This paper proposes a compact hardware (H/W) implementation for the MISTY1 block cipher, which is one of the ISO/IEC 18033-3 standard encryption algorithms. In designing the compact H/W, we focused on optimizing the implementation of FO/FI/FL functions, which are the main components of MISTY1. For this optimization, we propose three new methods; reducing temporary registers for the FO function, shortening the critical path for the FI function, and merging the FL/FL^-1 functions. According to our logic synthesis on a 0.18-µm CMOS standard cell library based on our proposed methods, the gate size is 3.4 Kgates, which is the smallest as far as we know.

Tweakable pseudorandom permutations have wide applications such as the disk sector encryption, and the underlying primitive for efficient MACs and authenticated encryption schemes. Goldenberg et al. showed constructions of a tweakable pseudorandom permutation based on the Feistel structure. In this paper, we explore the possibility of designing tweakable pseudorandom permutations based on the Generalized Feistel Structure. We show that tweakable pseudorandom permutations can be obtained without increasing the number of rounds compared to the non-tweakable versions. We also present designs that take multiple tweaks as input.

Every public-key encryption scheme has to incorporate a certain amount of randomness into its ciphertexts to provide semantic security against chosen ciphertext attacks (IND-CCA). The difference between the length of a ciphertext and the embedded message is called the ciphertext overhead. While a generic brute-force adversary running in 2^t steps gives a theoretical lower bound of t bits on the ciphertext overhead for IND-CPA security, the best known IND-CCA secure schemes demand roughly 2t bits even in the random oracle model. Is the t-bit gap essential for achieving IND-CCA security? We close the gap by proposing an IND-CCA secure scheme whose ciphertext overhead matches the generic lower bound up to a small constant. Our scheme uses a variation of a four-round Feistel network in the random oracle model and hence belongs to the family of OAEP-based schemes. Maybe of independent interest is a new efficient method to encrypt long messages exceeding the length of the permutation while retaining the minimal overhead.

In 2007, Ding et al. proposed an attractive scheme, which is called the -Invertible Cycles (IC) scheme. IC is one of the most efficient multivariate public-key cryptosystems (MPKC); these schemes would be suitable for using under limited computational resources. In 2008, an efficient attack against IC using Grobner basis algorithms was proposed by Fouque et al. However, they only estimated the complexity of their attack based on their experimental results. On the other hand, Patarin had proposed an efficient attack against some multivariate public-key cryptosystems. We call this attack Patarin's attack. The complexity of Patarin's attack can be estimated by finding relations corresponding to each scheme. In this paper, we propose an another practical attack against the IC encryption/signature scheme. We estimate the complexity of our attack (not experimentally) by adapting Patarin's attack. The attack can be also applied to the IC- scheme. Moreover, we show some experimental results of a practical attack against the IC/IC- schemes. This is the first implementation of both our proposed attack and an attack based on Grobner basis algorithm for the even case, that is, a parameter is even.

In this paper, we propose a rational m-out-of-n secret sharing scheme, a dealer wishes to entrust a secret with a group of n players such that any subset of m or more players can reconstruct the secret, but a subset of less than m players cannot learn anything about the secret. The reconstruction protocol of our scheme is fair and stable in the rational settings, allowing all players to obtain the designated secret. Our scheme is based on RSA-OAEP with the distributed decryption. The security of our scheme relies on a computational assumption and uses the random oracles. The size of each share in our scheme is independent of the utility function and the computation cost of the reconstruction protocol is constant. Moreover, our scheme prevents the attacks with at most m-1 coalitions.

Lots of revocable group signature schemes have been proposed so far. In one type of revocable schemes, signing and/or verifying algorithms have O(N) or O(R) complexity, where N is the group size and R is the number of revoked members. On the other hand, in Camenisch-Lysyanskaya scheme and the followers, signing and verifying algorithms have O(1) complexity. However, before signing, the updates of the secret key are required. The complexity is O(R) in the worst case. In this paper, we propose a revocable scheme with signing and verifying of O(1) complexity, where any update of secret key is not required. The compensation is the long public key of O(N). In addition, we extend it to the scheme with O()-size public key, where signing and verifying have constant extra costs.

In this paper, we design and analyze some new and practical (selectively) convertible undeniable signature (SCUS) schemes in both random oracle and standard model, which enjoy several merits over existing schemes in the literature. In particular, we design the first practical RSA-based SCUS schemes secure in the standard model. On the path, we also introduce two moduli RSA assumptions, including the strong twin RSA assumption, which is the RSA symmetry of the strong twin Diffie-Hellman assumption (Eurocrypt'08).

We introduce the "split padding" into a current Merkle-Damgård hash function H. The patched hash function satisfies the following properties: (i) is second-preimage-resistant (SPR) if the underlying compression function h satisfies an "SPR-like" property, and (ii) is one-way (OW) if h satisfies an "OW-like" property. The assumptions we make about h are provided with simple definitions and clear relations to other security notions. In particular, they belong to the class whose existence is ensured by that of OW functions, revealing an evident separation from the strong collision-resistance (CR) requirement. Furthermore, we get the full benefit from the patch at almost no expense: The new scheme requires no change in the internals of a hash function, runs as efficiently as the original, and as usual inherits CR from h.

In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password||Challenge), which is called prefix approach, previous work needs to ask 2³⁷ queries to recover a password. Asking 2³⁷ queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 2³⁴ MD4 off-line computations. To recover up to 12-octet passwords, we only need 2¹⁰ times the amount of eavesdropping, 2¹⁰ queries, and 2⁴¹ off-line MD4 computations. When responses are computed as MD4(Password||Challenge||Password), which is called hybrid approach, previous work needs to ask 2⁶³ queries, while in our attack, up to 8-octet passwords are practically recovered by 2⁸ times the amount of eavesdropping, 2⁸ queries, and 2³⁹ off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.

A Multi-Property-Preserving (MPP) hash function is a hash function that simultaneously preserves several security properties of the underlying compression function. The Merkle-Damgård with a Permutation (MDP) was shown to preserve unforgeability and pseudorandom oracle property. In this paper, we consider the most basic security properties of hash functions, namely collision resistance, second-preimage resistance, and preimage-resistance. We first show which of these properties are preserved by MDP in the dedicated-key setting. We also identify the properties preserved by four variants of MDP, and five other variants of Merkle-Damgård iterated hash functions. As a result, for the ten hash functions we analyze, we obtain their complete MPP characteristics.

An anonymous password-authenticated key exchange (anonymous PAKE) protocol is designed to provide both password-only authentication and user anonymity against a semi-honest server, who follows the protocol honestly. Very recently, Yang and Zhang have proposed a new anonymous PAKE (NAPAKE) protocol that is claimed efficient compared to the previous constructions. In this paper, we propose a very-efficient anonymous PAKE (called, VEAP) protocol that provides the most efficiency among their kinds in terms of computation and communication costs. The VEAP protocol guarantees semantic security of session keys in the random oracle model under the chosen target CDH problem, and unconditional user anonymity against a semi-honest server. If the pre-computation is allowed, both the user and the server are required to compute only one modular exponentiation, respectively. Surprisingly, this is the same computation cost of the well-known Diffie-Hellman protocol that does not provide authentication at all. In addition, we extend the VEAP protocol in two ways: the first is designed to reduce the communication costs of the VEAP protocol and the second shows that stripping off anonymity parts from the VEAP protocol results in a new PAKE protocol.

We present a new variant of Attribute based encryption (ABE) called Dual-Policy ABE. Basically, it is a conjunctively combined scheme between Key-Policy and Ciphertext-Policy ABE, the only two previous types of ABE. Dual-Policy ABE allows simultaneously two access control mechanisms over encrypted data: one involves policies over objective attributes ascribed to data and the other involves policies over subjective attributes ascribed to user credentials. The previous two types of ABE can only allow either functionality above one at a time.

In the model, a sender S wants to send a message to a receiver R secretly and reliably in r-round. They do not share any information like keys, but there are n independent communication channels between S and R, and an adversary A can observe and/or substitute the data which goes through some channels (but not all). In this paper, we propose almost secure (1-round, 3t+1-channel ) MTSs which have following two properties where t is the number of channels A can observe and/or forge. (1) The running time of message decryption algorithm is polynomial in n. (2) Communication cost is smaller than the previous MTSs, if the message is large to some degree.

This paper describes a differential fault analysis (DFA) attack against CLEFIA. The proposed attack can be applied to CLEFIA with all supported keys: 128, 192, and 256-bit keys. DFA is a type of side-channel attack. This attack enables the recovery of secret keys by injecting faults into a secure device during its computation of the cryptographic algorithm and comparing the correct ciphertext with the faulty one. CLEFIA is a 128-bit blockcipher with 128, 192, and 256-bit keys developed by the Sony Corporation in 2007. CLEFIA employs a generalized Feistel structure with four data lines. We developed a new attack method that uses this characteristic structure of the CLEFIA algorithm. On the basis of the proposed attack, only 2 pairs of correct and faulty ciphertexts are needed to retrieve the 128-bit key, and 10.78 pairs on average are needed to retrieve the 192 and 256-bit keys. The proposed attack is more efficient than any previously reported. In order to verify the proposed attack and estimate the calculation time to recover the secret key, we conducted an attack simulation using a PC. The simulation results show that we can obtain each secret key within three minutes on average. This result shows that we can obtain the entire key within a feasible computational time.

MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it has been recommended for Japanese e-Government ciphers by the CRYPTREC project. This paper shows that higher order differential attacks can be successful against 7-round versions of MISTY1 with FL functions. The attack on 7-round MISTY1 can recover a partial subkey with a data complexity of 2^54.1 and a computational complexity of 2^120.8, which signifies the first successful attack on 7-round MISTY1 with no limitation such as a weak key. This paper also evaluates the complexity of this higher order differential attack on MISTY1 in which the key schedule is replaced by a pseudorandom function. It is shown that resistance to the higher order differential attack is not substantially improved even in 7-round MISTY1 in which the key schedule is replaced by a pseudorandom function.

The NTRU cryptosystem is a public key system based on lattice problems. While its theoretical security has been well studied, little effort has been made to analyze its security against implementation attacks including power analysis attacks. In this paper, we show that a typical software implementation of NTRU is vulnerable to the simple power analysis and the correlation power analysis including a second-order power attack. We also present novel countermeasures to prevent these attacks, and perform experiments to estimate the performance overheads of our countermeasures. According to our experimental results, the overheads in required memory and execution time are only 8.17% and 9.56%, respectively, over a Tmote Sky equipped with an MSP430 processor.

Conventional efficient key recovery attacks against Wired Equivalent Privacy (WEP) require specific initialization vectors or specific packets. Since it takes much time to collect the packets sufficiently, any active attack should be performed. An Intrusion Detection System (IDS), however, will be able to prevent the attack. Since the attack logs are stored at the servers, it is possible to prevent such an attack. This paper proposes an algorithm for recovering a 104-bit WEP key from any IP packets in a realistic environment. This attack needs about 36,500 packets with a success probability 0.5, and the complexity of our attack is equivalent to about 2²⁰ computations of the RC4 key setups. Since our attack is passive, it is difficult for both WEP users and administrators to detect our attack.

As one of the logic-level countermeasures against DPA (Differential Power Analysis) attacks, Random Switching Logic (RSL) was proposed by Suzuki, Saeki and Ichikawa in 2004 . The RSL technique was applied to AES hardware and a prototype chip was implement with a 0.13-µm standard CMOS library for evaluating the DPA resistance . Although the main purpose of using RSL is to resist the DPA attacks, our experimental results of Clock-based Fault Analysis (CFA) show that one can reveal the secret information from the prototype chip. This paper explains the mechanism of the CFA attack and discusses the reason for the success of the attack against a prototype implementation of AES with RSL (RSL-AES). Furthermore, we consider an ideal RSL-AES implementation that counteracts the CFA attacks.

A technique for computing the quotient (⌊ ab/n ⌋) of Euclidean divisions from the difference of two remainders (ab (mod n) - ab (mod n+1)) was proposed by Fischer and Seifert. The technique allows a 2-bit modular multiplication to work on most -bit modular multipliers. However, the cost of the quotient computation rises sharply when computing modular multiplications larger than 2 bits with a recursive approach. This paper addresses the computation cost and improves on previous 2-bit modular multiplication algorithms to return not only the remainder but also the quotient, resulting in an higher performance in the recursive approach, which becomes twice faster in the quadrupling case and four times faster in the octupling case. In addition to Euclidean multiplication, this paper proposes a new 2-bit Montgomery multiplication algorithm to return both of the remainder and the quotient.

This paper introduces a new computational problem on a two-dimensional vector space, called the vector decomposition problem (VDP), which is mainly defined for designing cryptosystems using pairings on elliptic curves. We first show a relation between the VDP and the computational Diffie-Hellman problem (CDH). Specifically, we present a sufficient condition for the VDP on a two-dimensional vector space to be at least as hard as the CDH on a one-dimensional subspace. We also present a sufficient condition for the VDP with a fixed basis to have a trapdoor. We then give an example of vector spaces which satisfy both sufficient conditions and on which the CDH is assumed to be hard in previous work. In this sense, the intractability of the VDP is a reasonable assumption as that of the CDH.

The security level of an internet protocol television (IPTV) digital right management (DRM) system ultimately relies on protection of secret keys. Well known devices for the key protection include smartcards and battery backup SRAMs (BB-SRAMs); however, these devices could be vulnerable to various physical attacks. In this paper, we propose a secure and cost-effective design of a cryptographic system on chip (SoC) that integrates the BB-SRAM with a cell-based design technique. The proposed SoC provides robust safeguard against the physical attacks, and satisfies high-speed and low-price requirements of IPTV set-top boxes. Our implementation results show that the maximum encryption rate of the SoC is 633 Mb/s. In order to verify the data retention capabilities, we made a prototype chip using 0.18 µm standard cell technology. The experimental results show that the integrated BB-SRAM can reliably retain data with a 1.4 µA leakage current.

We propose an FPGA-based high-speed search system for cryptosystems that employ a passphrase-based security scheme. We first choose PGP as an example of such cryptosystems, clear several hurdles for high throughputs and manage to develop a high-speed search system for it. As a result we achieve a throughput of 1.1 10⁵ passphrases per second, which is 38 times the speed of the fastest software. Furthermore we can do many flexible passphrase generations in addition to a simple brute force one because we assign the passphrase generation operation to software. In fact we implement a brute force and a dictionary-based ones, and get the same maximum throughput as above in both cases. We next consider the speed of passphrase generation in order to apply our system to other cryptosystems than PGP, and implement a hardware passphrase generator to achieve higher throughputs. In the PGP case, the very heavy iteration of hashing, 1025 times in our case, lowers the total throughput linearly, and makes the figure 1.1 10⁵ suffice. In other cases without any such iteration structure, we have to generate even more passphrases, for example 10⁸ per second. That can easily exceed the generation speed that software can offer and thus we conclude that it is now necessary to place the passphrase generation in hardware instead of in software.

Malware sandbox analysis, in which a malware sample is actually executed in a testing environment (i.e. sandbox) to observe its behavior, is one of the promising approaches to tackling the emerging threats of exploding malware. As a lot of recent malware actively communicates with remote hosts over the Internet, sandboxes should also support an Internet connection, otherwise important malware behavior may not be observed. In this paper, we propose a multi-pass sandbox analysis with a controlled Internet connection. In the proposed method, we start our analysis with an isolated sandbox and an emulated Internet that consists of a set of dummy servers and hosts that run vulnerable services, called Honeypots in the Sandbox (HitS). All outbound connections from the victim host are closely inspected to see if they could be connected to the real Internet. We iterate the above process until no new behaviors are observed. We implemented the proposed method in a completely automated fashion and evaluated it with malware samples recently captured in the wild. Using a simple containment policy that authorizes only certain application protocols, namely, HTTP, IRC, and DNS, we were able to observe a greater variety of behaviors compared with the completely isolated sandbox. Meanwhile, we confirmed that a noticeable number of IP scans, vulnerability exploitations, and DoS attacks are successfully contained in the sandbox. Additionally, a brief comparison with two existing sandbox analysis systems, Norman Sandbox and CWSandbox, are shown.

Ultrasonic imaging is useful in seabed or lakebed observations. We can roughly estimate the sea depth by hearing the echo generated by the boundary of water and rocks or sand. However, the estimation quality is usually not sufficient to draw seabed landscape since the echo signal includes serious distortion caused by autointerference. This paper proposes a novel method to visualize the shape of distant boundaries, such as the seawater-rock/sand boundary, based on the complex-valued Markov random field (CMRF) model. Our method realizes adaptive compensation of distortion without changing the global features in the measurement data, and obtains higher-quality landscape with less computational cost than conventional methods.

A generalized formulation of the instantaneous frequency based on the symmetric higher order differential energy operator is proposed. The motivation for the formulation is that there is some frequency misalignment in time when the ordinary higher order differential energy operator is used for the instantaneous frequency estimator. The special cases of the generalized formulation are also presented. The proposed instantaneous frequency estimators are compared with existing methods in terms of error performance measured in the mean absolute error. In terms of the estimation error performance, the third order instantaneous frequency estimator with the symmetrical structure shows the best result under noise free condition. Under noisy situation, the fourth order instantaneous frequency estimator with the symmetrical structure produces the best results. Application examples are provided to show the usefulness of the estimator.

Recently, proportionate adaptive algorithms have been proposed to speed up convergence in the identification of sparse impulse response. Although they can improve convergence for sparse impulse responses, the steady-state misalignment is limited by the constant step-size parameter. In this article, based on the principle of least perturbation, we first present a derivation of normalized version of proportionate algorithms. Then by taking the disturbance signal into account, we propose a variable step-size proportionate NLMS algorithm to combine the benefits of both variable step-size algorithms and proportionate algorithms. The proposed approach can achieve fast convergence with a large step size when the identification error is large, and then considerably decrease the steady-state misalignment with a small step size after the adaptive filter reaches a certain degree of convergence. Simulation results verify the effectiveness of the proposed approach.

This paper proposes a novel crest factor reduction (CFR) algorithm applicable to currently deployed W-CDMA base stations. The peak-to-average ratio (PAR) reduction of the multiple carrier mixed signal, namely CFR, has been an issue in order to convey the benefit of using low-cost power amplifiers. The simple final clipping method (SFCM) as a conventional method has been widely utilized due to its simplicity and effectiveness. However, the SFCM degrades the adjacent channel leakage ratio (ACLR) characteristic as well as the signal quality indicated by either the error vector magnitude (EVM) or the peak code domain error (PCDE). Conventionally, in order to alleviate this undesired deterioration, extra channel filtering and signal quality enhancement followed by CFR might be processed in an open-loop style. Alternatively, to perform CFR by maintaining the PAR as low as possible subject to satisfying the prescribed ACLR and EVM/PCDE performance, this paper introduces the prediction filter dependent peak reduction (PFDPR) process collaboratively working with dynamic waterfilling-based code domain compensation (DWCDC). To verify the superiority of the proposed CFR algorithm, tentative simulations are conducted while maintaining the rules of legitimate W-CDMA base station test specifications.

This paper proposes a low complexity noise suppressor with hybrid filterbanks and adaptive time-frequency tiling. An analysis hybrid filterbank provides efficient transformation by further decomposing low-frequency bins after a coarse transformation with a short frame size. A synthesis hybrid filterbank also reduces computational complexity in a similar fashion to the analysis hybrid filterbank. Adaptive time-frequency tiling reduces the number of spectral gain calculations. It adaptively generates tiling information in the time-frequency plane based on the signal characteristics. The average number of instructions on a typical DSP chip has been reduced by 30% to 7.5 MIPS in case of mono signals sampled at 44.1 kHz. A Subjective test result shows that the sound quality of the proposed method is comparable to that of the conventional one.

This paper presents a single-chip speech dialogue module and its evaluation on a personal robot. This module is implemented on an application processor that was developed primarily for mobile phones to provide a compact size, low power-consumption, and low cost. It performs speech recognition with preprocessing functions such as direction-of-arrival (DOA) estimation, noise cancellation, beamforming with an array of microphones, and echo cancellation. Text-to-speech (TTS) conversion is also equipped with. Evaluation results obtained on a new personal robot, PaPeRo-mini, which is a scale-down version of PaPeRo, demonstrate an 85% correct rate in DOA estimation, and as much as 54% and 30% higher speech recognition rates in noisy environments and during robot utterances, respectively. These results are shown to be comparable to those obtained by PaPeRo.

In this research a new prediction algorithm based on a Fuzzy Mix of Filters (FMF) is developed. The use of a fuzzy mix is a good solution because it makes intuitive the difficult design task of combining several types of filters, so that the outputs of the filters that work closer to their optimal behavior have higher influence in the predicted values. Therefore the FMF adapts, according to the motion of the tracked object or target, the filter weights to reduce the estimation error. The paper develops the theory about the FMF and uses it for applications with hard real-time requirements. The improvement of the proposed FMF is shown in simulation and an implementation on a parallel processor (FPGA) is presented. As a practical application of the FMF, experimental results are provided for a visual servoing task.

Evolvable hardware (EHW) is a new research field about the use of Evolutionary Algorithms (EAs) to construct electronic systems. EHW refers in a narrow sense to use evolutionary mechanisms as the algorithmic drivers for system design, while in a general sense to the capability of the hardware system to develop and to improve itself. Genetic Algorithm (GA) is one of typical EAs. We propose optimal circuit design by using GA with parameterized uniform crossover (GApuc) and with fitness function composed of circuit complexity, power, and signal delay. Parameterized uniform crossover is much more likely to distribute its disruptive trials in an unbiased manner over larger portions of the space, then it has more exploratory power than one and two-point crossover, so we have more chances of finding better solutions. Its effectiveness is shown by experiments. From the results, we can see that the best elite fitness, the average value of fitness of the correct circuits and the number of the correct circuits of GApuc are better than that of GA with one-point crossover or two-point crossover. The best case of optimal circuits generated by GApuc is 10.18% and 6.08% better in evaluating value than that by GA with one-point crossover and two-point crossover, respectively.

A method was developed for deriving the approximate global optimum of a nonlinear objective function with multiple local optimums. The objective function is expanded into a linear wave coefficient equation, so the problem of maximizing the objective function is reduced to that of maximizing a quadratic function with respect to the wave coefficients. Because a wave function expressed by the wave coefficients is used in the algorithm for maximizing the quadratic function, the algorithm is equivalent to a full search algorithm, i.e., one that searches in parallel for the global optimum in the whole domain of definition. Therefore, the global optimum is always derived. The method was evaluated for various objective functions, and computer simulation showed that a good approximation of the global optimum for each objective function can always be obtained.

In this paper, we compare two generalized cyclotomic binary sequences with length 2p² in terms of the linear complexity. One classical sequence is defined using the method introduced by Ding and Helleseth, while the other modified sequence is defined in a slightly different manner. We show that the modified sequence has linear complexity of 2p², which is higher than that of the classical one.

In this paper we present a construction method for quaternary sequences from a binary sequence of even period, which preserves the period and autocorrelation of the given binary sequence. By applying the method to the binary sequences with three-valued autocorrelation, we construct new quaternary sequences with three-valued autocorrelation, which are balanced or almost balanced. In particular, we construct new balanced quaternary sequences whose autocorrelations are three-valued and have out-of-phase magnitude 2, when their periods are N=p^m-1 and N≡ 2 (mod 4) for any odd prime p and any odd integer m. Their out-of-phase autocorrelation magnitude is the known optimal value for N≠ 2,4,8, and 16.

In this study, a discriminative weight training is applied to a support vector machine (SVM) based speech/music classification for a 3GPP2 selectable mode vocoder (SMV). In the proposed approach, the speech/music decision rule is derived by the SVM by incorporating optimally weighted features derived from the SMV based on a minimum classification error (MCE) method. This method differs from that of the previous work in that different weights are assigned to each feature of the SMV a novel process. According to the experimental results, the proposed approach is effective for speech/music classification using the SVM.

In this Letter, a residual acoustic echo suppression method is proposed to enhance the speech quality of hands-free communication in an automobile environment. The echo signal is normally a human voice with harmonic characteristics in a hands-free communication environment. The proposed algorithm estimates the residual echo signal by emphasizing its harmonic components. The estimated residual echo is used to obtain the signal-to-interference ratio (SIR) information at the acoustic echo canceller output. Then, the SIR based Wiener post-filter is constructed to reduce both the residual echo and noise. The experimental results confirm that the proposed algorithm is superior to the conventional residual echo suppression algorithm in terms of the echo return loss enhancement (ERLE) and the segmental signal-to-noise ratio (SEGSNR).

An efficient multiplier design method for predetermined coefficient groups is presented based on the variation of canonic signed digit (CSD) encoding and partial product sharing. By applications to radix-2⁴ FFT structure and the pulse-shaping filter design used in CDMA, it is shown that the proposed method significantly reduces the area, propagation delay and power consumption compared with previous methods.

Impossible differential attack (IDA) uses impossible differential characteristics extracted from enough plaintext pairs to retrieve subkeys of the first and the last several rounds of AES. In this paper, a general IDA on 7-round AES is proposed. Such attack takes the number of all-zero columns of the 7th and the 6th round as parameters (α,β). And a trade-off relation between the number of plaintexts and times of encryptions in the process of the attack is derived, which makes only some values of (α,β) allowed in the attack for different key length.

This letter suggests a novel high capacity robust audio watermarking algorithm by using the high frequency band of the wavelet decomposition, for which the human auditory system (HAS) is not very sensitive to alteration. The main idea is to divide the high frequency band into frames and then, for embedding, the wavelet samples are changed based on the average of the relevant frame. The experimental results show that the method has very high capacity (about 5.5 kbps), without significant perceptual distortion (ODG in [-1, 0] and SNR about 33 dB) and provides robustness against common audio signal processing such as added noise, filtering, echo and MPEG compression (MP3).

A new construction method for polyphase sequences with two-valued periodic auto- and crosscorrelation functions is proposed. This method gives L families of polyphase sequences for each prime length L which is bigger than three. For each family of sequences, the out-of-phase auto- and crosscorrelation functions are proved to be constant and asymptotically reach the Sarwate bound. Furthermore, it is shown that sequences of each family are mutually orthogonal.

A blind channel estimation algorithm based on the subspace method for single-input multiple-output (SIMO) orthogonal frequency division multiplexing (OFDM) systems is proposed in this letter. With the aid of a repetition index, the conventional algorithm is a special case of our algorithm. Compared with related studies, the proposed algorithm reduces the computational complexity of the SVD operation and is suitable for cyclic-prefix-free systems. In particular, the necessary condition of the proposed signal matrix to be full rank can be satisfied with fewer OFDM blocks. Simulation results demonstrate that the proposed algorithm outperforms conventional methods in normalized mean-square error.

In this paper, an effective congestion control algorithm is proposed to increase the end-to-end delivery success ratio of upstream traffic by reduction of buffer drop probabilities and their deviation in wireless sensor networks. According to the queue length of parent and child nodes, each child node chooses one of the parents as the next hop to the sink and controls the delay before transmission begins. It balances traffics among parents and mitigates congestion based on congestion level of a node. Simulation results show that the proposed algorithm reduces buffer drop probabilities and their deviation and increases the end-to-end delivery success ratio in wireless sensor networks.

This paper proposes an improved method that uses a K-means method to effectively reduce the ringing artifacts in a color moving picture. To apply this improved K-method, we set the number of groups for the process to two (K=2) in the three dimensional R, G, B color space. We then improved the R, G, B color value of all of the pixels by moving the current R, G, B color value of each pixel to calculated center values, which reduced the ringing artifacts. The results were verified by calculating the overshoot and the slope of the light luminance around the edges of test images that had been processed by the new algorithm. We then compared the calculated results with the overshoot and slope of the light luminance of the unprocessed image.