This work addresses the problems of bit allocation and coding gain in subband coding system with non-paraunitary filter banks. Since energy conservation does not hold in non-paraunitary filter banks, the model to be adopted for quantizers is important to evaluate the output distortion introduced by subband signal quantization. To evaluate the overall distortion we start with adopting the gain plus additive noise model for quantizers, which is more reliable than the additive noise model. With this model, the expression for overall reconstruction error variance becomes so complicated that the problem of optimum bit allocation, as required for evaluation of the coding gain, must be numerically solved. So, we propose an approximation method in which we neglect the terms due to correlation among quantization errors in calculating the bit allocation but take them into consideration in evaluating the coding gain, assuming sufficiently high bitrate coding. Application of this approximation method to the SSKF subband coding systems with AR (1) input source shows that the method is very accurate even at low bit rate coding (1 bit/sample).

In many cryptographic applications, a large-order finite field is used as a definition field, and accordingly, many researches on a fast implementation of such a large-order extension field are reported. This paper proposes a definition field Fpm with its characteristic p a pseudo Mersenne number, the modular polynomial f(x) an irreducible all-one polynomial (AOP), and using a suitable basis. In this paper, we refer to this extension field as an all-one polynomial field (AOPF) and to its basis as pseudo polynomial basis (PPB). Among basic arithmetic operations in AOPF, a multiplication between non-zero elements and an inversion of a non-zero element are especially time-consuming. As a fast realization of the former, we propose cyclic vector multiplication algorithm (CVMA), which can be used for possible extension degree m and exploit a symmetric structure of multiplicands in order to reduce the number of operations. Accordingly, CVMA attains a 50% reduction of the number of scalar multiplications as compared to the usually adopted vector multiplication procedure. For fast realization of inversion, we use the Itoh-Tsujii algorithm (ITA) accompanied with Frobenius mapping (FM). Since this paper adopts the PPB, FM can be performed without any calculations. In addition to this feature, ITA over AOPF can be composed with self reciprocal vectors, and by using CVMA this fact can also save computation cost for inversion.

This paper shows a necessary condition for type- and Gauss period normal bases in Fpm to be the same normal basis by using their traces.

This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2=x3+a, a∈Fp. For the curve, an isomorphic substitution from G2 ⊂ E(Fp12 into G'2 in subfield-twisted elliptic curve E'(Fp2) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

This paper deals with the improvement of performance in the transform and subband image coding systems with negatively-correlated input signal. Using a more general source model than the AR(1) model as an input, the coding performance for the transform and subband coding schemes is evaluated in terms of the coding gain over PCM. The source model used here has such resonant band characteristics that its power spectrum has a peak at some frequency between 0 and π/2 for positive autocorrelation and between π/2 and π for negative autocorrelation. It is shown that coding schemes are classified into two classes; one has the pairwise mirror-image property in their filter banks and performs symmetrically regardless of the sign of the autocorrelation, and the other has no that property and performs asymmetrically with inferior performance for negative autocorrelation. Among the well-known transform and subband coding schemes, the DHT and QMF coding systems belong to the former class and the DCT and SSKF coding systems to the latter. In order to remedy the inferior performance, we propose the method in which one modulates the negatively-correlated signal sequences by the alternating sign signal with unity magnitude (-1)n to convert them into positively-correlated sequences. The algorithms are presented for the DCT and SSKF image coding systems with the adaptive signal modulation. In the DCT coding systems, we are particularly concerned with the DCT-based hierarchical progressive coding mode of operation, since the signal modulation works well for that coding mode. The SSKF image coding system has the regular quad-tree structure with three stages. The simulation results for test images show that our method can successfully be applied to the images with a considerable amount of energy in the frequency range higher than π/2 in horizontal or vertical direction, such as fingerprints and textile patterns sampled at a rate close to the Nyquist rate. The paper closes with a brief introduction to the modification of our DCT-based method.

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve (Fp2) instead of doing on the original curve E(Fp12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) in (Fp2). On BN curves, note is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs . In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log 2r/(k), where () is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log 2r⌋ to ⌊ log 2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

In this paper, a multiplication algorithm in extension field Fpm is proposed. Different from the previous works, the proposed algorithm can be applied for an arbitrary pair of characteristic p and extension degree m only except for the case when 4p divides m(p-1) and m is an even number. As written in the title, when p>m, 4p does not divide m(p-1). The proposed algorithm is derived by modifying cyclic vector multiplication algorithm (CVMA). We adopt a special class of Gauss period normal bases. At first in this paper, it is formulated as an algorithm and the calculation cost of the modified algorithm is evaluated. Then, compared to those of the previous works, some experimental results are shown. Finally, it is shown that the proposed algorithm is sufficient practical when extension degree m is small.

Recently, pairing-based cryptographic application sch-emes have attracted much attentions. In order to make the schemes more efficient, not only pairing algorithm but also arithmetic operations in extension field need to be efficient. For this purpose, the authors have proposed a series of cyclic vector multiplication algorithms (CVMAs) corresponding to the adopted bases such as type-I optimal normal basis (ONB). Note here that every basis adapted for the conventional CVMAs are just special classes of Gauss period normal bases (GNBs). In general, GNB is characterized with a certain positive integer h in addition to characteristic p and extension degree m, namely type-⟨h.m⟩ GNB in extension field Fpm. The parameter h needs to satisfy some conditions and such a positive integer h infinitely exists. From the viewpoint of the calculation cost of CVMA, it is preferred to be small. Thus, the minimal one denoted by hmin will be adapted. This paper focuses on two remaining problems: 1) CVMA has not been expanded for general GNBs yet and 2) the minimal hmin sometimes becomes large and it causes an inefficient case. First, this paper expands CVMA for general GNBs. It will improve some critical cases with large hmin reported in the conventional works. After that, this paper shows a theorem that, for a fixed prime number r, other prime numbers modulo r uniformly distribute between 1 to r-1. Then, based on this theorem, the existence probability of type-⟨hmin,m⟩ GNB in Fpm and also the expected value of hmin are explicitly given.

This paper focuses on developing a square root (SQRT) algorithm in finite fields GF(p2d) (d 0). Examining the Smart algorithm, a well-known SQRT algorithm, we can see that there is some computation overlap between the Smart algorithm and the quadratic residue (QR) test, which must be implemented before a SQRT computation. It makes the Smart algorithm inefficient. In this paper, we propose a new QR test and a new SQRT algorithm in GF(p2d), in which not only there is no computation overlap, but also most of computations required for the proposed SQRT algorithm in GF(p2d) can be implemented in the corresponding subfields GF(p2d-i) for 1 i d, which yields many reductions in the computational time and complexity. The computer simulation also shows that the proposed SQRT algorithm is much faster than the Smart algorithm.

This paper proposes a method to construct a basis conversion matrix between two given bases in Fpm. In the proposed method, Gauss period normal basis (GNB) works as a bridge between the two bases. The proposed method exploits this property and construct a basis conversion matrix mostly faster than EDF-based algorithm on average in polynomial time. Finally, simulation results are reported in which the proposed method compute a basis conversion matrix within 30 msec on average with Celeron (2.00 GHz) when mlog p≈160.

This paper proposes an extension field named TypeII AOPF. This extension field adopts TypeII optimal normal basis, cyclic vector multiplication algorithm, and Itoh-Tsujii inversion algorithm. The calculation costs for a multiplication and inversion in this field is clearly given with the extension degree. For example, the arithmetic operations in TypeII AOPF Fp5 is about 20% faster than those in OEF Fp5. Then, since CVMA is suitable for parallel processing, we show that TypeII AOPF is superior to AOPF as to parallel processing and then show that a multiplication in TypeII AOPF becomes about twice faster by parallelizing the CVMA computation in TypeII AOPF.

In this paper, an image restoration method using the Wiener filter is proposed. In order to bring the theory of the Wiener filter consistent with images that have spatially varying statistics, the proposed method adopts the locally adaptive Wiener filter (AWF) based on the universal Gaussian mixture distribution model (UNI-GMM) previously proposed for denoising. Applying the UNI-GMM-AWF for deconvolution problem, the proposed method employs the stationary Wiener filter (SWF) as a pre-filter. The SWF in the discrete cosine transform domain shrinks the blur point spread function and facilitates the modeling and filtering at the proceeding AWF. The SWF and UNI-GMM are learned using a generic training image set and the proposed method is tuned toward the image set. Simulation results are presented to demonstrate the effectiveness of the proposed method.

A lot of improvements and optimizations for the hardware implementation of SubBytes of Rijndael, in detail inversion in F28 have been reported. Instead of the Rijndael original F28, it is known that its isomorphic tower field F((22)2)2 has a more efficient inversion. Then, some conversion matrices are also needed for connecting these isomorphic binary fields. According to the previous works, it is said that the number of 1's in the conversion matrices is preferred to be small; however, they have not focused on the Hamming weights of the row vectors of the matrices. It plays an important role for the calculation architecture, in detail critical path delays. This paper shows the existence of efficient conversion matrices whose row vectors all have the Hamming weights less than or equal to 4. They are introduced as quite rare cases. Then, it is pointed out that such efficient conversion matrices can connect the Rijndael original F28 to some less efficient inversions in F((22)2)2 but not to the most efficient ones. In order to overcome these inconveniences, this paper next proposes a technique called mixed bases. For the towerings, most of previous works have used several kinds of bases such as polynomial and normal bases in mixture. Different from them, this paper proposes another mixture of bases that contributes to the reduction of the critical path delay of SubBytes. Then, it is shown that the proposed mixture contributes to the efficiencies of not only inversion in F((22)2)2 but also conversion matrices between the isomorphic fields F28 and F((22)2)2.

In the case of Barreto-Naehrig pairing-friendly curves of embedding degree 12 of order r, recent efficient Ate pairings such as R-ate, optimal, and Xate pairings achieve Miller loop lengths of(1/4) ⌊log2 r⌋. On the other hand, the twisted Ate pairing requires (3/4) ⌊log2 r⌋ loop iterations, and thus is usually slower than the recent efficient Ate pairings. This paper proposes an improved twisted Ate pairing using Frobenius maps and a small scalar multiplication. The proposed idea splits the Miller's algorithm calculation into several independent parts, for which multi-pairing techniques apply efficiently. The maximum number of loop iterations in Miller's algorithm for the proposed twisted Ate pairing is equal to the (1/4) ⌊log2 r ⌋ attained by the most efficient Ate pairings.

In this paper, we investigate minimum mean absolute error (mmae) predictors for lossless image coding. In some prediction-based lossless image coding systems, coding performance depends largely on the efficiency of predictors. In this case, minimum mean square error (mmse) predictors are often used. Generally speaking, these predictors have a problem that outliers departing very far from a regression line are conspicuous enough to obscure inliers. That is, in image compression, large prediction errors near edges cause the degradation of the prediction accuracy of flat areas. On the other hand, mmae predictors are less sensitive to edges and provide more accurate prediction for flat areas than mmse predictors. At the same time, the prediction accuracy of edge areas is brought down. However, the entropy of the prediction errors based on mmae predictors is reduced compared with that of mmse predictors because general images mainly consist of flat areas. In this study, we adopt the Laplacian and the Gaussian function models for prediction errors based on mmae and mmse predictors, respectively, and show that mmae predictors outperform conventional mmse-based predictors including weighted mmse predictors in terms of coding performance.