Pseudorandom number generators are required to generate pseudorandom numbers which have good statistical properties as well as unpredictability in cryptography. An m-sequence is a linear feedback shift register sequence with maximal period over a finite field. M-sequences have good statistical properties, however we must nonlinearize m-sequences for cryptographic purposes. A geometric sequence is a sequence given by applying a nonlinear feedforward function to an m-sequence. Nogami, Tada and Uehara proposed a geometric sequence whose nonlinear feedforward function is given by the Legendre symbol, and showed the period, periodic autocorrelation and linear complexity of the sequence. Furthermore, Nogami et al. proposed a generalization of the sequence, and showed the period and periodic autocorrelation. In this paper, we first investigate linear complexity of the geometric sequences. In the case that the Chan-Games formula which describes linear complexity of geometric sequences does not hold, we show the new formula by considering the sequence of complement numbers, Hasse derivative and cyclotomic classes. Under some conditions, we can ensure that the geometric sequences have a large linear complexity from the results on linear complexity of Sidel'nikov sequences. The geometric sequences have a long period and large linear complexity under some conditions, however they do not have the balance property. In order to construct sequences that have the balance property, we propose interleaved sequences of the geometric sequence and its complement. Furthermore, we show the periodic autocorrelation and linear complexity of the proposed sequences. The proposed sequences have the balance property, and have a large linear complexity if the geometric sequences have a large one.

A class of zero-correlation zone (ZCZ) sequences constructed by the recursive procedure from a perfect sequence and a unitary matrix was proposed by Torii, Nakamura, and Suehiro [1] . In the reference [1] , three parameters, s.t., the sequence length, the family size and the length of the ZCZ, were evaluated for a general estimate of the performance of the ZCZ sequences. In this letter, we give more detailed distributions of that correlation values are zero on their ZCZ sequence sets.

Pairing-based cryptography has realized a lot of innovative cryptographic applications such as attribute-based cryptography and semi homomorphic encryption. Pairing is a bilinear map constructed on a torsion group structure that is defined on a special class of elliptic curves, namely pairing-friendly curve. Pairing-friendly curves are roughly classified into supersingular and non supersingular curves. In these years, non supersingular pairing-friendly curves have been focused on from a security reason. Although non supersingular pairing-friendly curves have an ability to bridge various security levels with various parameter settings, most of software and hardware implementations tightly restrict them to achieve calculation efficiencies and avoid implementation difficulties. This paper shows an FPGA implementation that supports various parameter settings of pairings on non supersingular pairing-friendly curves for which Montgomery reduction, cyclic vector multiplication algorithm, projective coordinates, and Tate pairing have been combinatorially applied. Then, some experimental results with resource usages are shown.

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve (Fp2) instead of doing on the original curve E(Fp12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) in (Fp2). On BN curves, note is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs . In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

An algebraic group is an essential mathematical structure for current communication systems and information security technologies. Further, as a widely used technology underlying such systems, pseudorandom number generators have become an indispensable part of their construction. This paper focuses on a theoretical analysis for a series of pseudorandom sequences generated by a trace function and the Legendre symbol over an odd characteristic field. As a consequence, the authors give a theoretical proof that ensures a set of subsequences forms a group with a specific binary operation.

It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log 2r/(k), where () is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log 2r⌋ to ⌊ log 2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

Pseudorandom number generators have been widely used in Monte Carlo methods, communication systems, cryptography and so on. For cryptographic applications, pseudorandom number generators are required to generate sequences which have good statistical properties, long period and unpredictability. A Dickson generator is a nonlinear congruential generator whose recurrence function is the Dickson polynomial. Aly and Winterhof obtained a lower bound on the linear complexity profile of a Dickson generator. Moreover Vasiga and Shallit studied the state diagram given by the Dickson polynomial of degree two. However, they do not specify sets of initial values which generate a long period sequence. In this paper, we show conditions for parameters and initial values to generate long period sequences, and asymptotic properties for periods by numerical experiments. We specify sets of initial values which generate a long period sequence. For suitable parameters, every element of this set occurs exactly once as a component of generating sequence in one period. In order to obtain sets of initial values, we consider a logistic generator proposed by Miyazaki, Araki, Uehara and Nogami, which is obtained from a Dickson generator of degree two with a linear transformation. Moreover, we remark on the linear complexity profile of the logistic generator. The sets of initial values are described by values of the Legendre symbol. The main idea is to introduce a structure of a hyperbola to the sets of initial values. Our results ensure that generating sequences of Dickson generator of degree two have long period. As a consequence, the Dickson generator of degree two has some good properties for cryptographic applications.

In this paper, a multiplication algorithm in extension field Fpm is proposed. Different from the previous works, the proposed algorithm can be applied for an arbitrary pair of characteristic p and extension degree m only except for the case when 4p divides m(p-1) and m is an even number. As written in the title, when p>m, 4p does not divide m(p-1). The proposed algorithm is derived by modifying cyclic vector multiplication algorithm (CVMA). We adopt a special class of Gauss period normal bases. At first in this paper, it is formulated as an algorithm and the calculation cost of the modified algorithm is evaluated. Then, compared to those of the previous works, some experimental results are shown. Finally, it is shown that the proposed algorithm is sufficient practical when extension degree m is small.

Because of its simple structure, many reports on the logistic map have been presented. To implement this map on computers, finite precision is usually used, and therefore rounding is required. There are five major methods to implement rounding, but, to date, no study of rounding applied to the logistic map has been reported. In the present paper, we present experimental results showing that the properties of sequences generated by the logistic map are heavily dependent on the rounding method used and give a theoretical analysis of each method. Then, we describe why using the map with a floor function for rounding generates long aperiodic subsequences.