A new optical access system based on the synchronous transfer mode - passive double star system has been developed to provide high-speed LAN-like access. It uses a shared-band method that enables multiple users to efficiently share a single bandwidth of up to 10 Mb/s and a grouping function that divides the access network into several logical networks, each of which can provide a virtual LAN to users. This paper describes an information model and a framework for configuration management and fault management and discusses the requirements for element management, which involves data-link establishment, logical group management, and testing. Element management mainly requires appropriate remote handling on data cards installed in each optical network unit on user premises. A method is proposed that satisfies these requirements. With this method, the element operations system can provide the required operational functionality.

In an order-specified multisignature scheme, one can verify not only a set of signers who have signed the message but also its signing order. Though we have seen several schemes with such properties proposed, none of them is given the security proof against active adversaries. The scheme can be easily modified to be an order-specified multisignature scheme, but still has the restriction that the possible signing orders are only ones of the type of serial signing. In this paper, we propose the first order-specified multisignature scheme, which is shown to be secure against adaptive chosen-message insider attacks in the random oracle model, and which allows the signing orders to form like any series-parallel graphs. The security is shown by using ID-reduction technique, which reduces the security of multisignature schemes to those of multi-round identification schemes. Furthermore, we discuss the efficiency of the proposed scheme and the upper bound of the possible number of participating signers.

We extend the theorem by Hong et al. which gives the upper bounds of the maximum average differential and linear hull probabilities (MADP and MALHP) for SPN block cipher with optimal or quasi-optimal diffusion layers, to the case of nested SPN (NSPN) cipher. Applying the extended theorem to two NSPN ciphers, Hierocrypt-3 of 128-bit block and Hierocrypt-L1 of 64-bit block, we estimated that MADP and MALHP for 2-round Hierocrypt-3 are bounded by 2-96, and that those for 2-round Hierocrypt-L1 are bounded by 2-48. The extended theorem is also applied to AES, and found that MADP and MALHP are bounded by 2-96 for its 4-round reduced model. The last result outperforms the best previous result 2-92 for 10-round by Keliher et al.

The encryption algorithm Camellia is a 128 bit block cipher proposed by NTT and Mitsubishi, Japan. Since the algebraic degree of the outputs after 3 rounds is greater than 128, designers estimate that it is impossible to attack Camellia by higher order differential. In this paper, we show a new higher order differential attack which controls the value of differential using proper fixed value of plaintext. As the result, we found that 6-round F-function can be attacked using 8th order differentials. The attack requires 217 chosen plaintexts and 222 F-function operations. Our computer simulation took about 2 seconds for the attack. If we take 2-R elimination algorithm, 7-round F-function will be attacked using 8th order differentials. This attack requires 219 chosen plaintexts and 264 F-function operations, which is less than exhaustive search for 128 bit key.

A digit-recurrence algorithm for computing reciprocal square-root which appears frequently in multimedia and graphics applications is proposed. The reciprocal square-root is computed by iteration of carry-propagation-free additions, shifts, and multiplications by one digit. Different specific versions of the algorithm are possible, depending on the radix, the redundancy factor of the digit set, and etc. Details of a radix-2 version and a radix-4 version and designs of a floating-point reciprocal square-root circuit based on them are shown.

It is well known that diversity performance of communication systems using signals with high dimensions in time, frequency and/or spatial domains depends on correlation of the channel characteristics along signal dimensions. On the other hand, it has not been payed due attention how the coherent receiver which combines the signals is greatly affected by the erroneous channel estimation which can undermine the diversity gain. In this paper, assuming that the estimator is given the a priori probability of the channel characteristics, we propose an optimum estimation scheme based on MAP criterion, in an uplink-MC/CDMA system on channels with frequency selective fading, with an array of antennas at the receiver. The MAP estimator effectively takes into account the correlation of the channel characteristics that the conventional estimator neglects. We also propose a signal design in pilot symbol periods that enables the receiver to separately obtain the sufficient statistic for estimating the channel characteristics without MAI. Using computer simulation, we obtained MSE error performances of the proposed estimator compared with the conventional estimator and their effect on BER performances of the diversity combining receiver. It was observed that using the conventional estimator for combining greater number of signals than the effective channel dimension deteriorated the BER performance while using the proposed estimator kept the optimum performance just as the error-free estimator did. Also obtained for MC/CDMA systems are BER performances of the single user matched filter and MMSE receivers using the proposed and the conventional estimators. A considerable improvement of the MMSE performance was achieved owing to the optimum estimator. It remains for the a priori probability of the channel characteristics to be properly assumed and dealt with in sequential estimation.

In a wireless OFDM-CDMA system, the data-modulated symbol of each user is spread over multiple subcarriers in the frequency domain using a given spreading code. For the downlink (base-to-mobile) transmissions, a set of orthogonal spreading codes defined in the frequency domain is used so that different users data can be transmitted using the same set of subcarriers. The frequency selectivity of the radio channel produces the orthogonality destruction. There are several frequency equalization combining techniques to restore orthogonality, i.e., orthogonal restoration combining (ORC), control equalization combining (CEC) that is a variant of ORC, threshold detection combining (TDC), and minimum mean square error combining (MMSEC). The ORC can restore orthogonality among users but produces noise enhancement. However, CEC, TDC, and MMSEC can balance the orthogonality restoration and the noise enhancement. In this paper, we investigate, by means of computer simulation, how the BER performances achievable with ORC, CEC, TDC, and MMSEC are impacted by the propagation parameters (path time delay difference and fading maximum Doppler frequency), number of users, pilot power used for channel estimation, and channel estimation scheme. To acquire a good understanding of ORC, CEC, TDC, and MMSEC, how they differ with respect to the combining weights is discussed. Also, the downlink transmission performances of DS-CDMA and OFDM-CDMA are compared when the same transmission bandwidth is used. How much better performance is achieved with OFDM-CDMA than with DS-CDMA using ideal rake combining is discussed.

This paper proposes a three-step cell search algorithm that utilizes only the common pilot channel (CPICH) in the forward link and employs spreading by a combination of a cell-specific scrambling code (CSSC) and an orthogonal short code for Orthogonal Frequency and Code Division Multiplexing (OFCDM) broadband packet wireless access. In the proposed cell search algorithm, the OFCDM symbol timing, i.e., Fast Fourier Transform (FFT) window timing, is estimated by detecting the guard interval timing in the first step. Then, in the second step, the frame timing and CSSC group are simultaneously detected by taking the correlation of the CPICH based on the property yielded by shifting the CSSC phase in the frequency domain. Finally, the CSSC within the group is identified in the third step. The most prominent feature of the proposed cell search algorithm is that it does not employ the conventional synchronization channel (SCH), which is exclusively used for the cell search. Computer simulation results elucidate that when the transmission power ratio of the CPICH to one code channel of the traffic channel (TCH) is 12 dB, the proposed cell search method achieves faster cell search time performance compared to the conventional method using the SCH with the transmission power ratio of the SCH to one code channel of the TCH of 6 dB. Furthermore, the results show that it can accomplish the cell search within 1.7 msec at 95% of the locations in a 12-path Rayleigh fading channel with the maximum Doppler frequency of 80 Hz and the r.m.s. delay spread of 0.32 µs.

We develop efficient precomputation methods of multi-scalar multiplication on ECC. We should recall that multi-scalar multiplication is required in some elliptic curve cryptosystems including the signature verification of ECDSA signature scheme. One of the known fast computation methods of multi-scalar multiplication is a simultaneous method. A simultaneous method consists of two stages; precomputation stage and evaluation stage. Precomputation stage computes points of precomputation, which are used at evaluation stage. Evaluation stage computes multi-scalar multiplication using precomputed points. In the evaluation stage of simultaneous methods, we can compute the multi-scalar multiplied point quickly because the number of additions is small. However, if we take a large window width, we have to compute an enormous number of points in precomputation stage. Hence, we have to compute an abundance of inversions, which have large computational amount. As a result, precomputation stage requires much time, as well known. Our proposed method reduces from O(22w) inversions to O(w) inversions for a window width w, using Montgomery trick. In addition, our proposed method computes uP and vQ first, then compute uP+vQ, where P,Q are elliptic points. This procedure enables us to remove unused points of precomputation. Compared with the method without Montgomery trick, our proposed method is 3.6 times faster in the case of the precomputation stage for simultaneous sliding window NAF method with window width w=3 and 160-bit scalars under the assumption that I/M=30, S/M=0.8, where I,M,S respectively denote computational amounts of inversion, multiplication and squaring on a finite field.

The adaptive base station antenna is an attractive candidate for establishing high-speed and highly-reliable wireless communication systems. From a commercial viewpoint, since the cost and complexity of adaptive antennas depend on the number of elements, optimizing the antenna configuration while considering the propagation environment is necessary to reduce the number of elements. This paper first presents the Angle of Arrival (AOA) characteristics of delayed waves in a street microcell environment, typically used in urban microcell systems. Then the antenna configuration and antenna spacing suitable for the street microcell are investigated utilizing bit error rate (BER) performance simulations using practical delay profiles and AOAs. The effectiveness of bidirectional elements with respect to the BER performance is also investigated. As the results, we found that broadside array with the spacing of 2.5 wavelengths is suitable for adaptive base station antennas for high data-rate wireless systems placed in a street microcell environment. We also found that bidirectional elements alleviate the BER degradation due to the grating lobe of the antenna with wide element spacing without increasing the antenna size.

This paper proposes a new blind algorithm effective for multiuser detection with an adaptive array antenna. The conventional blind algorithm, known as the Constant Modulus Algorithm (CMA), has two major drawbacks: (i) the convergence speed is not sufficiently fast for usual applications in mobile communications, and (ii) the algorithm is very likely to lock on the path with the largest received power, which means the signal with the second largest power can hardly be extracted. This paper introduces the Recursive Least Squares algorithm for CMA (RLS-CMA) in order to speed the convergence up, and additionally introduces the concept of the orthogonal projection into CMA so as to extract signals with weak power. The proposed CMA with Orthogonal Projection (CMA-OP) sequentially calculates the weight vector of each user under a constraint that the weight vector should be orthogonal to the estimated array response vectors of previously extracted users. Computer simulations demonstrate that the proposed scheme can operate properly in the Rayleigh fading channels under the two-user condition.

We study the influence of decoding order on the capacity of multimedia DS-CDMA system employing imperfect successive interference cancellation. We prove that the capacity is maximized by decoding users according to the ascending order of cancellation errors. We also prove that this capacity-optimal decoding order makes total residual interference minimum at the same time.

This paper shows an extensive software performance analysis of dedicated hash functions, particularly concentrating on Pentium III, which is a current dominant processor. The targeted hash functions are MD5, RIPEMD-128 -160, SHA-1 -256 -512 and Whirlpool, which fully cover currently used and future promised hashing algorithms. We try to optimize hashing speed not only by carefully arranging pipeline scheduling but also by processing two or even three message blocks in parallel using MMX registers for 32-bit oriented hash functions. Moreover we thoroughly utilize 64-bit MMX instructions for maximizing performance of 64-bit oriented hash functions, SHA-512 and Whirlpool. To our best knowledge, this paper gives the first detailed measured performance analysis of SHA-256, SHA-512 and Whirlpool.

This paper describes truncated and impossible differentials of Feistel block ciphers with round functions of 2-layer SPN (Substitution and Permutation Network) transformation modules such as the 128-bit block cipher Camellia, which was proposed by NTT and Mitsubishi Electric Corporation. Our work improves on the best known truncated and impossible differentials, and has found a nontrivial 9-round truncated differential that may lead to a possible attack against a reduced-round version of Camellia without input/output whitening, FL or FL-1 (Camellia-NFL), in the chosen plain text scenario. Previously, only 6-round differentials were known that may suggest a possible attack of Camellia-NFL reduced to 8-rounds. We also show a nontrivial 7-round impossible differential, whereas only a 5-round impossible differential was previously known. We also consider the truncated differential of a reduced-round version of Camellia (Camellia-DS) whose round functions are composed of D-S (Diffusion and Substitution) transformation modules and without input/output whitening, FL or FL-1 (Camellia-DS-NFL), and show a nontrivial 9-round truncated differential, which may lead to a possible attack in the chosen plain text scenario. This truncated differential is effective for general Feistel structures with round functions composed of S-D (Substitution and Diffusion) or D-S transformation.

The adaptive phase tracking scheme for orthogonal frequency division multiplexing (OFDM) signals can provide superior PER performance in channels with varying phase noise power. It is an effective technique for achieving high-rate and high quality wireless transmission. This paper proposes a new simple adaptive phase tracking scheme for OFDM signals in order to realize high-rate wireless local area networks (LANs). The proposed scheme measures the integrated phase rotation in order to appropriately set the properties of the FIR filter in the phase tracking circuits. This scheme uses the fact that the integrated phase rotation is correlated to the phase noise power. Assuming an RMS delay spread of 100 ns, computer simulations show that the proposed scheme offers superior required Eb/N0 performance (with regard to the phase noise power) compared to the conventional fixed-tap scheme, where the phase noise to signal power ratios are below -18 dB. It also offers excellent PER performance at the packet length of 1000 bytes unlike the conventional schemes, which suffer degraded PER performance.

We introduce efficient algorithms for the τ-adic sliding window method, which is a scalar multiplication algorithm on Koblitz curves over F2m. The τ-adic sliding window method is divided into two parts: the precomputation part and the main computation part. Until now, there has been no efficient way to deal with the precomputation part; the required points of the elliptic curves were calculated one by one. We propose two fast algorithms for the precomputation part. One of the proposed methods decreases the cost of the precomputation part by approximately 30%. Since more points are calculated, the total cost of scalar multiplication is decreased by approximately 7.5%.

This letter presents parallel algorithms for matrix multiplication and the fast Fourier transform (FFT) that are significant problems arising in engineering and scientific applications. The proposed algorithms are designed on a 3-dimensional processor array with separable buses (PASb). We show that a PASb consisting of N N h processors can compute matrix multiplication of size N N and the FFT of size N in O(N/h+log N) time, respectively. In order to examine ease of hardware implementation, we also evaluate the VLSI complexity of the algorithms. A result obtained achieves an optimal bound on area-time complexity when h=O(N/log N).

In this letter we propose a new visual secret sharing scheme (VSSS) applicable to color images containing many colors such as photographs. In the proposed VSSS we can perceive a concealed secret image appearing on a reproduced image, which is obtained by stacking certain shares, according to the principle called the meanvalue-color mixing (MCM). First, we mathematically formulate the MCM and define a new parameter that determines the minimum quality of the reproduced secret image. Then, we explicitly construct the VSSS based on the MCM under general access structures. The construction is proved to be realistic by experiment under the (2,2)-threshold access structure.

There is a strong demand to expand captioned broadcasting for TV news programs in Japan. However, keyboard entry of captioned manuscripts for news program cannot keep pace with the speed of speech, because in the case of Japanese it takes time to select the correct characters from among homonyms. In order to implement simultaneous subtitled broadcasting for Japanese news programs, a simultaneous subtitling system by speech recognition has been developed. This system consists of a real-time speech recognition system to handle broadcast news transcription and a recognition-error correction system that manually corrects mistakes in the recognition result with short delay time. NHK started simultaneous subtitled broadcasting for the news program "News 7" on the evening of March 27, 2000.

This paper addresses a maximum likelihood method for source separation in the case of overdetermined mixtures corrupted by additive white Gaussian noise. We consider an approximate likelihood which is based on the Laplace approximation and develop a natural gradient adaptation algorithm to find a local maximum of the corresponding approximate likelihood. We present a detailed mathematical derivation of the algorithm using the Lie group invariance. Useful behavior of the algorithm is verified by numerical experiments.