The ηT pairing for supersingular elliptic curves over GF(3m) has been paid attention because of its computational efficiency. Since most computation parts of the ηT pairing are GF(3m) multiplications, it is important to improve the speed of the multiplication when implementing the ηT pairing. In this paper we investigate software implementation of GF(3m) multiplication and propose using irreducible trinomials xm+axk+b over GF(3) such that k is a multiple of w, where w is the bit length of the word of targeted CPU. We call the trinomials "reduction optimal trinomials (ROTs)." ROTs actually exist for several m's and for typical values of w = 16 and 32. We list them for extension degrees m = 97, 167, 193, 239, 317, and 487. These m's are derived from security considerations. Using ROTs, we are able to implement efficient modulo operations (reductions) for GF(3m) multiplication compared with cases in which other types of irreducible trinomials are used (e.g., trinomials with a minimum k for each m). The reason for this is that for cases using ROTs, the number of shift operations on multiple precision data is reduced to less than half compared with cases using other trinomials. Our implementation results show that programs of reduction specialized for ROTs are 20-30% faster on 32-bit CPU and approximately 40% faster on 16-bit CPU compared with programs using irreducible trinomials with general k.

In a proxy multi-signature scheme, a designated proxy signer can generate the signature on behalf of a group of original signers. Recently, Wang and Cao proposed an identity based proxy multi-signature scheme along with a security model. Although they proved that their scheme is secure under this model, we disprove their claim and show that their scheme is not secure.

Pairing based cryptosystems can accomplish novel security applications such as ID-based cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptosystems is relatively slow compared with the other conventional public key cryptosystems. However, several efficient algorithms for computing the pairing have been proposed, namely Duursma-Lee algorithm and its variant ηT pairing. In this paper, we present an efficient implementation of the pairing over some mobilephones. Moreover, we compare the processing speed of the pairing with that of the other standard public key cryptosystems, i.e. RSA cryptosystem and elliptic curve cryptosystem. Indeed the processing speed of our implementation in ARM9 processors on BREW achieves under 100 milliseconds using the supersingular curve over F397. In addition, the pairing is more efficient than the other public key cryptosystems, and the pairing can be achieved enough also on BREW mobilephones. It has become efficient enough to implement security applications, such as short signature, ID-based cryptosystems or broadcast encryption, using the pairing on BREW mobilephones.

Recently Tate pairing and its variations are attracted in cryptography. Their operations consist of a main iteration loop and a final exponentiation. The final exponentiation is necessary for generating a unique value of the bilinear pairing in the extension fields. The speed of the main loop has become fast by the recent improvements, e.g., the Duursma-Lee algorithm and ηT pairing. In this paper we discuss how to enhance the speed of the final exponentiation of the ηT pairing in the extension field F36n. Indeed, we propose some efficient algorithms using the torus T2(F33n) that can efficiently compute an inversion and a powering by 3n + 1. Consequently, the total processing cost of computing the ηT pairing can be reduced by 16% for n=97.

In this letter, we provide a simple proof of bilinearity for the eta pairing. Based on it, we show an efficient method to compute the powered Tate pairing as well. Although efficiency of our method is equivalent to that of the Tate pairing on the eta pairing approach, but ours is more general in principle.

Pairing based cryptography has been researched intensively due to its beneficial properties. In 2005, Wu et al. [3] proposed an identity-based key agreement for peer group communication from pairings. In this letter, we propose attacks on their scheme, by which the group fails to agree upon a common communication key.

Web metering is an effective means of measuring the number of visits from clients to Web servers during a specific time frame. Naor and Pinkas, in 1998, first introduced metering schemes to evaluate the popularity of Web servers. Ogata and Kurosawa proposed two schemes that improve on the Naor-Pinkas metering schemes. This study presents a Web metering scheme which is based on the bilinear pairings and built on the GDH group. The proposed scheme can resist fraud attempts by malicious Web servers and disruptive attacks by malicious clients.

ID-SP-M4M scheme means ID-based series-parallel multisignature schemes for multi-messages. In this paper, we investigate series-parallel multisignature schemes for multi-messages and propose an ID-SP-M4M scheme based on pairings in which signers in the same subgroup sign the same message, and those in different subgroups sign different messages. Our new scheme is an improvement over the series-parallel multisignature schemes introduced by Doi et al.[6]-[8] and subsequent results such as the schemes proposed by Burmester et al.[4] and the original protocols proposed by Tada [20],[21], in which only one message is to be signed. Furthermore, our ID-SP-M4M scheme is secure against forgery signature attack from parallel insiders under the BDH assumption.

Cryptosystems using pairing computation on elliptic curves have various applications including ID-based encryption ([19],[29],[30] etc.). Scott [33] proposed a scaling method of security by a change of the embedding degree k. On the other hand, he also presented an efficient pairing computation method on an ordinary (non-supersingular) elliptic curve over a large prime field Fp ([34]). In this paper, we present an implementation method of the pairing computation with both of the security scaling in [33] and the efficiency in [34]. First, we will investigate the mathematical nature of the set of the paremeter r (the order of cyclic group used) so as to support many k's. Then, based on it, we will suggest some modification to the algorithm of Scott in [34] to achieve flexible scalability of security level.

In this paper authorization-limited transformation-free proxy cryptosystems (AL-TFP systems) are studied. It is a modification of the original proxy cryptosystem introduced by Mambo et al.[8] in which a ciphertext transformation by the original decryptor is necessary, and also a modification of the delegated decryption system proposed by Mu et al.[10]. In both systems proposed in [8] and [10], the original decryptors have to trust their proxies completely. The AL-TFP system allows the proxy decryptor to do decryption directly without any ciphertext transformation from the original decryptor, so that it can release the original decryptor more efficiently from a large amount of decrypting operations. Moreover, the original decryptor's privacy can be protected efficiently because the authority of proxy decryptor is limited to his duty and valid period. An active identity-based and a directory-based AL-TFP systems from pairings are proposed. Furthermore, an application of directory-based AL-TFP system to electronic commerce is also described. The securities of our schemes introduced are based on the BDH assumption.

Recently, the radix-3 representation of integers is used for the efficient implementation of pairing based cryptosystems. In this paper, we propose non-adjacent form of radix-r representation (rNAF) and efficient algorithms for generating rNAF. The number of non-trivial digits is (r-2)(r+1)/2 and its average density of non-zero digit is asymptotically (r-1)/(2r-1). For r=3, the non-trivial digits are {2, 4} and the non-zero density is 0.4. We then investigate the width-w version of rNAF for the general radix-r representation, which is a natural extension of the width-w NAF. Finally we compare the proposed algorithms with the generalized NAF (gNAF) discussed by Joye and Yen. The proposed scheme requires a larger table but its non-zero density is smaller even for large radix. We explain that gNAF is a simple degeneration of rNAF--we can consider that rNAF is a canonical form for the radix-r representation. Therefore, rNAF is a good alternative to gNAF.

This paper proposes new candidate one-way functions constructed with a certain type of endomorphisms on non-supersingular elliptic curves. We can show that the one-wayness of our proposed functions is equivalent to some special cases of the co-Diffie-Hellman assumption. Also a digital signature scheme is explicitly described using our proposed functions.

This paper presents new algorithms for the Tate pairing on a prime field. Recently, many pairing-based cryptographic schemes have been proposed. However, computing pairings incurs a high computational cost and represents the bottleneck to using pairings in actual protocols. This paper shows that the proposed algorithms reduce the cost of multiplication and inversion on an extension field, and reduce the number of calculations of the extended finite field. This paper also discusses the optimal algorithm to be used for each pairing parameter and shows that the total computational cost is reduced by 50% if k = 6 and 57% if k = 8.

Some cryptographic schemes based on the bilinear pairings were proposed recently. In this paper, we apply the pairings on elliptic curve and Elliptic Curve Cryptography to the key agreement of dynamic peer group. Each member performs authentication and contributes a secret data to negotiate a group common key by means of a binary key tree. The proposed protocol does not need a dedicated central server to perform the key agreement, and the overhead is distributed among the group members. To provide a secure dynamic group communication, the key renewing mechanism has to be included. While the member joins/leaves, the group session key will be renewed to provide the backward/forward privacy, respectively. The key renewing is much efficient because it is only confined to the keys of the key-path. The proposed protocol is flexible while the change of membership is frequent.

Non-supersingular elliptic curves are important for the security of pairing-based cryptosystems. But there are few suitable non-supersingular elliptic curves for pairing-based cryptosystems. This letter introduces a method which allows the existing method to generate more non-supersingular elliptic curves suitable for pairing-based cryptosystems when the embedding degree is 6.

The effect of intermediate frequency magnetic fields or, very-low-frequency magnetic fields (VLFMF) on living biological cells was investigated using a highly sensitive mutagenesis assay method. A bacterial gene expression system for mutation repair (umu system) was used for the sensitive evaluation of damage in DNA molecules. Salmonella typhimurium TA1535 (pSK1002) were exposed to VLFMF (20 kHz and 600 µT) in a specially designed magnetic field loading chamber. The experiment results showed the possibility of applying the umu assay for sensitive and effective evaluation of damage in DNA molecules. No effects from exposure to 20 kHz and 600 µT magnetic fields in terms of damage in DNA molecules were observed.

This paper provides methods for construction of pairing-based cryptosystems based on non-supersingular elliptic curves.

A traitor tracing scheme is a broadcast encryption scheme in which a provider can trace malicious authorized users who illegally gave their personal keys to unauthorized users. The conventional schemes have some problems; one of them is that there exists an upper bound on the sizes of keys to certify the security of the scheme against a collusion attack by many traitors, and so that the size of the header increases according to the increase of the bound. We shall propose a new traitor tracing scheme where the header size is independent of the number of traitors.

Recent years have seen great advances in our understanding and modeling of the coupled diffusion of dopants and defects in silicon during integrated circuit fabrication processes. However, the ever-progressing shrinkage of device dimensions and tolerances leads to new problems and a need for even better models. In this review, we address some of the advances in the understanding of defect-mediated diffusion, focusing on the equations and parameters appropriate for modeling of dopant diffusion in submicron structures.

The Cooper pairing interaction in high Tc oxide superconductor is discussed in terms of an empirical expression; TcDexp[1/g], gcωo which was derived in our previous investigation. The dual character of this expression consisting of the phonon Debye temperature D and electronic excitation ωo in the mid-infrared region can be interpreted on the basis of the phonon-assisted mechanism on carrier conduction and the electronic excitation. A tunneling spectrum here presented shows certain evidence of the phonon contribution. The characteristics of the long range superconductive proximity phenomena recently reported are also may be interpreted by this mechanism.