4; CPU self-testDOI: 10.3969/j.issn.1673-4440.2023.09.004收稿日期:2022-10-27;修回日期:2023-07-15第一作者:裴志斌(1985—),男,工程师,硕士,主要研究方向:铁路信号,邮箱:*******************.cn 。
用于深度记忆网络的系统和方法[发明专利]
![用于深度记忆网络的系统和方法[发明专利]](https://img.taocdn.com/s3/m/9dc85d3da58da0116d1749ca.png)
专利名称:用于深度记忆网络的系统和方法专利类型:发明专利
发明人:沈逸麟,邓岳,阿维克·雷,金红霞
申请号:CN201980044458.8
申请日:20190809
公开号:CN112368718A
公开日:
20210212
专利内容由知识产权出版社提供
摘要:包括深度记忆模型的电子设备包括至少一个存储器和耦合到至少一个存储器的至少一个处理器。
至少一个处理器被配置为接收对深度记忆模型的输入数据。
至少一个处理器还被配置为基于输入数据提取耦合到深度记忆模型的外部存储器的历史状态。
至少一个处理器还被配置为基于输入数据更新外部存储器的历史状态。
此外,至少一个处理器被配置为基于所提取的外部存储器的历史状态输出预测。
申请人:三星电子株式会社
地址:韩国京畿道
国籍:KR
代理机构:北京市立方律师事务所
更多信息请下载全文后查看。
防攻击高级加密标准的加密芯片的算法[发明专利]
![防攻击高级加密标准的加密芯片的算法[发明专利]](https://img.taocdn.com/s3/m/0a552fb43b3567ec112d8a0d.png)
专利名称:防攻击高级加密标准的加密芯片的算法专利类型:发明专利
发明人:周玉洁,陈志敏,秦晗,谭咏伟
申请号:CN200610119238.1
申请日:20061207
公开号:CN101196965A
公开日:
20080611
专利内容由知识产权出版社提供
摘要:本发明公开一种防攻击高级加密标准的加密芯片的算法,涉及信息安全技术领域;该算法的机理是通过把输入的初始数据与一个随机数异或运算而把DPA需要使用到的中间数据掩盖;而Masking的关键在于中间的所有数据都是被修改过的但最终可以把数据再恢复还原输出。
因此这个设计需要两个数据通道,一个用于被修改的所需加密数据的正常加密处理,一个用于随机数的处理,使得最后可以将两个通道的数据通过简单异或而还原真实输出。
本发明具有相对安全而易实现的,无统计分析规律,并能最终把输出数据恢复还原的特点。
申请人:上海安创信息科技有限公司
地址:201204 上海市浦东新区张江高科技园区毕升路299弄6号202
国籍:CN
代理机构:上海申汇专利代理有限公司
代理人:吴宝根
更多信息请下载全文后查看。
DARPA的“创新密码”
DARPA的“创新密码”简介DARPA(美国国防高级研究计划局)是致力于研究并开发先进科技、解决美军面临的全球战略挑战的组织。
作为世界上最紧密密切与高强度的军事兵器开发组织,DARPA对于信息安全问题高度关注。
在信息时代,信息安全是各个领域都必须关注的问题。
而密码学则是信息安全中的重要组成部分。
为了更好地保护信息安全,DARPA进行了大量的研究工作。
本文主要介绍DARPA推出的“创新密码”项目。
什么是“创新密码”?“创新密码”是DARPA开展的一个大型项目。
该项目旨在发现下一代加密技术,以应对未来可能出现的攻击方式。
DARPA希望通过该项目,激励全球战略防御技术界协作,找到对抗未来网络攻击的创新密码方式。
该项目于2014年启动。
“创新密码”项目有哪些目标?“创新密码”项目主要有以下目标:•探索新的密码算法和协议;•跨学科研究,集成体系结构设计新思想、真实世界数据分析及测试,以解决实际应用中面临的问题;•意识形态和安全的优化,保护个体和组织的权利和权益;•通过开展全球合作,共同推动密码学领域的发展。
DARPA的“创新密码”项目还有其他一些具体目标,例如提供免费的密码学工具、优秀人才输送等。
所有这些目标都旨在寻找更加安全可靠的密码解决方案。
DARPA是如何实现“创新密码”项目的?DARPA通过在全球范围内发起大型比赛、挑战和协作活动,激发全球密码及安全技术界的协作,收集更多创新思想,使密码领域的革新成为可能。
DARPA每年都会举办密码学相关比赛和挑战,这些比赛和挑战通过公开的算法进行,鼓励全球的密码学专家,找出新的前沿算法。
此外,该项目还会举行加密和安全研究方面的许多技术研讨会,进行技术讨论和交流。
项目成果在过去的几年中,DARPA的“创新密码”项目已经达到了一些令人印象深刻的成果,其中包括以下几点:1. 出现了更加安全的加密技术在“创新密码”项目的带动下,一些新的加密技术被发现,这些技术包括: •固态安全•混合密码系统•次区域加密这些新技术已经证明比现有技术更为安全。
一种基于身份私钥的秘密共享方案
一种基于身份私钥的秘密共享方案韦琳娜;高伟;梁斌梅【摘要】Threshold cryptographic scheme based on bilinear pairings depends too much on the bilinear pairing tool, but the computation of the bilinear pairing is very time-consuming so that the efficiency of secret sharing scheme is affected badly. By using Shamir threshold sharing scheme, this paper proposes a new method which threshold shares in the bilinear group. Its based-identity private key can be shared through the secret sharing scheme for integers. Analysis result shows that the new method needs only two times bilinear pairing computations and can be used to further design efficient identity based threshold cryptographic schemes.%基于双线性对的门限密码体制过度依赖双线性对结构,而双线性对计算复杂度较高,严重影响秘密共享方案的效率.为此,提出利用Shamir门限共享方案实现双线性对群元素门限分享的新方案,借助整数秘密共享方案间接地实现基于身份私钥的分配.分析结果表明,该方案仅需2次双线性对计算,为设计高效的基于身份的门限密码体制奠定了基础.【期刊名称】《计算机工程》【年(卷),期】2012(038)023【总页数】3页(P137-138,142)【关键词】基于身份的密码体制;门限密码体制;秘密共享;双线性对;基于身份私钥;公钥基础设施【作者】韦琳娜;高伟;梁斌梅【作者单位】广西大学数学与信息科学学院,南宁530004;鲁东大学数学与信息学院,山东烟台264025;广西大学数学与信息科学学院,南宁530004【正文语种】中文【中图分类】TP309.21 概述基于身份的密码体制[1-2]不同于基于证书的公钥密码体制,后者不仅需要为用户颁发公钥证书,还需要保存和更新公钥证书列表。
具有混合安全的认证密钥协商协议
具有混合安全的认证密钥协商协议
舒剑
【期刊名称】《计算机应用研究》
【年(卷),期】2014(031)009
【摘要】基于切比雪夫映射的半群特性和经典的RSA算法,提出了一种具有混合安全的密钥协商协议.新协议使用RSA算法来保护切比雪夫多项式,从而避免了Bergamo攻击.理论分析表明,新协议不仅具有强安全特性,而且还具有高效性.【总页数】3页(P2745-2746,2775)
【作者】舒剑
【作者单位】江西财经大学电子商务系,南昌330013;电子科技大学计算机科学与工程学院,成都611731
【正文语种】中文
【中图分类】TN918.1
【相关文献】
1.混合云联合身份认证与密钥协商协议设计 [J], 王崇霞;高美真;刘倩;周贤伟
2.混合安全双向认证密钥协商协议* [J], 曹阳
3.一个具有完备前向安全性的基于口令认证密钥协商方案 [J], 郝卓;俞能海
4.一个具有多个注册中心的双向认证与密钥协商协议 [J], 李雪莲;李伟;高军涛;王海玉
5.两个安全的无证书三方认证密钥协商协议 [J], 许盛伟;任雄鹏
因版权原因,仅展示原文概要,查看原文内容请购买。
一种视觉上已首先加密的随机密码技术和模型
一种视觉上已首先加密的随机密码技术和模型
何坚
【期刊名称】《计算机安全》
【年(卷),期】2010(000)011
【摘要】技术及模型解决密码输入时的安全问题.利用在客户端产生可视随机密码表结合预定替换规则的方式,实现密码在用户输入时展现出视觉上已首先加密的效果,这种简易而具有高安全的身份验证方式可使用几乎所有语言实现,可在任何系统中使用,而且无需任何第三方插件和第三方器物即可杜绝所有木马,病毒、键盘记录以及直接肉眼监视等窃密行为,达到高安全的客户端身份验证机制,尤其是在高危的外在和系统环境中更能保证密码的安全.
【总页数】4页(P66-69)
【作者】何坚
【作者单位】中山大学,广东,广州,510275
【正文语种】中文
【相关文献】
1.一种随机公开密钥加密算法及一种压缩算法 [J], 李煌
2.一种新的不含随机预言模型的公钥加密方案 [J], 周立;蒋天发
3.一种基于随机游走模型的融合视觉单词共现性的软分配词袋技术 [J], 张晋
4.一种基于Logistic映射和随机噪声的语音加密方法 [J], 王晴;李涛;王常磊;杜宝祥
5.密码技术中一种随机数检验方法的设计与实现 [J], 苏桂平;马广明;吕述望
因版权原因,仅展示原文概要,查看原文内容请购买。
MIT研发高效解码算法和芯片,可用于AR-VR
MIT研发高效解码算法和芯片,可用于
AR/VR
近期,由来自MIT、爱尔兰梅努斯大学、波士顿大学科研人员组成的团队,研发了一款可用于AR/VR等场景的硅晶芯片。
据悉,该芯片采用了一种叫GRAND(猜测随机加性噪声解码)的通用解码算法,特点是可以破解任何结构的代码,而且准确率更高。
这款结合GRAND算法的芯片可用于AR/VR、5G网络架构、游戏、联网设备等场景,优势在于处理大规模数据的延迟足够低、足够高效。
据青亭网了解,不管是邮件中的图片,还是VR中的3D模型,每种通过互联网传输的信息,都可能在传输过程中被噪声影响准确性,比如微波炉的电磁干扰,或是蓝牙设备的信号。
通常,为了得到原始数据,硬件处理器需要通过解码算法,来撤噪声干扰的效果。
而大多数传统误差校正算法和解码算法会结合在一起,形成一个高度复杂的解码算法,因此需要专门的计算硬件。
相比之下,GRAND省去了对复杂硬件的需求,因此更有助于缩小硬件体积。
这种在处理算法上的升级,对于未来的AR/VR体验有长远意义。
全双工主动窃听非正交多址接入系统智能超表面辅助物理层安全传输技术
全双工主动窃听非正交多址接入系统智能超表面辅助物理层安
全传输技术
阔永红;曹琳;吕璐;贺冰涛;陈健
【期刊名称】《电子与信息学报》
【年(卷),期】2024(46)3
【摘要】针对全双工被动窃听和主动干扰攻击下的多用户非正交多址接入(NOMA)系统,该文提出一种智能超表面(RIS)辅助的鲁棒波束赋形方案以实现物理层安全通信。
考虑在仅已知窃听者统计信道状态信息的条件下,以系统传输中断概率和保密中断概率作为约束,通过联合优化基站发射波束赋形、RIS相移矩阵、传输速率和冗余速率,来最大化系统的保密速率。
为解决上述多变量耦合非凸优化问题,提出一种有效的交替优化算法得到联合优化问题的次优解。
仿真结果表明,所提方案可实现较高的保密速率,且通过增加RIS反射单元数,系统保密性能更佳。
【总页数】10页(P798-807)
【作者】阔永红;曹琳;吕璐;贺冰涛;陈健
【作者单位】西安电子科技大学通信工程学院
【正文语种】中文
【中图分类】TN92
【相关文献】
1.全双工非正交多址接入系统的功率控制
2.5G非正交多址系统中使用全双工基站干扰的安全传输方案
3.可重构智能表面辅助的非正交多址接入系统的安全通信研
究4.可重构智能表面辅助的非正交多址接入网络鲁棒能量效率资源分配算法5.智能反射表面辅助的全双工通信系统的物理层安全设计
因版权原因,仅展示原文概要,查看原文内容请购买。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
High Security Pairing-Based CryptographyRevisitedR.Granger,D.Page,and N.P.Smartputer Science,Merchant Venturers Building,Woodland Road,Bristol,BS81UB,United Kingdom.{granger,page,nigel}@Abstract.The security and performance of pairing based cryptographyhas provoked a large volume of research,in part because of the excitingnew cryptographic schemes that it underpins.We re-examine how oneshould implement pairings over ordinary elliptic curves for various prac-tical levels of security.We conclude,contrary to prior work,that theTate pairing is more efficient than the Weil pairing for all such securitylevels.This is achieved by using efficient exponentiation techniques inthe cyclotomic subgroup backed by efficient squaring routines within thesame subgroup.11IntroductionIn commercial cryptographic software libraries one typically employs Occam’s Razor in limiting the number of implemented primitives and schemes to a mini-mum.The advantages of this approach are threefold:it reduces the programming, maintainence and security validation workload;it enables one to specialise and hence highly optimise the core operations;and it reduces the library footprint and usage of system resources.Around the time it wasfirst proposed,one of the main criticisms levelled at standard elliptic curve cryptography was that there were too many options;it was hard for non-experts to decide on and construct the types offield and curve needed to satisfy performance and security con-straints.Two decades later,pairing based cryptography is in a similar state in the sense that there are a huge range of parameterisation options,algorithmic choices and subtle trade-offs between the two.Hence,there is a real need to focus on a family of parameters which areflexible but offer efficient arithmetic and allow one to focus on a limited number of cases.1The work described in this paper has been supported in part by the European Com-mission through the IST Programme under Contract IST-2002-507932ECRYPT. The information in this document reflects only the author’s views,is provided as is and no guarantee or warranty is given that the information isfit for any particular purpose.The user thereof uses the information at its sole risk and liabilityGenerally speaking,a pairing is a non-degenerate bilinear mapt:G1×G2−→G T.Here we assume this pairing takes the concrete formˆt:E(Fp )×E(F p k/2)−→F×p kwhere E is the quadratic twist of an elliptic curve E defined over F p k/2.We restrict our attention to the case of ordinary elliptic curves and assume that #E(F p)is divisible by a large prime n which also divides p k−1i.e.,n is the order of the subgroups on which the pairing based protocols will be based.We let the respective subgroups of order n of the three groups involved be denoted G1G2and G T as is common in various papers on the subject.Koblitz and Menezes[10]introduced the concept of pairing friendlyfields. These are Kummer extensions of F p defined by the polynomialf(X)=X k+f0for a values of p≡1(mod12)and k=2i3j.Generally one assumes that k is even,which aids in efficiency due to the well known denominator elimination trick.Following[10]we particularly focus on the cases k=6,12and24.We let f(θ)=0and define F p k=F p[θ].Many protocols based on pairings performarithmetic in the cyclotomic subgroup of F×p k ,which is the subgroup of orderΦk(p).We denote this subgroup by GΦk (p);the group G T in the pairing aboveis contained in GΦk (p).Hence if one is to implement pairing based protocolsefficiently with suchfields then one needs to be able to implement arithmetic efficiently.The conclusion of[10]is that for high security levels the Weil pairing is to be preferred over the Tate pairing.The main result of this paper is that by optimising the exponentiation method used in the Tate pairing calculation one can in fact conclude the opposite:that in all cases the Tate pairing is the more efficient algorithm for all practical security levels.In addition,we also look at efficient arithmetic in the group GΦk (p)which willspeed up both the Tate pairing and various protocols.This is inspired by work of Lenstra and Stam[14,15]who introduce such efficient arithmetic in a specific family offinitefields of degree six,which are different from the pairing friendly fields.In particular,by restricting to k=6Lenstra and Stam present algorithms for arithmetic in the cyclotomic extension of F p defined by the polynomialg(X)=X6+X3+1when p≡2or5(mod9).We shall call such constructions cyclotomicfields of degree6in this paper.Lenstra and Stam present efficient squaring routinesboth for thefinitefield F p6and for the cyclotomic subgroup GΦ6(p)of orderΦ6(p),again G T is contained in GΦ6(p).We let g(ζ)=0and define F p6,in thiscase,by F p[ζ].We shall describe how the use of cyclotomicfields,as opposedto the pairing friendly fields,can provide more efficient pairing algorithms when k =6.We present an analogue of these results for pairing friendly fields which provides some efficiency improvement,but not as much as that achieved by Lenstra and Stam for cyclotomic fields of degree six.We leave it as an open research problem to generalise the results of Lenstra and Stam to cyclotomic fields of degree different from six.The only generalisation known is for fields of degree 6·5m [8],for which Lenstra and Stam’s technique trivially applies.The paper is organised as follows.In Section 2we recap on the most efficient field arithmetic known for the two cases of finite fields mentioned above.In Section 3we briefly recap on some standard formulae for the cost of elliptic curve operations.In Section 4we recap on the model for estimating the cost pairings which was proposed by Koblitz and Menezes.Then in Section 5we detail the implications of this model for our choice of finite fields.2Finite Field OperationsWe let m,M,M (resp.s,S,S )denote the time for multiplication (resp.squaring)in the fields F p ,F p k/2and F p k .In our analysis we shall assume that addition operations are cheap,however in a practical implementation for certain bit sizes the operation counts and algorithm choices we give may not be optimal due to this simplifying assumption.We first note that if one is computing products (resp.squares)of polynomials of degree 2i 3j −1over F p then using the Karatsuba and Toom-Cook methods for multiplication and squaring this requires v (k )multiplications (resp.squarings)in the field F p ,where v (k )=3i 5j .2.1Pairing Friendly FieldsAs before we let k =2i 3j ≥6,let p denote a prime congruent to 1modulo 12and modulo k and define F p k via the polynomial f (X )=X k +f 0.We assume throughout that f 0has been chosen so that multiplication by f 0can be performed quickly by simple additions rather than a full multiplication.Arithmetic in the subfield F p k/2is performed using the polynomial X k/2+f 0,and mapping between the two representations is relatively straightforward.The best algorithms for multiplication and squaring in F p k and F p k/2are the standard ones based on Karatsuba and Toom-Cook.Hence,in this case we obtainM =M/3S =S/3andM ≈v (k )m S ≈v (k )swhere v (k )=3i 5j .Inversion in the field F p k is computed by reduction to inversion in the subfield F p k/2.If we let α= k −1i =0a i θi ∈F p k then we can writeα=α0+α1θwhereα0,α1∈F p k/2and are given byα0=k/2−1i=0a2iθ2i andα1=k/2−1i=0a2i+1θ2i.We can thus compute∆=α20−θ2α21,andα−1=α0−α1θ∆.Inversion in F p k is therefore accomplished using two squarings,one inversion, and two multiplications in F p k/2.Similarly,using the same idea one can reduce inversion in a cubic extension to three squarings,eleven multiplications and one inversion in the basefield[9].Iterating down through the subfields,for pairing-friendlyfields inversion can thus be performed with just one inversion in F p,and a handful of multiplications.We summarize these costs,for the extensions which will interest us,I2=2s+2m+ι,I3=3s+11m+ι,I4=8s+8m+ι,I6=13s+35m+ι,I8=26s+26m+ι,I12=43s+51m+ι,I24=133s+141m+ι.where I t denotes the cost of inversion in F p t andιdenotes the cost of inversion in F p.The Frobenius operation in pairing friendlyfields is also efficiently computed as follows.If we define F p k=F p[θ]/(f(θ))then the Frobenius operation on the polynomial generatorθcan be easily determined viaθp=θk(p−1)/k+1=(−f0)(p−1)/kθ.For later use we let g=(−f0)(p−1)/k∈F p henceθp=g·θ.Also now note that powers of the Frobenius operation are also easy to compute viaθp i=g i·θ.We also note that since k is even and−f0is a quadratic non-residue that we haveg k/2=(−f0)(p−1)/2=−1.In summary we conclude the operation counts for the various cases are as follows:F p k/2F p kk Mul Sqr Mul Sqr65m5s15m15s1215m15s45m45s2445m45s135m135sWe now turn to the case of arithmetic in the subgroup G Φk (p ).For this subgroup we have that inversion comes for free.Let α∈G Φk (p ),then since Φk (p )divides p k/2+1we have thatα−1=αp k/2.This leads to an inversion operation which can be performed using only k/2negations in F p k .We can also improve the performance of squaring in this subgroup using a trick originally proposed by Lenstra and Stam [14,15]in the context of finite extension fields defined by cyclotomic polynomials of degree 6.We first defineα=k −1i =0a i θiwhere we now think of the coefficients a i as variables.We then compute sym-bolically αp k/3and αp k/6.One can then derive a set of equations defining theelements of the group G Φk (p )viaαp k/3·α−αp k/6=k −1i =0v i θi .The variety defined by v 0=v 1=···=v k −1=0defines the set of elements of G Φk (p ).This follows sinceΦt (X )=X k/3−X k/6+1for all values of k arising in pairing friendly fields.As an example for the case k =6we obtain the set of equationsv 0=−a 0+a 02+f 0a 5a 1−f 0a 32+f 0a 2a 4,v 1=g ·(−a 1+2f 0a 5a 2−f 0a 3a 4+a 0a 1),v 2=(1−g )· a 2−a 12+a 0a 2−f 0a 5a 3+f 0a 42 ,v 3=a 3+2a 0a 3−a 2a 1+f 0a 5a 4,v 4=g · a 0a 4+f 0a 52+a 3a 1−a 22+a 4 ,v 5=(1−g )·(−a 5+a 0a 5−2a 4a 1+a 3a 2).Note that for any k ×k matrix Γthatα2=α2+b ·(Γ·v t ),where b =(1,θ,θ2,...,θk −1)and v =(v 0,v 1,...,v k −1).Hence,to find different forms of the squaring operation we simply need to select a matrix Γwhich produces equations for squaring which are efficient.A choice for Γwhich seems to work well for k =6,12and 24is to set Γ=diag(d 1,d 2,d 3,d 1,d 2,d 3,...,d 1,d 2,d 3)whered 1=2,d 2=2g k/6−2,d 3=−2g k/6.In this case for k=6we obtain the following formulae for squaring,ifβ= 5i=0b iθi=α2,b0=−3f0a32+3a02−2a0,b1=−6f0a5a2+2a1,b2=−3f0a42+3a12−2a2,b3=6a0a3+2a3,b4=3a22−3f0a52−2a4,b5=6a4a1+2a5.The formulae for k=12and k=24can be found in the Appendix.Ignoring multiplication by f0and by small constants we then derive the following table detailing the comparative cost of squaring in both F p k and thesubgroup GΦk (p).k F p k GΦk(p)615s6s+3m1245s12s+18m24135s24s+84mHence,we see that we have a significant improvement in the squaring operationfor the subgroup GΦk (p)although this improvement decreases as k increases.2.2Cyclotomic Fields of Degree6We recap on the techniques of[14,15]for thefinitefields F p[ζ],with p≡2 (mod9).Elements in F p6are represented in the basis{ζ,ζ2,ζ3,ζ4,ζ5,ζ6}.Using this representation multiplication in F p6can be performed using15multiplica-tions in F p(note that[14]gives thefigure as18multiplications as the paper only considers Karatsuba and not Toom-Cook multiplication).Squaring can be performed more efficiently using the fact that if we write α=α0ζ+α1ζ4,whereαi are polynomials inζof degree at most two,then one hasα2=(α0−α1)(α0+α1)ζ2+(2α0−α1)α1ζ5.Since,theαi are of degree at most two this above formulae requires10multipli-cation in F p to perform a squaring operation in F p6.Arithmetic in the subfield F p3is performed as in[9].We setψ=ζ+ζ−1and define F p3=F p[ψ].As a basis for F p3we take{1,ψ,ψ2−2}.Via Toom-Cook multiplication(resp.squaring)requires5multiplications(resp.squares)in F p. As noted in Section2.1inversion in F p3can be performed in11multiplications in F p and one inversion in F p.Using this subfield inversion an inversion operation can be defined for F p6.This inversion is carried out,in the language of[9],by mapping our F p6element to the representation F2and then performing the inversion in that representationand then mapping back to our representation.The conversion between repre-sentations requires four F p multiplications,whilst the inversion in the F 2repre-sentation requires 4S plus application of the inversion in F p 3.Hence,requiring a total of 26multiplications in F p and one inversion in F p .We now turn to the subgroup G Φ6(p ).As before,inversion comes for free via the operation of the Frobenius map.Multiplication is performed just as for the full finite field,however squaring can be performed significantly faster using the equations contained in [14,15].If we let α= 5i =0a i ζi +1∈G Φ6(p )and set β= 5i =0b i ζi +1=α2then we haveb 0=2a 1+3a 4(a 4−2a 1),b 1=2a 0+3(a 0+a 3)(a 0−a 3),b 2=−2a 5+3a 5(a 5−2a 2),b 3=2(a 1−a 4)+3a 1(a 1−2a 4),b 4=2(a 0−a 3)+3a 3(2a 0−a 3),b 5=−2a 2+3a 2(a 2−2a 5).Hence,squaring requires six F p multiplications.The operation counts for the various cases are as summarised by the following table:F p 3F p 6G Φ6(p )Mul Sqr Mul Sqr Mul Sqr5m 5m 15m 10m 15m 6m2.3Exponentiation in G Φk (p )Finally,we address the issue of exponentiation,by an exponent e ,of elements in the cyclotomic subgroup G Φk (p )of F ×p kwhich has order divisible by n .Using Lucas sequences [13]this can be accomplished in timeC Luc (e )=(M +S )log 2e.However,one could also use exponentiation via standard signed sliding window methods [4]since inversion is cheap in G Φk (p ).If e ≤p then the best way to perform the exponentiation,using windows of width at least r ,will take timeC SSW (e )=S (1+log 2e )+M log 2e r +2+(2r −2−1 where S denotes the time needed to perform a squaring operation in G Φk (p ).We also need to store 2r −2elements during the exponentiation algorithm.When e ≥p ,as is the case in the final powering of the algorithm to compute the Tate pairing,one uses the fact that we can perform the Frobenius operation on G Φk (p )for free.Thus we write e in base p ,and perform a simultaneousing the techniques of Avanzi[1],we can estimate the time needed to perform such a multi-exponentiation byC bigSSW(e)=(d+log2p)S+d(2r−1−1)+log2er+2−1Musing windows of width r,where d= log2e/log2p .The precomputation stor-age can be reduced using techniques described in[2].Note that for k=6one can also use XTR[11,16]to gain a slight efficiency advantage over these methods if this is desirable[9],at a cost of altering particu-lar protocols accordingly since multiplication is not straightforward in this case. For k=12and24,one can also employ XTR defined over F p2and F p4respec-tively[12],however further work is required to determine if arithmetic can be made as efficient as in the original scheme for cases of interest in pairing-based cryptography.3Elliptic Curve OperationsIn pairing based protocols we also need to conduct elliptic curve group opera-tions.These are either on the main base curve E(F p),or on the twisted curve E(F p k/2).We assume these curves take the formE(F p):Y2=X3−3X+BandE(F p k/2):χY2=X3−3X+Bwhereχis a quadratic non-residue in F p k/2for which multiplication byχis for free.Whether one should use affine or standard Jacobian projective coordinates are used,depends on the ratioι/m and on the size of the k/2.It turns out that in some instances arithmetic in E(F p k/2)is better performed in affine coordinates. The various point addition and doubling times are summarized in the following table.E(F p)E(F p k/2)Projective AffineAddition(A)12m+4s12M+4S2M+1S+I k/2Mixed Addition(A M)8m+3s8M+3S-Doubling(D)4m+4s4M+4S2M+2S+I k/2 We assume that exponentiation is performed via a signed sliding window method and mixed/affine additionEC SSW(e)=D(1+log2e)+A Mlog2er+2+2r−2−1.where the exact optimal choice for r depends on the size of e.In some instances we wish to multiply by a random element in Z n,however in other instances(for example in the MapToPoint operation within the Boneh–Franklin encryption scheme[5])we need to multiply by the cofactor.If we let log2p=ρ·log2n then the quantity2ρmeasures how big the elliptic curve cofactor is for the curve E(F p);a similar measure for the twisted curve is(kρ/2−1)log2n. 4Application to Pairing Based CryptographyIn this section we wish to investigate the application of our techniques to pair-ing based cryptography in particular we focus on the case of non-supersingular curves of embedding degree k≥6.We follow the methodology of Koblitz and Menezes[10]which we recap on here,however we express our formulae in terms of total number of F p operations as opposed to operations per bit.This is be-cause this enables us to compare our sliding windows method in a more accurate manner and to also compare how other components of the protocols are affected by the choice offield.Following Koblitz and Menezes we look at the cost of computing a Full-Miller operation or a Miller-Lite operation.The cost of these two operations,assuming projective coordinates are used,isC Full=(km+4S+6M+S+M)log2nC Lite=(4s+(k+7)m+S+M)log2n.In some instances one can more easily compute the Full-Miller algorithm by using affine coordinates in the main loop.In this case the cost is given byC Full=(2S+2M+I k/2+km+S+M)log2n.In computing the Tate pairing one executes one Miller-Lite operation andthen an exponentiation for an exponent given byΦt(p)/n in the subgroup GΦk (p).The bit length ofΦt(p)/n is estimated byφ(k)log2p−log2n,which can be expressed as(φ(k)ρ−1)log2n.Thus a Tate pairing computation requires timeC Tate=C Luc(Φt(p)/n)+C LiteorC Tate=C bigSSW(Φt(p)/n)+C Lite.In both of the above formulae for the Tate pairing we have ignored the inversionneeded to take the input of Miller-Lite into the subgroup GΦk (p),this is consistentwith the analysis of Koblitz and Menezes but does slightly underestimate the cost in both cases.The Weil pairing as pointed out by Koblitz and Menezes,could be more efficient,as it does not require an exponentiation by a large number.It requires timeC Weil=C Lite+C Full+S.We shall show in all cases of cryptographic relevance that the Weil pairing is always slower than the Tate pairing.5ResultsIn what follows we make the simplifying assumption that m≈s.We wish to investigate what happens to pairing based protocols as the security level increases.Wefix on the following parameter sizes to demonstrate the application of our modelCase Security k log2n log2pA806160160B1286256512C12812256256D19263841365E19212384683F25665122560G256125121280H25624512640We do not discuss how such curves are generated,nor do we make use of special properties of the curves.For example when k=12with current technology one can only achieve n≈p by using the method of Barreto and Naehrig[3].This results in curves with complex multiplication by D=−3,our analysis takes no account of the special optimizations which can be applied to such curves.For each case wefirst present the operation counts,in terms of multiplica-tions in F p,for the operations which do not appear to depend on the exactfinite field we choose to use,namely the elliptic curve operations.We denote by(r) the size of the windows which produces the smallest operation count,the column n corresponds to exponentiation by a random integer of size n,whilst c corre-sponds to multiplication by the relevant cofactor.We limit window sizes to at most9bits,as otherwise the required look up table is likely to be prohibitively expensive.So as to get some idea about the relative merits of projective vs affine coordinates we made the assumption thatι/m≈10and in the table if the best performance for a given parameter set was using affine coordinates with give the multiplication count for this curve and denote this by an(A).We see that when k≥12that it may make sense to use affine coordinates for the arithmetic in G2.E(F p)E(F p k/2)Case n c n cA1614(4)-8071(4)15739(5)B2535(5)2535(5)12676(5)60767(8)C2535(5)-34813(5)(A)169000(7)(A)D3760(6)9369(6)18802(5)172356(8)E3760(5)2946(5)51801(5)(A)483113(8)(A)F4973(6)19236(7)24865(6)329585(9)G4973(6)7373(6)68671(6)(A)926142(9)(A)H4973(6)1229(4)164573(6)(A)2.2·106(9)(A)We now turn to the operations which depend on thefield representation,i.e. whether we use a pairing friendly or a cyclotomicfield extension.There are two operations which are important,the pairing computation itself and exponentia-tion in GΦk (p)by an element of Z n.The pairing computation can itself either becomputed by the Weil or Tate pairings.The results,in terms of estimated multi-plications in F p,are presented in the following table.The(r)in the Tate column denotes the window size in thefinal exponentiation step,if Lucas sequences are faster we denote this by(L)and the operation count is for the application of Lucas sequences.In all cases using the Weil pairing method which used affine coordinates in the Full-Miller operation loop was the most efficient.Pairing Friendly Cyclotomic FieldPairing Exp in Pairing Exp inCase Weil Tate GΦk (p)Weil Tate GΦk(p)A198559120(L)1411(4)182508247(3)1411(4)B3175918738(5)2195(5)2919415916(5)2195(5)C8375743703(4)3502(5)---D4763134664(6)3237(5)4378629643(6)3237(5)E12561381751(5)5093(5)---F6350356677(6)4263(6)5837846431(6)4263(6)G167469127831(6)6633(6)---H446087331078(5)13743(6)---We see that for allfields the Tate pairing is always more efficient than the Weil pairing,at least for the security sizes that are likely to be used in practice.This is more due to the use of the efficient exponentiation algorithm as compared tothe efficient squaring algorithm for GΦk (p).In addition Lucas sequences are onlymore efficient than the signed sliding window method for very small security parameters.To compare the different values of k we need to estimate the relative differ-ence in time needed to compute a multiplication in F p,for the different sizes of p.If we assume that eachfinitefield multiplication is performed using a stan-dard interleaved Montgomery multiplication then the total number of32-bit by32-bit multiplication instructions which are needed to be performed per F p multiplication is given by2·t·(t+1),where t=log2p/32.This leads us to the following table,where we present the number of32-bit by32-bit multiplication instructions needed for the various operations.Curve Operations Pairing Friendly Cyclotomic Field E(F p)E(F p k/2)Exp in Pairing Exp inCase n c n c Pairing GΦk (p)Pairing GΦk(p)A9.7·104-4.8·1059.4·1045.4·1058.5·1044.9·1058.4·105 B1.3·1061.3·1066.8·1063.3·1071.0·1071.1·1068.6·1061.2·106 C3.6·105-5.0·1062.4·1076.2·1061.1·106--D1.4·1073.4·1077.0·1076.4·1081.3·1081.2·1071.1·1081.2·107 E3.6·1062.8·1064.9·1074.6·1087.8·1074.8·106--F6.4·1072.5·1083.2·1084.3·1097.3·1085.5·1076.0·1085.5·107 G1.6·1072.4·1072.2·1083.0·1094.2·1082.2·107--H4.0·1061.0·1061.4·1081.8·1092.8·1081.1·107--From the table one can see that the main advantage in using values of k which are larger than6is in the basic elliptic curve operations over F p,rather than in the pairing computation.For the pairing computation one gains some advantage for using large values of k,but this is not as pronounced as for the elliptic curve operations.However,elliptic curve operations are relatively cheap in comparison to pair-ing calculation and so the performance improvement will not be so pronounced. Except,for protocols in which one party only needs to perform elliptic curve operations in F p,such as the encryptor in the Sakai–Kasahara KEM[7].It does however imply that for pairing based protocols one should not neglect selecting parameter values which speed up the elliptic curve operations and not just the pairing calculation.However,our estimates are on the conservative side for arithmetic in cyclo-tomicfields at high security levels.This is for a number of reasons.The overhead in not having to deal with different values of k and f0means that the library over-head in using cyclotomicfields of degree six will be less than for pairing friendly fields.Recall,we have not given accurate cycle counts,but simply estimated the number of multiplication instructions needed.One should also bear in mind that larger values of k mean that one can shrink the bandwidth required in communication if one is communicating elements in E(F p),since a larger value of k corresponds to a smaller value of p.6AcknowledgementsThe authors would like to thank Mike Scott,for a some insightful comments which improved this paper.References1.R.M.Avanzi.On Multi-exponentiation in Cryptography.In Cryptology ePrintArchive,Report2002/154,2002.2.R.M.Avanzi and P.Mihailescu.Generic efficient arithmetic algorithms for PAFFs(Processor Adequate Finite Fields)and related algebraic structures.In Selected Areas in Cryptology–SAC2003,Springer-Verlag LNCS3006,320–334,2004. 3.P.S.L.M.Barreto and M.Naehrig.Pairing-friendly elliptic curves of prime order.Preprint,2005.4.I.F.Blake,G.Seroussi and N.P.Smart.Elliptic Curves in Cryptography.Cam-bridge University Press,1999.5. D.Boneh and M.Franklin.Identity-based encryption from the Weil pairing.SIAMJournal of Computing,32,586–615,2003.6. F.Brezing and A.Weng.Elliptic Curves Suitable for Pairing Based Cryptography.Designs,Codes and Cryptography,37,133–141,2005.7.M.Cheng,L.Chen,J.Malone-Lee and N.P.Smart.An Efficient ID-KEM BasedOn The Sakai-Kasahara Key Construction.To appear,2006.8.M.van Dijk,R.Granger,D.Page,K.Rubin,A.Silverberg,M.Stam and D.Woodruff.Practical cryptography in high dimensional tori.In Advances in Cryp-tology–EUROCRYPT2005,Springer-Verlag LNCS3494,234–250,2005.9.R.Granger,D.Page and M.Stam.A Comparison of CEILIDH and XTR.InAlgorithmic Number Theory Symposium–ANTS VI,Springer-Verlag LNCS3076, 235–249,2004.10.N.Koblitz and A.Menezes.Pairing-based Cryptography at High Security Levels.In Cryptography and Coding,Springer-Verlag LNCS3796,13–36,2005.11. A.K.Lenstra and E.Verheul.The XTR Public Key System.In Advances inCryptology–CRYPTO2000,Springer LNCS1880,1–19,2000.12.S.Lim,S.Kim,I.Yie,J.Kim and H.Lee.XTR extended to GF(p6m).In SelectedAreas in Cryptography–SAC2001,Springer LNCS2259,301–312,2001.13.M.Scott and pressed Pairings.In Advances in Cryptology–CRYPTO2004,Springer-Verlag LNCS3152,140–156,2004.14.M.Stam.Speeding up Subgroup Cryptosystems.PhD Thesis,T.U.Eindhoven,2003.15.M.Stam and A.Lenstra.Efficient Subgroup Exponentiation in Quadratic andSixth Degree Extensions.In Cryptographic Hardware and Embedded Systems–CHES2002,Springer-Verlag LNCS2523,318–332,2002.16.M.Stam and A.K.Lenstra.Speeding Up XTR.In Advances in Cryptology–ASIACRYPT2001,Springer LNCS2248,125–143,2001.。