Generalized Minimum Distance (GMD) decoding is a well-known soft-decision decoding for linear codes. Previous research on GMD decoding focused mainly on unquantized AWGN channels with BPSK signaling for binary linear codes. In this paper, a study on the design of a 4-level uniform quantizer for GMD decoding is given. In addition, an extended version of a GMD decoding algorithm for a 4-level quantizer is proposed, and the effectiveness of the proposed decoding is shown by simulation.

In many cryptographic applications, a large-order finite field is used as a definition field, and accordingly, many researches on a fast implementation of such a large-order extension field are reported. This paper proposes a definition field Fpm with its characteristic p a pseudo Mersenne number, the modular polynomial f(x) an irreducible all-one polynomial (AOP), and using a suitable basis. In this paper, we refer to this extension field as an all-one polynomial field (AOPF) and to its basis as pseudo polynomial basis (PPB). Among basic arithmetic operations in AOPF, a multiplication between non-zero elements and an inversion of a non-zero element are especially time-consuming. As a fast realization of the former, we propose cyclic vector multiplication algorithm (CVMA), which can be used for possible extension degree m and exploit a symmetric structure of multiplicands in order to reduce the number of operations. Accordingly, CVMA attains a 50% reduction of the number of scalar multiplications as compared to the usually adopted vector multiplication procedure. For fast realization of inversion, we use the Itoh-Tsujii algorithm (ITA) accompanied with Frobenius mapping (FM). Since this paper adopts the PPB, FM can be performed without any calculations. In addition to this feature, ITA over AOPF can be composed with self reciprocal vectors, and by using CVMA this fact can also save computation cost for inversion.

This paper shows a necessary condition for type- and Gauss period normal bases in Fpm to be the same normal basis by using their traces.

This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2=x3+a, a∈Fp. For the curve, an isomorphic substitution from G2 ⊂ E(Fp12 into G'2 in subfield-twisted elliptic curve E'(Fp2) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

Pseudorandom number generators are required to generate pseudorandom numbers which have good statistical properties as well as unpredictability in cryptography. An m-sequence is a linear feedback shift register sequence with maximal period over a finite field. M-sequences have good statistical properties, however we must nonlinearize m-sequences for cryptographic purposes. A geometric sequence is a sequence given by applying a nonlinear feedforward function to an m-sequence. Nogami, Tada and Uehara proposed a geometric sequence whose nonlinear feedforward function is given by the Legendre symbol, and showed the period, periodic autocorrelation and linear complexity of the sequence. Furthermore, Nogami et al. proposed a generalization of the sequence, and showed the period and periodic autocorrelation. In this paper, we first investigate linear complexity of the geometric sequences. In the case that the Chan-Games formula which describes linear complexity of geometric sequences does not hold, we show the new formula by considering the sequence of complement numbers, Hasse derivative and cyclotomic classes. Under some conditions, we can ensure that the geometric sequences have a large linear complexity from the results on linear complexity of Sidel'nikov sequences. The geometric sequences have a long period and large linear complexity under some conditions, however they do not have the balance property. In order to construct sequences that have the balance property, we propose interleaved sequences of the geometric sequence and its complement. Furthermore, we show the periodic autocorrelation and linear complexity of the proposed sequences. The proposed sequences have the balance property, and have a large linear complexity if the geometric sequences have a large one.

A class of zero-correlation zone (ZCZ) sequences constructed by the recursive procedure from a perfect sequence and a unitary matrix was proposed by Torii, Nakamura, and Suehiro [1] . In the reference [1] , three parameters, s.t., the sequence length, the family size and the length of the ZCZ, were evaluated for a general estimate of the performance of the ZCZ sequences. In this letter, we give more detailed distributions of that correlation values are zero on their ZCZ sequence sets.

Pairing-based cryptography has realized a lot of innovative cryptographic applications such as attribute-based cryptography and semi homomorphic encryption. Pairing is a bilinear map constructed on a torsion group structure that is defined on a special class of elliptic curves, namely pairing-friendly curve. Pairing-friendly curves are roughly classified into supersingular and non supersingular curves. In these years, non supersingular pairing-friendly curves have been focused on from a security reason. Although non supersingular pairing-friendly curves have an ability to bridge various security levels with various parameter settings, most of software and hardware implementations tightly restrict them to achieve calculation efficiencies and avoid implementation difficulties. This paper shows an FPGA implementation that supports various parameter settings of pairings on non supersingular pairing-friendly curves for which Montgomery reduction, cyclic vector multiplication algorithm, projective coordinates, and Tate pairing have been combinatorially applied. Then, some experimental results with resource usages are shown.

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve (Fp2) instead of doing on the original curve E(Fp12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) in (Fp2). On BN curves, note is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs . In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

An algebraic group is an essential mathematical structure for current communication systems and information security technologies. Further, as a widely used technology underlying such systems, pseudorandom number generators have become an indispensable part of their construction. This paper focuses on a theoretical analysis for a series of pseudorandom sequences generated by a trace function and the Legendre symbol over an odd characteristic field. As a consequence, the authors give a theoretical proof that ensures a set of subsequences forms a group with a specific binary operation.

It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log 2r/(k), where () is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log 2r⌋ to ⌊ log 2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

Pseudorandom number generators have been widely used in Monte Carlo methods, communication systems, cryptography and so on. For cryptographic applications, pseudorandom number generators are required to generate sequences which have good statistical properties, long period and unpredictability. A Dickson generator is a nonlinear congruential generator whose recurrence function is the Dickson polynomial. Aly and Winterhof obtained a lower bound on the linear complexity profile of a Dickson generator. Moreover Vasiga and Shallit studied the state diagram given by the Dickson polynomial of degree two. However, they do not specify sets of initial values which generate a long period sequence. In this paper, we show conditions for parameters and initial values to generate long period sequences, and asymptotic properties for periods by numerical experiments. We specify sets of initial values which generate a long period sequence. For suitable parameters, every element of this set occurs exactly once as a component of generating sequence in one period. In order to obtain sets of initial values, we consider a logistic generator proposed by Miyazaki, Araki, Uehara and Nogami, which is obtained from a Dickson generator of degree two with a linear transformation. Moreover, we remark on the linear complexity profile of the logistic generator. The sets of initial values are described by values of the Legendre symbol. The main idea is to introduce a structure of a hyperbola to the sets of initial values. Our results ensure that generating sequences of Dickson generator of degree two have long period. As a consequence, the Dickson generator of degree two has some good properties for cryptographic applications.

In this paper, a multiplication algorithm in extension field Fpm is proposed. Different from the previous works, the proposed algorithm can be applied for an arbitrary pair of characteristic p and extension degree m only except for the case when 4p divides m(p-1) and m is an even number. As written in the title, when p>m, 4p does not divide m(p-1). The proposed algorithm is derived by modifying cyclic vector multiplication algorithm (CVMA). We adopt a special class of Gauss period normal bases. At first in this paper, it is formulated as an algorithm and the calculation cost of the modified algorithm is evaluated. Then, compared to those of the previous works, some experimental results are shown. Finally, it is shown that the proposed algorithm is sufficient practical when extension degree m is small.

Because of its simple structure, many reports on the logistic map have been presented. To implement this map on computers, finite precision is usually used, and therefore rounding is required. There are five major methods to implement rounding, but, to date, no study of rounding applied to the logistic map has been reported. In the present paper, we present experimental results showing that the properties of sequences generated by the logistic map are heavily dependent on the rounding method used and give a theoretical analysis of each method. Then, we describe why using the map with a floor function for rounding generates long aperiodic subsequences.

Recently, pairing-based cryptographic application sch-emes have attracted much attentions. In order to make the schemes more efficient, not only pairing algorithm but also arithmetic operations in extension field need to be efficient. For this purpose, the authors have proposed a series of cyclic vector multiplication algorithms (CVMAs) corresponding to the adopted bases such as type-I optimal normal basis (ONB). Note here that every basis adapted for the conventional CVMAs are just special classes of Gauss period normal bases (GNBs). In general, GNB is characterized with a certain positive integer h in addition to characteristic p and extension degree m, namely type-⟨h.m⟩ GNB in extension field Fpm. The parameter h needs to satisfy some conditions and such a positive integer h infinitely exists. From the viewpoint of the calculation cost of CVMA, it is preferred to be small. Thus, the minimal one denoted by hmin will be adapted. This paper focuses on two remaining problems: 1) CVMA has not been expanded for general GNBs yet and 2) the minimal hmin sometimes becomes large and it causes an inefficient case. First, this paper expands CVMA for general GNBs. It will improve some critical cases with large hmin reported in the conventional works. After that, this paper shows a theorem that, for a fixed prime number r, other prime numbers modulo r uniformly distribute between 1 to r-1. Then, based on this theorem, the existence probability of type-⟨hmin,m⟩ GNB in Fpm and also the expected value of hmin are explicitly given.

This paper focuses on developing a square root (SQRT) algorithm in finite fields GF(p2d) (d 0). Examining the Smart algorithm, a well-known SQRT algorithm, we can see that there is some computation overlap between the Smart algorithm and the quadratic residue (QR) test, which must be implemented before a SQRT computation. It makes the Smart algorithm inefficient. In this paper, we propose a new QR test and a new SQRT algorithm in GF(p2d), in which not only there is no computation overlap, but also most of computations required for the proposed SQRT algorithm in GF(p2d) can be implemented in the corresponding subfields GF(p2d-i) for 1 i d, which yields many reductions in the computational time and complexity. The computer simulation also shows that the proposed SQRT algorithm is much faster than the Smart algorithm.

This paper proposes a method to construct a basis conversion matrix between two given bases in Fpm. In the proposed method, Gauss period normal basis (GNB) works as a bridge between the two bases. The proposed method exploits this property and construct a basis conversion matrix mostly faster than EDF-based algorithm on average in polynomial time. Finally, simulation results are reported in which the proposed method compute a basis conversion matrix within 30 msec on average with Celeron (2.00 GHz) when mlog p≈160.

Let q and f(x) be an odd characteristic and an irreducible polynomial of degree m over Fq, respectively. Then, suppose that F(x)=xmf(x+x-1) becomes irreducible over Fq. This paper shows that the conjugate zeros of F(x) with respect to Fq form a normal basis in Fq2m if and only if those of f(x) form a normal basis in Fqm and the compart of conjugates given as follows are linearly independent over Fq, {γ-γ-1,(γ-γ-1)q, …,(γ-γ-1)qm-1} where γ is a zero of F(x) and thus a proper element in Fq2m. In addition, from the viewpoint of q-polynomial, this paper proposes an efficient method for checking whether or not the conjugate zeros of F(x) satisfy the condition.

This paper proposes an extension field named TypeII AOPF. This extension field adopts TypeII optimal normal basis, cyclic vector multiplication algorithm, and Itoh-Tsujii inversion algorithm. The calculation costs for a multiplication and inversion in this field is clearly given with the extension degree. For example, the arithmetic operations in TypeII AOPF Fp5 is about 20% faster than those in OEF Fp5. Then, since CVMA is suitable for parallel processing, we show that TypeII AOPF is superior to AOPF as to parallel processing and then show that a multiplication in TypeII AOPF becomes about twice faster by parallelizing the CVMA computation in TypeII AOPF.

This paper proposes a new multi-value sequence generated by utilizing primitive element, trace, and power residue symbol over odd characteristic finite field. In detail, let p and k be an odd prime number as the characteristic and a prime factor of p-1, respectively. Our proposal generates k-value sequence T={ti | ti=fk(Tr(ωi)+A)}, where ω is a primitive element in the extension field $F{p}{m}$, Tr(⋅) is the trace function that maps $F{p}{m} ightarrow {p}$, A is a non-zero scalar in the prime field ${p}$, and fk(⋅) is a certain mapping function based on k-th power residue symbol. Thus, the proposed sequence has four parameters as p, m, k, and A. Then, this paper theoretically shows its period, autocorrelation, and cross-correlation. In addition, this paper discusses its linear complexity based on experimental results. Then, these features of the proposed sequence are observed with some examples.

A lot of improvements and optimizations for the hardware implementation of SubBytes of Rijndael, in detail inversion in F28 have been reported. Instead of the Rijndael original F28, it is known that its isomorphic tower field F((22)2)2 has a more efficient inversion. Then, some conversion matrices are also needed for connecting these isomorphic binary fields. According to the previous works, it is said that the number of 1's in the conversion matrices is preferred to be small; however, they have not focused on the Hamming weights of the row vectors of the matrices. It plays an important role for the calculation architecture, in detail critical path delays. This paper shows the existence of efficient conversion matrices whose row vectors all have the Hamming weights less than or equal to 4. They are introduced as quite rare cases. Then, it is pointed out that such efficient conversion matrices can connect the Rijndael original F28 to some less efficient inversions in F((22)2)2 but not to the most efficient ones. In order to overcome these inconveniences, this paper next proposes a technique called mixed bases. For the towerings, most of previous works have used several kinds of bases such as polynomial and normal bases in mixture. Different from them, this paper proposes another mixture of bases that contributes to the reduction of the critical path delay of SubBytes. Then, it is shown that the proposed mixture contributes to the efficiencies of not only inversion in F((22)2)2 but also conversion matrices between the isomorphic fields F28 and F((22)2)2.