A fair exchange scheme is a protocol by which two parties Alice and Bob exchange items or services without allowing either party to gain advantages by quitting prematurely or otherwise misbehaving. To this end, modern cryptographic solutions use a semi-trusted arbitrator who involves only in cases where one party attempts to cheat or simply crashes. We call such a fair exchange scheme optimistic. When no registration is required between the signer and the arbitrator, we say that the fair exchange scheme is setup-free. To date, the setup-free optimist fair exchange scheme under the standard RSA assumption was only possible from the generic construction of [12], which uses ring signatures. In this paper, we introduce a new setup-free optimistic fair exchange scheme under the standard RSA assumption. Our scheme uses the GQ identity-based signature and is more efficient than [12]. The construction can also be generalized by using various identity-based signature schemes. Our main technique is to allow each user to choose his (or her) own "random" public key in the identity-based signature scheme.

The ring signature allows a signer to leak secrets anonymously, without the risk of identity escrow. At the same time, the ring signature provides great flexibility: No group manager, no special setup, and the dynamics of group choice. The ring signature is, however, vulnerable to malicious or irresponsible signers in some applications, because of its anonymity. In this paper, we propose a traceable ring signature scheme. A traceable ring scheme is a ring signature except that it can restrict "excessive" anonymity. The traceable ring signature has a tag that consists of a list of ring members and an issue that refers to, for instance, a social affair or an election. A ring member can make any signed but anonymous opinion regarding the issue, but only once (per tag). If the member submits another signed opinion, possibly pretending to be another person who supports the first opinion, the identity of the member is immediately revealed. If the member submits the same opinion, for instance, voting "yes" regarding the same issue twice, everyone can see that these two are linked. The traceable ring signature can suit to many applications, such as an anonymous voting on a BBS. We formalize the security definitions for this primitive and show an efficient and simple construction in the random oracle model.

A digital signature does not allow any alteration of the document to which it is attached. Appropriate alteration of some signed documents, however, should be allowed because there are security requirements other than the integrity of the document. In the disclosure of official information, for example, sensitive information such as personal information or national secrets is masked when an official document is sanitized so that its nonsensitive information can be disclosed when it is requested by a citizen. If this disclosure is done digitally by using the current digital signature schemes, the citizen cannot verify the disclosed information because it has been altered to prevent the leakage of sensitive information. The confidentiality of official information is thus incompatible with the integrity of that information, and this is called the digital document sanitizing problem. Conventional solutions such as content extraction signatures and digitally signed document sanitizing schemes with disclosure condition control can either let the sanitizer assign disclosure conditions or hide the number of sanitized portions. The digitally signed document sanitizing scheme we propose here is based on the aggregate signature derived from bilinear maps and can do both. Moreover, the proposed scheme can sanitize a signed document invisibly, that is, no one can distinguish whether the signed document has been sanitized or not.

Visual tracking is required by many vision applications such as human-computer interfaces and human-robot interactions. However, in daily living spaces where such applications are assumed to be used, stable tracking is often difficult because there are many objects which can cause the visual occlusion. While conventional tracking techniques can handle, to some extent, partial and short-term occlusion, they fail when presented with complete occlusion over long periods. They also cannot handle the case that an occluder such as a box and a bag contains and carries the tracking target inside itself, that is, the case that the target invisibly moves while being contained by the occluder. In this paper, to handle this occlusion problem, we propose a method for visual tracking by a particle filter, which switches tracking targets autonomously. In our method, if occlusion occurs during tracking, a model of the occluder is dynamically created and the tracking target is switched to this model. Thus, our method enables the tracker to indirectly track the "invisible target" by switching its target to the occluder effectively. Experimental results show the effectiveness of our method.

This letter deals with blind multiuser detection based on the multi-channel linearly constrained constant modulus algorithm (MLCCMA) for asynchronous code division multiple access (CDMA) systems over frequency-selective Rayleigh fading channels. In conjunction with the decision-feedback generalized sidelobe canceller (DFGSC), we present an efficient approach to combat multiple access interference and intersymbol interference. Computer simulations confirm that the proposed MLCCMA-based DFGSC can significantly speed up convergence and improve the output performance.

We first model the formal security model of multisignature scheme following that of group signature scheme. Second, we prove that the following three probabilistic multisignature schemes based on a trapdoor permutation have tight security; PFDH (probabilistic full domain hash) based multisignature scheme (PFDH-MSS), PSS (probabilistic signature scheme) based multisignature scheme (PSS-MSS), and short signature PSS based multisignature scheme (S-PSS-MSS). Third, we give an optimal proof (general result) for multisignature schemes, which derives the lower bound for the length of random salt. We also estimate the upper bound for the length in each scheme and derive the optimal length of a random salt. Two of the schemes are promising in terms of security tightness and optimal signature length. In appendix, we describe a multisignature scheme using the claw-free permutation and discuss its security.

In a key scheduling algorithm (KSA) of stream ciphers, a secret key is expanded into a large initial state. An internal state reconstruction method is known as a general attack against stream ciphers; it recovers the initial state from a given pair of plaintext and ciphertext more efficiently than exhaustive key search. If the method succeeds, then it is desirable that the inverse of KSA is infeasible in order to avoid the leakage of the secret key information. This paper shows that it is easy to compute a secret key from an initial state of RC4. We propose a method to recover an -bit secret key from only the first bits of the initial state of RC4 using linear equations with the time complexity less than that of one execution of KSA. It can recover the secret keys of which number is 2103.6 when the size of the secret key is 128 bits. That is, the 128-bit secret key can be recovered with a high probability when the first 128 bits of the initial state are determined using the internal state reconstruction method.

In this paper, we propose new methods which detect tampered-TCP connections at edge routers and protect well-behaved TCP connections from tampered-TCP connections, which results in fairness among TCP connections. The proposed methods monitor the TCP packets at an edge router and estimate the window size or the throughput for each TCP connection. By using estimation results, the proposed methods assess whether each TCP connection is tampered or not and drop packets intentionally if necessary to improve the fairness amongst TCP connections. From the results of simulation experiments, we confirm that the proposed methods can accurately identify tampered-TCP connections and regulate throughput ratio between tampered-TCP connections and competing TCP Reno connections to about 1.

In our application targeted here, four on-glass antenna elements are set in an automobile to improve the reception quality of mobile ISDB-T receiver. With regard to the directional characteristics of each antenna, we propose and implement a joint Pre-FFT adaptive array antenna and Post-FFT space diversity combining (AAA-SDC) scheme for mobile ISDB-T receiver. By applying a joint hardware and software approach, a flexible platform is realized in which several system configuration schemes can be supported; the receiver can be reconfigured on the fly. Simulation results show that the AAA-SDC scheme drastically improves the performance of mobile ISDB-T receiver, especially in the region of large Doppler shift. The experimental results from a field test also confirm that the proposed AAA-SDC scheme successfully achieves an outstanding reception rate up to 100% while moving at the speed of 80 km/h.

Program analysis techniques have improved steadily over the past several decades, and software obfuscation schemes have come to be used in many commercial programs. A software obfuscation scheme transforms an original program or a binary file into an obfuscated program that is more complicated and difficult to analyze, while preserving its functionality. However, the security of obfuscation schemes has not been properly evaluated. In this paper, we analyze obfuscation schemes in order to clarify the advantages of our scheme, the XOR-encoding scheme. First, we more clearly define five types of attack models that we defined previously, and define quantitative resistance to these attacks. Then, we compare the security, functionality and efficiency of three obfuscation schemes with encoding variables: (1) Sato et al.'s scheme with linear transformation, (2) our previous scheme with affine transformation, and (3) the XOR-encoding scheme. We show that the XOR-encoding scheme is superior with regard to the following two points: (1) the XOR-encoding scheme is more secure against a data-dependency attack and a brute force attack than our previous scheme, and is as secure against an information-collecting attack and an inverse transformation attack as our previous scheme, (2) the XOR-encoding scheme does not restrict the calculable ranges of programs and the loss of efficiency is less than in our previous scheme.

Classification of terrain is one of the most important applications of Polarimetric Synthetic Aperture Radar (POLSAR) image analysis. This paper presents a simple method to classify terrain by the use of the correlation coefficients in the circular polarization basis together with the total power of the scattering matrix in the X-band. The reflection symmetry condition that the co-polarized and the cross-polarized correlations are close to zero for natural distributed scatterers is utilized to extract characteristic parameters of small forests or cluster of trees, and oriented urban building blocks with respect to the direction of the radar illumination. Both of these kinds of scatterers are difficult to identify in high resolution POLSAR images of complex urban areas. The indices employed here are the correlation coefficient, a modified coefficient normalized by the reflection symmetric conditional case, and the total power. It is shown that forest areas and oriented building blocks are easily detected and identified. The terrain classification yielded by these combinations is very accurate as confirmed by photographic ground truth images.

In this letter, we analyze symbol error probability (SEP) and diversity gain of orthogonal space-time block codes (OSTBCs) in spatially correlated Rician fading channel. We derive the moment generating function (MGF) of an effective signal-to-noise ratio (SNR) at the receiver and use it to derive the SEP for M-PSK modulation. We use this result to show that the diversity gain is achieved by the product of the rank of the transmit and receive correlation matrix, and the loss in array gain is quantified as a function of the spatial correlation and the line of sight (LOS) component.

The reduction of a structural pattern at specific gray levels or at the special condition of image data has mainly been discussed in digital halftone methods. This problem is more severe in some flat panel displays because their black levels typically are brighter than other displays blocks. The authors proposed an advanced confined error diffusion (ACED) algorithm which was a well-organized halftone algorithm for flat panel devices. In this paper, we extend the ACED algorithm to the multi-level systems, which are capable of displaying more than 2 levels. Our extension has two merits for the hardware implementation. First, it can be processed in real time using the look-up table based method. The second one is the flexibility of selecting the used gray level. This paper discusses the performance of the proposed algorithms with experimental results for natural test images.

A scheme for a low-voltage CMOS syllabic-companding log domain filter with wide dynamic range is proposed and its prototype is presented. A nodal voltage which is fixed in a conventional filter based on the dynamically adjustable biasing (DAB) technique is adapted for change of input envelope to achieve wide dynamic range. Externally linear and time invariant (ELTI) relation between an input and an output is guaranteed by a state variable correction (SVC) circuit which is also proposed for low-voltage operation. To demonstrate the proposed scheme, a fifth-order Chebychev low-pass filter with 100-kHz cutoff frequency is designed and fabricated in a standard 0.35-µm CMOS process. The filter has a 78-dB dynamic range and consumes 200-µW power from a 0.8-V power supply.

A novel low insertion-loss and wideband microstrip bandpass filter has been designed and tested. The basic configuration of this novel dual-mode filter is a square ring resonator with direct-connected orthogonal feed lines, and dual-perturbation elements are introduced within the resonator at symmetrical location. The effects of the size of the perturbation element are studied. A new filter having wider bandwidth and transmission zeros are presented. The proposed filter responses are in good agreement with the simulations and experiments.

This paper presents an RK-means clustering algorithm which is developed for reliable data grouping by introducing a new reliability evaluation to the K-means clustering algorithm. The conventional K-means clustering algorithm has two shortfalls: 1) the clustering result will become unreliable if the assumed number of the clusters is incorrect; 2) during the update of a cluster center, all the data points belong to that cluster are used equally without considering how distant they are to the cluster center. In this paper, we introduce a new reliability evaluation to K-means clustering algorithm by considering the triangular relationship among each data point and its two nearest cluster centers. We applied the proposed algorithm to track objects in video sequence and confirmed its effectiveness and advantages.

This paper studies the relations among several definitions of anonymity for ring signature schemes in the same attack environment. It is shown that one intuitive and two technical definitions we consider are asymptotically equivalent, and the indistinguishability-based technical definition is the strongest, i.e., the most secure when achieved, when the exact reduction cost is taken into account. We then extend our result to the threshold case where a subset of members cooperate to create a signature. The threshold setting makes the notion of anonymity more complex and yields a greater variety of definitions. We explore several notions and observe certain relation does not seem hold unlike the simple single-signer case. Nevertheless, we see that an indistinguishability-based definition is the most favorable in the threshold case. We also study the notion of linkability and present a simple scheme that achieves both anonymity and linkability.

In this paper, an evolutionary approach is proposed to obtain a discrete-time state-space interval model for uncertain continuous-time systems having interval uncertainties. Based on a worst-case analysis, the problem to derive the discrete interval model is first formulated as multiple mono-objective optimization problems for matrix-value functions associated with the discrete system matrices, and subsequently optimized via a proposed genetic algorithm (GA) to obtain the lower and upper bounds of the entries in the system matrices. To show the effectiveness of the proposed approach, roots clustering of the characteristic equation of the obtained discrete interval model is illustrated for comparison with those obtained via existing methods.

In recent years, certain countermeasures against differential power analysis (DPA) at the logic level have been proposed. Recently, Popp and Mangard proposed a new countermeasure-masked dual-rail pre-charge logic (MDPL); this countermeasure combines dual-rail circuits with random masking to improve the wave dynamic differential logic (WDDL). They claimed that it could implement secure circuits using a standard CMOS cell library without special constraints for the place-and-route method because the difference between the loading capacitances of all the pairs of complementary logic gates in MDPL can be compensated for by the random masking. In this paper, we particularly focus on the signal transition of MDPL gates and evaluate the DPA-resistance of MDPL in detail. Our evaluation results reveal that when the input signals have different delay times, leakage occurs in the MDPL as well as WDDL gates, even if MDPL is effective in reducing the leakage caused by the difference in loading capacitances. Furthermore, in order to validate our evaluation, we demonstrate a problem with different input signal delays by conducting measurements for an FPGA.

We propose a new linear array for multiplication in GF(2m) which outperforms most of the existing linear multipliers in terms of the area and time complexity. Moreover we will give a very detailed comparison of our array with other existing architectures for the five binary fields GF(2m), m=163,233,283,409,571, recommended by NIST for elliptic curve cryptography.