GPS is an efficient identification (ID) scheme based on Schnorr ID scheme designed for applications where low cost devices with limited resources are used and a very-short authentication time is required. Let P and V be a prover and a verifier in GPS and < g > be a multiplicative group. P holds a secret key S∈[0,S) and publishes I=g-s. In each elementary round: (1) P sends to Vx=gr where r is chosen randomly from [0,A), (2) V sends to P a random C∈[0,B), and (3) P sends y=r+cs (no modulus computation). Since there is no modular reduction on y, a key issue is whether GPS leaks information about s. It has been proved that GPS is statistical zero-knowledge, if in asymptotic sense, BS/A is negligible, where is the number of elementary rounds in one complete identification trial. In this paper, first we will show the followings. (1) We can construct a concrete attack procedure which reveals one bit of secret key s from the specified value range of y unless BS/A is negligible. We reconfirm that we must set A extremely large compared to BS. (2) This drawback can be avoided by modifying GPS into a new scheme, GPS+, in which P does not send the value of y in the specified range where y reveals some information about s. GPS+ ensures perfect ZK only by requiring both A > BS and A being a multiple of the order of g, while it allows an honest P to be rejected with probability at most BS/(2A) in one elementary round. Under the standard recommended parameters for 80-bit security where =1, |S|=160, and |B|=35, |A|=275 is recommended for GPS in GPS' paper. On the other hand, GPS+ can guarantee 80-bit security and less than one false rejection on average in 100 identifications with only |A|=210 with the same parameters as above. In practice, this implies 275-210=65 bits (≈24%) reductions on storage requirement. We have confirmed that the reduce of A also reduces approximately 4% of running time for online response using a certain implementation technique for GPS+ by machine experiment.

In this paper, we show that each of the special cases of strong conditional oblivious transfer can be obtained from only one instance of its inverse. Each of our constructions is simple and efficient, and preserves the same security level of its inverse.

Orthogonal Frequency Division Multiple Access (OFDMA) is the technique for the next generation wireless networks, whose enhanced capacity is to serve a combination of traffic with diverse QoS requirements. To realize this, the resource allocation scheme has to be carefully designed so that the instantaneous channel condition, QoS provision, and the network utilization are integrated. In this paper, we propose the resource allocation scheme for downlink traffic of 2 classes; guaranteed and non-guaranteed, having different traffic contracts. We provide guaranteed throughput for the guaranteed class by considering the cost incurred from serving this class. Then, we formulate the assignment problem with the objective of minimizing this cost. For the non-guaranteed class, we aim to maximize network utilization and to maintain throughput fairness, by employing Proportional Fairness (PF) utility function and emphasizing on the portion of network resource that the user received and the individual user's queue length. We use a heuristic approach to schedule users' data into the downlink subframe by exploiting multi-user multi-channel diversity to utilize system's bandwidth efficiently. Intensive simulation shows that our scheme differentiates classes of traffic and provides satisfied throughput, lower packet drop rate, and lower queuing delay to the guaranteed class, comparing with those of the non-guaranteed class. Furthermore, the results also show that the scheme is fair to users in the same class in both throughput and service time.

This paper proposes Twin Turbo (T2) MIMO-OFDM (Multiple Input Multiple Output-Orthogonal Frequency Division Multiplexing). The advanced iterative decoder, called the T2 decoder, decreases the transmission error rate compared to conventional turbo decoders because it uses the correlation information among the bits mapped on an identical symbol of multi-level modulation and updates the channel reliability. When T2 is applied to a MIMO-OFDM, the required symbol energy to noise power density ratio (Es/N0) can be reduced more effectively than when T2 is applied to SISO (Single Input Single Output). This is because T2 can use the correlation among the bits not only mapped on an identical symbol but also transmitted from different antennas. Moreover, T2 achieves good performance in a correlated MIMO channel because the average minimum squared Euclidean distances between symbol replica candidates consisting of signals transmitted from multiple transmitter antennas are reduced. Computer simulations verify that the required Es/N0 of T2 MIMO-OFDM using 16QAM is 1.9 dB lower than that of a conventional turbo decoder when the correlation coefficients of transmitter and receiver antennas are 0.8. A computational complexity analysis clarifies the relation between the increase in computational complexity and the reduction in the required Es/N0.

We have proposed a noise reduction method based on a noise reconstruction system (NRS). The NRS uses a linear prediction error filter (LPEF) and a noise reconstruction filter (NRF) which estimates background noise by system identification. In case a fixed step size for updating tap coefficients of the NRF is used, it is difficult to reduce background noise while maintaining the high quality of enhanced speech. In order to solve the problem, a variable step size is proposed. It makes use of cross-correlation between an input signal and an enhanced speech signal. In a speech section, a variable step size becomes small so as not to estimate speech, on the other hand, large to track the background noise in a non-speech section.

Traditional traffic analysis is can be performed online only when detection targets are well specified and are fairly primitive. Local processing at measurement point is discouraged as it would considerably affect major functionality of a network device. When traffic is analyzed at flow level, the notion of flow timeout generates differences in flow lifespan and impedes unbiased monitoring, where only n-top flows ordered by a certain metric are considered. This paper proposes an alternative manner of traffic analysis based on source IP aggregation. The method uses flows as basic building blocks but ignores timeouts, using short monitoring intervals instead. Multidimensional space of metrics obtained through IP aggregation, however, enhances capabilities of traffic analysis by facilitating detection of various anomalous conditions in traffic simultaneously.

The physical meaning of the energy velocity in lossy Lorentz media is clarified. First, two expressions for the energy velocity, one by Brillouin and another by Diener, are examined. We show that, while Diener's is disqualified, Brillouin's is acceptable as energy velocity. Secondly, we show that the signal velocity defined by Brillouin and Baerwald is exactly identical with the Brillouin's energy velocity. Thirdly, by using triangle-modulated harmonic wave, we show that the superluminal group velocity plays its role as a revelator only after the arrival of the signal traveling at the subluminal energy velocity. In short, nothing moves at the group velocity, and every frequency component of a signal propagates at its own energy velocity.

Clonal Selection Algorithm (CSA), based on the clonal selection theory proposed by Burnet, has gained much attention and wide applications during the last decade. However, the proliferation process in the case of immune cells is asexual. That is, there is no information exchange during different immune cells. As a result the traditional CSA is often not satisfactory and is easy to be trapped in local optima so as to be premature convergence. To solve such a problem, inspired by the quantum interference mechanics, an improved quantum crossover operator is introduced and embedded in the traditional CSA. Simulation results based on the traveling salesman problems (TSP) have demonstrated the effectiveness of the quantum crossover-based Clonal Selection Algorithm.

In this paper, we propose an effective key recovery attack on stream ciphers Py and Pypy with chosen IVs. Our method uses an internal-state correlation based on the vulnerability that the randomization of the internal state in the KSA is inadequate, and it improves two previous attacks proposed by Wu and Preneel (a WP-1 attack and a WP-2 attack). For a 128-bit key and a 128-bit IV, the WP-1 attack can recover a key with 223 chosen IVs and time complexity 272. First, we improve the WP-1 attack by using the internal-state correlation (called a P-1 attack). For a 128-bit key and a 128-bit IV, the P-1 attack can recover a key with 223 chosen IVs and time complexity 248, which is 1/224 of that of the WP-1 attack. The WP-2 attack is another improvement on the WP-1 attack, and it has been known as the best previous attack against Py and Pypy. For a 128-bit key and a 128-bit IV, the WP-2 attack can recover a key with 223 chosen IVs and time complexity 224. Second, we improve the WP-2 attack by using the internal-state correlation as well as the P-1 attack (called a P-2 attack). For a 128-bit key and a 128-bit IV, the P-2 attack can recover a key with 223 chosen IVs and time complexity 224, which is the same capability as that of the WP-2 attack. However, when the IV size is from 64 bits to 120 bits, the P-2 attack is more effective than the WP-2 attack. Thus, the P-2 attack is the known best attack against Py and Pypy.

Bolstering survivable backbone networks against multiple failures is becoming a common concern among telecom companies that need to continue services even when disasters occur. This paper presents a multiple-failure recovery scheme that considers the operation and management of optical paths. The presented scheme employs scheme escalation from pre-planned restoration to full rerouting. First, the survivability of this scheme against multiple failures is evaluated considering operational constraints such as route selection, resource allocation, and the recovery order of failed paths. The evaluation results show that scheme escalation provides a high level of survivability even under operational constraints, and this paper quantitatively clarifies the impact of these various operational constraints. In addition, the fundamental functions of the scheme escalation are implemented in the Generalized Multi-Protocol Label Switching control plane and verified in an optical-cross-connect-based network.

In this paper, we propose an Adaptation Decision-Taking Engine (ADTE) that targets the delivery of scalable video content in mobile usage environments. Our ADTE design relies on an objective perceptual quality metric in order to achieve video adaptation according to human visual perception, thus allowing to maximize the Quality of Service (QoS). To describe the characteristics of a particular usage environment, as well as the properties of the scalable video content, MPEG-21 Digital Item Adaptation (DIA) is used. Our experimental results show that the proposed ADTE design provides video content with a higher subjective quality than an ADTE using the conventional maximum-bit-allocation method.

The asymptotic behaviour of the light power at large distance in a random waveguide system with a short correlation length and a mathematical mechanism of the asymptotic behaviour are clarified. The discussion is based on the coupled mode theory. First, for the light propagation in an ordered waveguide system a new description in terms of the light power is presented. A solution of the integro-differential equation describing the light power is expressed as a contour integral in the Laplace transform domain. Singularities of the integrand are branch points and the branch cut integral determines the asymptotic behaviour of the solution. The light power decreases in inverse proportion to the distance. Secondly the description is extended to the case of a random waveguide system. The differential equation of the recurrence type describing the incoherent power is reduced to the integro-differential equation and it is shown that the kernel is the product of the kernel for an ordered system and the damping term. The equation is solved by using the same procedure as that for an ordered system and a contour integral representation of the solution is obtained. Singularities of the integrand are poles and branch points. The poles arise from the damping term of the kernel and the residues of the poles determine the asymptotic behaviour of the solution. The incoherent power decreases in inverse proportion to the square root of the distance.

The aperture feed with an air cavity in a LTCC (Low Temperature Co-fired Ceramics) post-wall waveguide with dielectric constant εr more than 5 is proposed for bandwidth enhancement in the millimeter wave band. A rectangular cavity is adopted because only one mask pattern of a rectangular can be used for each layer of LTCC for reducing the number of the design parameters and the cost. The fabrication limitation such as the spacing between the post edge and the aperture edge reduces the bandwidth. The feeding structures are designed at 61.25 GHz for a range of εr from 2.0 to 9.0. In the case of εr = 7.0, the bandwidth for reflection below -15 dB with the air cavity is 4.25 times that without the air cavity in simulation, and 3.10 times in measurement.

In this letter, a novel power allocation scheme is proposed to improve the outage performance of an amplify-and-forward (AF) cooperative communication network with multiple potential relays under the assumption that only mean channel gains are available at the transmitters. In this scheme, power allocation is studied jointly with a relay selection algorithm which has low computational complexity. Simulation results demonstrate the performance improvement of the proposed scheme in terms of outage behavior.

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve (Fp2) instead of doing on the original curve E(Fp12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) in (Fp2). On BN curves, note is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs . In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it has been recommended for Japanese e-Government ciphers by the CRYPTREC project. This paper reports a previously unknown higher order differential characteristic of 4-round MISTY1 with the FL functions. It also shows that a higher order differential attack that utilizes this newly discovered characteristic is successful against 6-round MISTY1 with the FL functions. This attack can recover a partial subkey with a data complexity of 253.7 and a computational complexity of 264.4, which is better than any previous cryptanalysis of MISTY1.

For a variant of RSA with modulus N=prq and ed ≡ 1 (mod(p-1)(q-1)), we show that d is to be recovered if d < N(2-)/(r+1). (Note that φ(N) (p-1)(q-1).) Boneh-Durfee's result for the standard RSA is obtained as a special case for r=1. Technically, we develop a method for finding a small root of a trivariate polynomial equation f(x, y,z)=x(y-1)(z-1)+1 ≡ 0 (mod e) under the condition that yrz=N. Our result cannot be obtained from the generic method of Jochemsz-May.

We propose a protocol for converting the encryption function of a ciphertext into another encryption function while keeping the corresponding message secret. The proposed protocol allows conversions of the El Gamal and Paillier cryptosystems and has the potential to design an efficient multiparty protocol intended for circuits consisting of arithmetic and logical operations. We clarify the condition of circuits such that the multiparty protocol based on the proposed protocol provides better performance than previous approaches. In addition, we introduce some privacy-preserving statistical computations as an effective application of the proposed protocol.

New computer viruses are continually being generated and they cause damage all over the world. In general, current anti-virus software detects viruses by matching a pattern based on the signature; thus, unknown viruses without any signature cannot be detected. Although there are some static analysis technologies that do not depend on signatures, virus writers often use code obfuscation techniques, which make it difficult to execute a code analysis. As is generally known, unknown viruses and known viruses share a common feature. In this paper we propose a new static analysis technology that can circumvent code obfuscation to extract the common feature and detect unknown viruses based on similarity. The results of evaluation experiments demonstrated that this technique is able to detect unknown viruses without false positives.

The present paper describes quality enhancement of speech corrupted by an additive background noise in a single-channel system. The proposed approach is based on the introduction of a perceptual criterion using a frequency-weighting filter in a subtractive-type enhancement process. Although this subtractive-type method is very attractive because of its simplicity, it produces an unnatural and unpleasant residual noise. Thus, it is difficult to select fixed optimized parameters for all speech and noise conditions. A new and effective algorithm is thus developed based on the masking properties of the human ear. This newly developed algorithm allows for an automatic adaptation in the time and frequency of the enhancement system and determines a suitable noise estimate according to the frequency of the noisy input speech. Experimental results demonstrate that the proposed approach can efficiently remove additive noise related to various kinds of noise corruption.