The planar Hajos calculus (PHC) is the Hajos calculus with the restriction that all the graphs that appear in the construction (including a final graph) must be planar. The degree-d planar Hajos calculus (PHC(dd)) is PHC with the restriction that all the graphs that appear in the construction (including a final graph) must have maximum degree at most d. We prove the followings: (1) If PHC is polynomially bounded, then for any d ≥ 4, PHC(dd+2) can generate any non-3-colorable planar graphs of maximum degree at most d in polynomial steps. (2) If PHC can generate any non-3-colorable planar graphs of maximum degree 4 in polynomial steps, then PHC is polynomially bounded.

For an arbitrary set B of Boolean functions satisfying a certain condition, we give a general method of constructing a class C_B of read-once Boolean formulas over the basis B that has the following property: For any _F in C_B, F can be transformed to an optimal formula (i.e., a simplest formula over the standard basis {AND, OR, NOT}) by replacing each occurrence of a basis function h ∈ B in F with an optimal formula for h. For a particular set of basis functions B^* = {AND,OR,NOT,XOR,MUX}, we give a canonical form representation for C_B^* so that the set of canonical form formulas consists of only NPN-representatives in C_B^*.

In this paper, a novel orthogonal frequency-division multiplexing (OFDM) modulator/demodulator based on real-valued discrete Hartley transform (DHT) is presented and implemented for the IEEE 802.11a/g wireless local area network (LAN). Instead of the conventional complex-valued fast Fourier transform (FFT) for OFDM systems, the proposed architecture employs two real-valued fast DHT (FHT) kernels and one post processing unit. By taking advantage of the real-valued operation of FHT, this approach reduces the number of multiplications compared with the radix-2 FFT. The proposed DHT-based modulator/demodulator was designed and fabricated in 0.18-µm CMOS technology with a core area of 928935 µm². The average power consumption is about 20.16 mW at 20 MHz and 1.8 V supply voltage. Measurement results of the integrated circuit illustrate its superior chip area and power consumption.

In digital signal processing, the sampling theorem states that any real valued function f can be reconstructed from a sequence of values of f that are discretely sampled with a frequency at least twice as high as the maximum frequency of the spectrum of f. This theorem can also be applied to functions over finite domain. Then, the range of frequencies of f can be expressed in more detail by using a bounded set instead of the maximum frequency. A function whose range of frequencies is confined to a bounded set is referred to as bandlimited function. And a sampling theorem for bandlimited functions over Boolean domain has been obtained. Here, it is important to obtain a sampling theorem for bandlimited functions not only over Boolean domain (GF(2)ⁿ domain) but also over GF(q)ⁿ domain, where q is a prime power and GF(q) is Galois field of order q. For example, in experimental designs, although the model can be expressed as a linear combination of the Fourier basis functions and the levels of each factor can be represented by GF(q), the number of levels often take a value greater than two. However, the sampling theorem for bandlimited functions over GF(q)ⁿ domain has not been obtained. On the other hand, the sampling points are closely related to the codewords of a linear code. However, the relation between the parity check matrix of a linear code and any distinct error vectors has not been obtained, although it is necessary for understanding the meaning of the sampling theorem for bandlimited functions. In this paper, we generalize the sampling theorem for bandlimited functions over Boolean domain to a sampling theorem for bandlimited functions over GF(q)ⁿ domain. We also present a theorem for the relation between the parity check matrix of a linear code and any distinct error vectors. Lastly, we clarify the relation between the sampling theorem for functions over GF(q)ⁿ domain and linear codes.

This paper extends the Brezing-Weng method by parameterizing the discriminant D by a polynomial D(x). To date, the maximum of CM discriminant can be adequately addressed is about 14-digits. Thus the degree of the square free part of D(x) has to be sufficiently small. By making the square free part of D(x) a linear monomial, the degree of the square free part is small and by substituting x to some quadratic monomial, pairing-friendly curves with various discriminants can be constructed. In order that a square free part of D(x) is of the form ax, ax has to be a square element as a polynomial representation in a number field. Two methods are introduced to apply this construction. For k = 5, 8, 9, 15, 16, 20, 24 and 28, the proposed method gives smaller ρ value than those in previous studies.

Provider authentication is necessary in bidirectional broadcasting services, and a digital signature scheme is often used to prevent an adversary from attempting impersonation. The cost of secure signing key management is extremely high. In addition, the key has to be updated very often, since it is frequently used. The result is that the verification key also has to be updated very often, and its redistribution cost is huge. These costs are real and substantive problems, especially when the number of users is large. In this paper, we propose a system that dramatically reduces these costs. In the system, the signing key is updated, but the corresponding verification key does not have to be updated. This means that the signing key can be updated without any cost for redistributing the verification key and that the system is secure against the threat of signing key leakage, since the key can be frequently updated. Moreover, we propose a new key management method that divides a conventional key management server's role into two. The use of a key-insulated signature (KIS) scheme enables low-cost and more secure key management with two servers. Finally, to make a bidirectional broadcasting service more secure even if the signing key is leaked, we developed a new strong KIS scheme. We performed an experiment that assessed the cost of our strong KIS scheme and found that it is sufficiently low. Accordingly, a provider authentication system employing this scheme would be more efficient and would have lower key redistribution and network costs in comparison with conventional authentication systems.

Random substitutions are very useful and practical method for privacy-preserving schemes. In this paper we obtain the exact relationship between the estimation errors and three parameters used in the random substitutions, namely the privacy assurance metric γ, the total number n of data records, and the size N of transition matrix. We also demonstrate some simulations concerning the theoretical result.

Many knapsack cryptosystems have been proposed but almost all the schemes are vulnerable to lattice attack because of their low density. To prevent the lattice attack, Chor and Rivest proposed a low weight knapsack scheme, which made the density higher than critical density. In Asiacrypt2005, Nguyen and Stern introduced pseudo-density and proved that if the pseudo-density is low enough (even if the usual density is not low enough), the knapsack scheme can be broken by a single call to SVP/CVP oracle. However, the usual density and the pseudo-density are not sufficient to measure the resistance to the lattice attack individually. In this paper, we first introduce the new notion of density D, which naturally unifies the previous two density. Next, we derive conditions for our density so that a knapsack scheme is secure against lattice attack. We obtain a critical bound of density which depends only on the rate of the message length and its Hamming weight. Furthermore, we show that if D<0.8677, the knapsack scheme is solved by lattice attack. Next, we show that the critical bound goes to 1 if the Hamming weight decreases, which means that it is (almost) impossible to construct a low weight knapsack scheme which is supported by an argument of density.

RC4 is the stream cipher proposed by Rivest in 1987, which is widely used in a number of commercial products because of its simplicity and substantial security. RC4 exploits shuffle-exchange paradigm, which uses a permutation S. Many attacks have been reported so far. No study, however, has focused on correlations in the Pseudo-Random Generation (PRGA) between two permutations S and S' with some differences, nevertheless such correlations are related to an inherent weakness of shuffle-exchange-type PRGA. In this paper, we investigate the correlations between S and S' with some differences in the initial round. We show that correlations between S and S' remain before "i" is in the position where the nonzero-bit difference exists in the initial round, and that the correlations remain with non negligible probability even after "i" passed by the position. This means that the same correlations between S and S' will be observed after the 255-th round. This reveals an inherent weakness of shuffle-exchange-type PRGA.

A new signature scheme of MPKC is proposed. It is created by perturbing a traditional encryption scheme in two ways. The proposed perturbation polynomials successfully reinforce the Matsumoto-Imai cryptosystem This new signature scheme has a structure very difficult to cryptanalyze. Along with the security against algebraic attacks, its security against existing attacks is discussed. The experimental data imply that the scheme can create a both lightweight and secure signature system.

Secure channels can be realized by an authenticated key exchange (AKE) protocol that generates authenticated session keys between the involving parties. In, Shin et al., proposed a new kind of AKE (RSA-AKE) protocol whose goal is to provide high efficiency and security against leakage of stored secrets as much as possible. Let us consider more powerful attacks where an adversary completely controls the communications and the stored secrets (the latter is denoted by "replacement" attacks). In this paper, we first show that the RSA-AKE protocol is no longer secure against such an adversary. The main contributions of this paper are as follows: (1) we propose an RSA-based leakage-resilient AKE (RSA-AKE2) protocol that is secure against active attacks as well as replacement attacks; (2) we prove that the RSA-AKE2 protocol is secure against replacement attacks based on the number theory results; (3) we show that it is provably secure in the random oracle model, by showing the reduction to the RSA one-wayness, under an extended model that covers active attacks and replacement attacks; (4) in terms of efficiency, the RSA-AKE2 protocol is comparable to in the sense that the client needs to compute only one modular multiplication with pre-computation; and (5) we also discuss about extensions of the RSA-AKE2 protocol for several security properties (i.e., synchronization of stored secrets, privacy of client and solution to server compromise-impersonation attacks).

The linear Piece In Hand (PH, for short) matrix method with random variables was proposed in our former work. It is a general prescription which can be applicable to any type of multivariate public-key cryptosystems for the purpose of enhancing their security. Actually, we showed, in an experimental manner, that the linear PH matrix method with random variables can certainly enhance the security of HFE against the Grobner basis attack, where HFE is one of the major variants of multivariate public-key cryptosystems. In 1998 Patarin, Goubin, and Courtois introduced the plus method as a general prescription which aims to enhance the security of any given MPKC, just like the linear PH matrix method with random variables. In this paper we prove the equivalence between the plus method and the primitive linear PH matrix method, which is introduced by our previous work to explain the notion of the PH matrix method in general in an illustrative manner and not for a practical use to enhance the security of any given MPKC. Based on this equivalence, we show that the linear PH matrix method with random variables has the substantial advantage over the plus method with respect to the security enhancement. In the linear PH matrix method with random variables, the three matrices, including the PH matrix, play a central role in the secret-key and public-key. In this paper, we clarify how to generate these matrices and thus present two probabilistic polynomial-time algorithms to generate these matrices. In particular, the second one has a concise form, and is obtained as a byproduct of the proof of the equivalence between the plus method and the primitive linear PH matrix method.

We study fast inversion of the Paillier encryption function. Especially, we focus only on key generation, and do not modify the Paillier encryption function. We propose three key generation algorithms based on the speeding-up techniques for the RSA encryption function. By using our algorithms, the size of the private CRT exponent is half of that of Paillier-CRT. The first algorithm employs the extended Euclidean algorithm. The second algorithm employs factoring algorithms, and can construct the private CRT exponent with low Hamming weight. The third algorithm is a variant of the second one, and has some advantage such as compression of the private CRT exponent and no requirement for factoring algorithms. We also propose the settings of the parameters for these algorithms and analyze the security of the Paillier encryption function by these algorithms against known attacks. Finally, we give experimental results of our algorithms.

Secret Handshake protocol allows members of the same group to authenticate each other secretly. That is, two members who belong to the same group can learn counterpart is in the same group, while non-member of the group cannot determine whether the counterpart is a member of the group or not. Yamashita and Tanaka proposed Secret Handshake Scheme with Multiple Groups (SHSMG). They extended a single group setting to a multiple groups setting where two members output "accept" iff both member's affiliations of the multiple groups are identical. In this paper, we first show the flaw of their SHSMG, and we construct a new secure SHSMG. Second, we introduce a new concept of Secret Handshake scheme, "monotone condition Secret Handshake with Multiple Groups (mc-SHSMG)," in order to extend the condition of "accept." In our new setting of handshake protocol, members can authenticate each other in monotone condition (not only both member's affiliations are identical but also the affiliations are not identical). The communication costs and computational costs of our proposed mc-SHSMG are fewer than the trivial construction of mc-SHSMG.

An explicit construction of pairing-friendly hyperelliptic curves with ordinary Jacobians was firstly given by D. Freeman for the genus two case. In this paper, we give an explicit construction of pairing-friendly hyperelliptic curves of genus two and four with ordinary Jacobians based on the closed formulae for the order of the Jacobian of special hyperelliptic curves. For the case of genus two, we prove the closed formula for curves of type y²=x⁵+c. By using the formula, we develop an analogue of the Cocks-Pinch method for curves of type y²=x⁵+c. For the case of genus four, we also develop an analogue of the Cocks-Pinch method for curves of type y²=x⁹+cx. In particular, we construct the first examples of pairing-friendly hyperelliptic curves of genus four with ordinary Jacobians.

This paper presents a new approach to precompute points [3]P, [5]P,..., [2k-1]P, for some k ≥ 2 on an elliptic curve over F_p. Those points are required for the efficient evaluation of a scalar multiplication, the most important operation in elliptic curve cryptography. The proposed method precomputes the points in affine coordinates and needs only one single field inversion for the computation. The new method is superior to all known methods that also use one field inversion, if the required memory is taken into consideration. Compared to methods that require several field inversions for the precomputation, the proposed method is faster for a broad range of ratios of field inversions and field multiplications. The proposed method benefits especially from ratios as they occur on smart cards.

This paper investigates the closure properties of 1-inkdot nondeterministic Turing machines and 1-inkdot alternating Turing machines with only universal states which have sublogarithmic space. We show for example that the classes of sets accepted by these Turing machines are not closed under length-preserving homomorphism, concatenation with regular set, Kleene closure, and complementation.

The fast H_∞ filter is developed by one of the authors, and its practical use in industries is expected. This paper derives a linear propagation model of numerical errors in the recursive variables of the fast H_∞ filter, and then theoretically analyzes the stability of the filter. Based on the analyzed results, a numerical stabilization method of the fast H_∞ filter is proposed with the error feedback control in the backward prediction. Also, the effectiveness of the stabilization method is verified using numerical examples.

Let V(φ) be a shift invariant subspace of L²(R) with a Riesz or frame generator φ(t). We take φ(t) suitably so that the regular sampling expansion : f(t) = f(n)S(t-n) holds on V(φ). We then find conditions on the generator φ(t) and various bounds of the perturbation {δ _n }_n∈Z under which an irregular sampling expansion: f(t) = f(n+ δ_n)S_n(t) holds on V(φ). Some illustrating examples are also provided.

Designing ship controllers is a challenging problem because of nonlinear dynamics, uncertainty in parameters and external disturbances. Furthermore, the interaction between yaw and roll angles increase the complexity of this issue when autopilot and roll stabilizer are considered together. In this research, a MIMO sliding mode controller is designed to control yaw and roll angles simultaneously. The major contribution of the paper is designing an integrated controller based on a nonlinear model of ship as well as considering analytic bounds of uncertainties. Then, in order to reduce the chattering phenomenon and to improve the tracking ability of the system, the control scheme has been modified using an integral switching variable. Simulation results show the success of the proposed method to overcome nonlinearity and disturbances, as well as high performance in rough wave conditions. Also, comparison between the proposed controller and two SISO control schemes demonstrates advantages of the integrated control method.

In this paper, a new robust wavelet time-variant sliding-mode control (RWTVSMC) for an uncertain nonlinear system is presented. The proposed method is composed of two controllers, based on a time variant sliding equation. For this purpose a neural wavelet controller is designed to approximate an ideal controller based on the wavelet network approximation. Also a robust controller is designed to achieve H^∞ tracking performance. New terminologies, rejection parameter and rejection regulator, for filtering all un-modeled frequencies are defined. A time-variant sliding equation based on the time-variant rejection parameter to achieve the best tracking performance is then presented. In addition, two theorems and one lemma which facilitate design of robust wavelet sliding-mode control are proved. Also, two simulation examples are presented to illustrate the performance and the advantages of the proposed method.

A method of fault diagnosis was proposed for power electronics circuits based on S transforms similarity. At first, the standard module time-frequency matrixes of S transforms for all fault signals were constructed, then the similarity of fault signals' module time-frequency matrixes to standard module time-frequency matrixes were calculated, and according to the principle of maximum similarity, the faults were diagnosed. The simulation result of fault diagnosis of a thyristor in a three-phase full-bridge controlled rectifier shows that the method can accurately diagnose faults and locate the fault element for power electronics circuits, and it has excellent performance for noise robustness and calculation complexity, thus it also has good practical engineering value in the solution to the fault problems for power electronics circuits.

In this paper, an efficient method is proposed to accurately analyze large-scale power/ground (P/G) networks, where inductive parasitics are modeled with the partial reluctance. The method is based on frequency-domain circuit analysis and the technique of vector fitting, and obtains the time-domain voltage response at given P/G nodes. The frequency-domain circuit equation including partial reluctances is derived, and then solved with the GMRES algorithm with rescaling, preconditioning and recycling techniques. With the merit of sparsified reluctance matrix and iterative solving techniques for the frequency-domain circuit equations, the proposed method is able to handle large-scale P/G networks with complete inductive modeling. Numerical results show that the proposed method is orders of magnitude faster than HSPICE, several times faster than INDUCTWISE, and capable of handling the inductive P/G structures with more than 100,000 wire segments.

In this paper, a Stochastic Collocation Algorithm combined with Sparse Grid technique (SSCA) is proposed to deal with the periodic steady-state analysis for nonlinear systems with process variations. Compared to the existing approaches, SSCA has several considerable merits. Firstly, compared with the moment-matching parameterized model order reduction (PMOR) which equally treats the circuit response on process variables and frequency parameter by Taylor approximation, SSCA employs Homogeneous Chaos to capture the impact of process variations with exponential convergence rate and adopts Fourier series or Wavelet Bases to model the steady-state behavior in time domain. Secondly, contrary to Stochastic Galerkin Algorithm (SGA), which is efficient for stochastic linear system analysis, the complexity of SSCA is much smaller than that of SGA for nonlinear case. Thirdly, different from Efficient Collocation Method, the heuristic approach which may result in "Rank deficient problem" and "Runge phenomenon," Sparse Grid technique is developed to select the collocation points needed in SSCA in order to reduce the complexity while guaranteing the approximation accuracy. Furthermore, though SSCA is proposed for the stochastic nonlinear steady-state analysis, it can be applied to any other kind of nonlinear system simulation with process variations, such as transient analysis, etc.

In this paper, we develop asymptotic analysis and simulation models to better understand the characteristics of performance and energy consumption in a multi-core processor design in which dynamic voltage scaling is used. Our asymptotic model is derived using Amdahl's law, Rent's rule and power equations to derive the optimum number of cores and their voltage levels. Our model can predict the possible impact of different multi-core processor configurations on the performance and energy consumption for given workload characteristics (e.g. available parallelism) and process technology parameters (e.g. ratios of dynamic and static energies to total energy). Through the asymptotic analysis and optimization based on the models, we can observe an asymptotic relationship between design parameters such as "the number of cores," "core size" and "voltage scaling strategies" of a multi-core architecture with regards to performance and energy consumption at an initial phase of the design.

Feedback shift registers are basic building blocks for many cryptographic primitives. Due to the insecurities of Linear Feedback Shift Register (LFSR) based systems, the use of Nonlinear Feedback Shift Registers (NFSRs) became more popular. In this work, we study the feedback functions of NFSRs with period 2ⁿ. First, we provide two new necessary conditions for feedback functions to be maximum length. Then, we consider NFSRs with k-monomial feedback functions and focus on two extreme cases where k=4 and k=2^n-1. We study construction methods for these special cases.

To deal with the increasing number of mobile devices accessing the Internet and the increasing demands of mobility management, IETF has proposed Mobile IPv6 and its fast handover protocol FMIPv6. In FMIPv6, the possibility of Care-of Address (CoA) collision and the time for Return Routability (RR) procedure result in long handover delay, which makes it unsuitable for real-time applications. In this paper, we propose an improved handover scheme for FMIPv6, which reduces the handover delay by using proactive CoA acquisition, configuration and test method. In our proposal, collision-free CoA is proactively prepared, and the time for RR procedure does not contribute to the handover delay. Furthermore, we analyze our proposal's benefits and overhead tradeoff. The numerical results demonstrate that it outperforms the current schemes, such as FMIPv6 and enhanced FMIPv6, on the aspect of handover delay and packet transmission delay.

In this letter, we present a multiple-input multiple-output (MIMO) optimal combining (OC) scheme based on alternate iteration. With the channel state information (CSI) of co-channel interferers (CCIs), this algorithm can be used in flat fading and frequency selective channels to suppress CCIs. Compared with the optimal transceiver of MIMO maximal ratio combining (MRC) systems, results of simulation show that this scheme improves the uplink transmission performance significantly.

In this Letter, the problem of estimating the time-difference-of-arrival between signals received at two spatially separated sensors is addressed. By taking discrete Fourier transform of the sensor outputs, time delay estimation corresponds to finding the frequency of a noisy sinusoid with time-varying amplitude. The generalized weighted linear predictor is utilized to estimate the time delay and it is shown that its estimation accuracy attains Cramér-Rao lower bound.

This letter proposes a low-complexity scheme for estimating the frequency of a complex sinusoid in flat fading channels. The proposed estimator yields an estimation performance that is comparable to the existing autocorrelation-based frequency estimator, while retaining the same frequency range. Its implementation complexity is much lower than the conventional scheme, thus this allows for fast estimation in real time.

Cancelable approaches for biometric person authentication have been studied to protect enrolled biometric data, and several algorithms have been proposed. One drawback of cancelable approaches is that the performance is inferior to that of non-cancelable approaches. In this paper, we propose a scheme to improve the performance of a cancelable approach for online signature verification. Our scheme generates two cancelable dataset from one raw dataset and uses them for verification. Preliminary experiments were performed using a distance-based online signature verification algorithm. The experimental results show that our proposed scheme is promising.

This paper deals with a design problem of an observer-based robust stabilizing controller for a class of polytopic uncertain systems. The proposed controller synthesis differs from the conventional quadratic stabilization based on Lyapunov criterion and is based on the computation of the system's trajectory. In this paper, we show a LMI-based design method of the observer-based robust controller. The effectiveness of the proposed controller design approach is presented through a simple numerical example.

A low power pulse generator design using hybrid logic realization of a 3-input NAND gate is presented. The hybrid logic approach successfully shortens the critical path along the discharging transistor stack and thus reduces the short circuit power consumption during the pulse generation. The combination of pass transistor and full CMOS logic styles in one NAND gate design also helps minimize the required transistor size, which alleviates the loading capacitance of clock tree as well. Simulation results reveal that, compared with prior work, our design can achieve 20.5% and 23% savings respectively in power and circuit area.

Recently, Hu et al. have suggested a fully secure hierarchical identity-based encryption (HIBE) scheme that achieves constant size ciphertext and tight security reduction. Their construction was based on Gentry's IBE scheme that supports their security proof. In this paper, we show that their security proof is incorrect. We point out the difference between Gentry's proof and that of Hu et al., and we show that the security of Hu et al.'s HIBE scheme cannot be reduced to their claimed complexity assumption.

In ubiquitous sensor networks, the estimation accuracy of a node location is limited due to the presence of non-line-of-sight (NLOS) paths. To mitigate the NLOS effects, this letter proposes a simple algorithm where NLOS identification is carried out using angle-of-arrival (AOA). Simulation results show that the use of AOA improves NLOS identification rates and location estimation accuracy.