In 2006, Chatterjee and Sarkar proposed a hierarchical identity-based encryption (HIBE) scheme which can support an unbounded number of identity levels. This property is particularly useful in providing forward secrecy by embedding time components within hierarchical identities. In this paper we show that their scheme does not provide the claimed property. Our analysis shows that if the number of identity levels becomes larger than the value of a fixed public parameter, an unintended receiver can reconstruct a new valid ciphertext and decrypt the ciphertext using his or her own private key. The analysis is similarly applied to a multi-receiver identity-based encryption scheme presented as an application of Chatterjee and Sarkar's HIBE scheme.

By modifying the private key and the public key setting in Boneh-Lynn-Shacham's short signature shcheme, a variation of BLS' short signature scheme is proposed. Based on this variation, we present a very efficient threshold signature scheme where the number of pairing computation for the signaure share verification reduces to half.

This paper considers a two-echelon repair model where several series systems comprising multiple items are operated in each base. We propose a basic model and two modified models. For two models, approximation methods are developed to derive the system availability. The difference between the basic model and the first modified model is whether the normal items in failed series systems are available as spare or not. The second modified model relaxes the assumptions of the first modified model to reflect more realistic situation. We perform numerical analysis for the models to compare their system availabilities and verify the accuracy of the approximation methods.

We observe a natural generalisation of the ate and twisted ate pairings, which allow for performance improvements in non standard applications of pairings to cryptography like composite group orders. We also give a performance comparison of our pairings and the Tate, ate and twisted ate pairings for certain polynomial families based on operation count estimations and on an implementation, showing that our pairings can achieve a speedup of a factor of up to two over the other pairings.

The All-Pairs Shortest Paths (APSP) problem is a graph problem which can be solved by a three-nested loop program. The Cell Broadband Engine (Cell/B.E.) is a heterogeneous multi-core processor that offers the high single precision floating-point performance. In this paper, a solution of the APSP problem on the Cell/B.E. is presented. To maximize the performance of the Cell/B.E., a blocked algorithm for the APSP problem is used. The blocked algorithm enables reuse of data in registers and utilizes the memory hierarchy. We also describe several optimization techniques for effective implementation of the APSP problem on the Cell/B.E. The Cell/B.E. achieves the performance of 8.45 Gflop/s for the APSP problem by using one SPE and 50.6 Gflop/s by using six SPEs.

Pairing-based cryptography provides us many novel cryptographic applications such as ID-based cryptosystems and efficient broadcast encryptions. The security problems in ubiquitous sensor networks have been discussed in many papers, and pairing-based cryptography is a crucial technique to solve them. Due to the limited resources in the current sensor node, it is challenged to optimize the implementation of pairings on sensor nodes. In this paper we present an efficient implementation of pairing over MICAz, which is widely used as a sensor node for ubiquitous sensor network. We improved the speed of ηT pairing by using a new efficient multiplication specialized for ATmega128L, called the block comb method and several optimization techniques to save the number of data load/store operations. The timing of ηT pairing over GF(2239) achieves about 1.93 sec, which is the fastest implementation of pairing over MICAz to the best of our knowledge. From our dramatic improvement, we now have much high possibility to make pairing-based cryptography for ubiquitous sensor networks practical.

This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2=x3+a, a∈Fp. For the curve, an isomorphic substitution from G2 ⊂ E(Fp12 into G'2 in subfield-twisted elliptic curve E'(Fp2) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

A static dependency pair method, proposed by us, can effectively prove termination of simply-typed term rewriting systems (STRSs). The theoretical basis is given by the notion of strong computability. This method analyzes a static recursive structure based on definition dependency. By solving suitable constraints generated by the analysis result, we can prove the termination. Since this method is not applicable to every system, we proposed a class, namely, plain function-passing, as a restriction. In this paper, we first propose the class of safe function-passing, which relaxes the restriction by plain function-passing. To solve constraints, we often use the notion of reduction pairs, which is designed from a reduction order by the argument filtering method. Next, we improve the argument filtering method for STRSs. Our argument filtering method does not destroy type structure unlike the existing method for STRSs. Hence, our method can effectively apply reduction orders which make use of type information. To reduce constraints, the notion of usable rules is proposed. Finally, we enhance the effectiveness of reducing constraints by incorporating argument filtering into usable rules for STRSs.

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve (Fp2) instead of doing on the original curve E(Fp12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) in (Fp2). On BN curves, note is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs . In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

This paper presents the design of a CMOS RF Power Detector (PD) using 0.18 µm standard CMOS technology. The PD is an improved unbalanced source coupled pair incorporating an output differential amplifier and sink current steering. It realizes an input detectable power range of -30 to -20 dBm over 0.1-1 GHz. Also it shows a maximum data rate of 30 Mbps with 2 pF output loading under OOK modulation. The overall current consumption is 1.9 mA under a 1.5 V supply.

This letter proposes an identity-based authenticated key agreement protocol. Different from available comparable ones, the new protocol realizes implicit authentication without bilinear pairings which makes it more efficient. The security of proposed protocol can be reduced to the standard Computational Diffie-Hellman problem. Two variants of the protocol are also given, with one achieving the security-efficiency trade-off and the other providing authenticated key agreement between users of different domains.

In this letter, we analyze the pairwise error probability (PEP) behaviour of distributed space-time code (DSTC) with amplify-and-forward relaying over Nakagami-m multipath channels. An upper bound of PEP for DSTC is derived. From our analysis, it is seen that of the paths from the source to relays and from relays to the destination, those with smaller diversity order result in an overall system performance bottleneck. Numerical examples are provided to corroborate our theoretical analysis.

In this paper, we suggest that all pairings are in a group from an abstract angle. Based on the results, some new pairings with the short Miller loop are constructed for great efficiency. It is possible that our observation can be applied into other aspects of pairing-based cryptosystems.

For AES 128 security level there are several natural choices for pairing-friendly elliptic curves. In particular, as we will explain, one might choose curves with k=9 or curves with k=12. The case k=9 has not been studied in the literature, and so it is not clear how efficiently pairings can be computed in that case. In this paper, we present efficient methods for the k=9 case, including generation of elliptic curves with the shorter Miller loop, the denominator elimination and speed up of the final exponentiation. Then we compare the performance of these choices. From the analysis, we conclude that for pairing-based cryptography at the AES 128 security level, the Barreto-Naehrig curves are the most efficient choice, and the performance of the case k=9 is comparable to the Barreto-Naehrig curves.

The ηT pairing for supersingular elliptic curves over GF(3m) has been paid attention because of its computational efficiency. Since most computation parts of the ηT pairing are GF(3m) multiplications, it is important to improve the speed of the multiplication when implementing the ηT pairing. In this paper we investigate software implementation of GF(3m) multiplication and propose using irreducible trinomials xm+axk+b over GF(3) such that k is a multiple of w, where w is the bit length of the word of targeted CPU. We call the trinomials "reduction optimal trinomials (ROTs)." ROTs actually exist for several m's and for typical values of w = 16 and 32. We list them for extension degrees m = 97, 167, 193, 239, 317, and 487. These m's are derived from security considerations. Using ROTs, we are able to implement efficient modulo operations (reductions) for GF(3m) multiplication compared with cases in which other types of irreducible trinomials are used (e.g., trinomials with a minimum k for each m). The reason for this is that for cases using ROTs, the number of shift operations on multiple precision data is reduced to less than half compared with cases using other trinomials. Our implementation results show that programs of reduction specialized for ROTs are 20-30% faster on 32-bit CPU and approximately 40% faster on 16-bit CPU compared with programs using irreducible trinomials with general k.

This paper proposes a new MIMO-OFDM precoding technique that aims to minimize a bit error rate (BER) upper bound of the maximum likelihood detection (MLD) in mobile radio communications. Using a steepest descent algorithm, the proposed method estimates linear precoding matrices that can minimize the upper bound of BER under power constraints. Since the upper bound is derived from all the pairwise error probabilities, this method can effectively optimize overall Euclidean distances between signals received by multiple antennas and their replicas. Computer simulations evaluate the BER performance and channel capacity of the proposed scheme for 22 and 44 MIMO-OFDM systems with BPSK, QPSK, and 16 QAM. It is demonstrated that the proposed precoding technique is superior in terms of average BER to conventional precoding methods including a precoder which maximizes only the minimum Euclidean distance as the worst case.

In a proxy multi-signature scheme, a designated proxy signer can generate the signature on behalf of a group of original signers. Recently, Wang and Cao proposed an identity based proxy multi-signature scheme along with a security model. Although they proved that their scheme is secure under this model, we disprove their claim and show that their scheme is not secure.

Cooperation can increase the system performance by obtaining the spatial diversity. While most of the present works concentrate on the analysis of the cooperation based on the inter-user channel response and developing a scheme for higher cooperative diversity, in this paper, we focus on practical resource allocation in OFDMA systems. Since the user who uses the same center frequency can not receive the signal when transmitting, this constraint should be considered to apply the cooperation to OFDMA systems. In this paper, we propose the pair-based OFDMA frame structure that overcomes this constraint. Also in this frame structure to achieve the minimum outage probability of system, we select the best partner among the candidate neighbors and allocate the suitable subchannels to bandwidth requested users through a cooperative subchannel allocation (CSA) algorithm. In order to evaluate the proposed resource allocation scheme, we carry out simulations based on IEEE 802.16e. The simulation results show that our proposed algorithm offers smaller outage probability than one based on non-cooperative communications and we get the minimum outage probability when a threshold for selection of candidate neighbors is 10 dB. We analyze that these results can be achieved by helping users located around the edge of the cell.

The present paper introduces the construction of a class of sequence sets with zero-correlation zones called zero-correlation zone sequence sets. The proposed zero-correlation zone sequence set can be generated from an arbitrary perfect sequence and an arbitrary Golay complementary sequence pair. The proposed construction is a generalization of the zero-correlation zone sequence construction previously reported by the present author. The proposed sequence set can successfully provide CDMA communication without co-channel interference.

A dynamic routing and wavelength assignment (RWA) algorithm encompassing physical impairment due to Four-Wave Mixing (FWM) is proposed, assuming conventional On-Off-Keying (OOK) modulation format. The FWM effect is one of the most severe physical impairments to be considered for the future photonic networks since the accumulation of FWM crosstalk causes a fatal degradation in the wavelength-routed optical network performance. A novel cost function is introduced based upon an impairment-constraint-based routing (ICBR) approach, taking into account the network utilization resources and the physical impairment due to FWM crosstalk. Simulations results show that the proposed algorithm leads to a more realistic system performance compared to those of related approaches of dynamic RWA that fail to consider physical impairments into the routing scheme.