IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E92.A 巻, 1 号

Higher Order Differential Attack on 6-Round MISTY1

MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it has been recommended for Japanese e-Government ciphers by the CRYPTREC project. This paper reports a previously unknown higher order differential characteristic of 4-round MISTY1 with the FL functions. It also shows that a higher order differential attack that utilizes this newly discovered characteristic is successful against 6-round MISTY1 with the FL functions. This attack can recover a partial subkey with a data complexity of 2^53.7 and a computational complexity of 2^64.4, which is better than any previous cryptanalysis of MISTY1.

Time-Memory-Data Trade-Off Attack on Stream Ciphers Based on Maiorana-McFarland Functions

In this paper, we present the time-memory-data (TMD) trade-off attack on stream ciphers filter function generators and filter cominers based on Maiorana-McFarland functions. This can be considered as a generalization of the time-memory-data trade-off attack of Mihaljevic and Imai on Toyocrypt. First, we substitute the filter function in Toyocrypt (which has the same size as the LFSR) with a general Maiorana-McFarland function. This allows us to apply the attack to a wider class of stream ciphers. Second, we highlight how the choice of different Maiorana-McFarland functions can affect the effectiveness of our attack. Third, we show that the attack can be modified to apply on filter functions which are smaller than the LFSR and on filter-combiner stream ciphers. This allows us to cryptanalyze other configurations commonly found in practice. Finally, filter functions with vector output are sometimes used in stream ciphers to improve the throughput. Therefore the case when the Maiorana-McFarland functions have vector output is investigated. We found that the extra speed comes at the price of additional weaknesses which make the attacks easier.

Attribute-Based Encryption with Partially Hidden Ciphertext Policies

We propose attribute-based encryption schemes where encryptor-specified policies (called ciphertext policies) are hidden. By using our schemes, an encryptor can encrypt data with a hidden access control policy. A decryptor obtains her secret key associated with her attributes from a trusted authority in advance and if the attributes associated with the decryptor's secret key do not satisfy the access control policy associated with the encrypted data, the decryptor cannot decrypt the data or guess even what access control policy was specified by the encryptor. We prove security of our construction based on the Decisional Bilinear Diffie-Hellman assumption and the Decision Linear assumption. In our security notion, even the legitimate decryptor cannot obtain the information about the access control policy associated with the encrypted data more than the fact that she can decrypt the data.

Small Secret Key Attack on a Takagi's Variant of RSA

For a variant of RSA with modulus N = p^rq and ed ≡ 1 (mod(p-1)(q-1)), we show that d is to be recovered if d < N^{(2-√2)/(r+1)}. (Note that φ(N) ≠ (p-1)(q-1).) Boneh-Durfee's result for the standard RSA is obtained as a special case for r=1. Technically, we develop a method for finding a small root of a trivariate polynomial equation f(x, y, z)=x(y-1)(z-1)+1 ≡ 0 (mod e) under the condition that y^rz=N. Our result cannot be obtained from the generic method of Jochemsz-May.

Tag-KEM from Set Partial Domain One-Way Permutations

Recently a framework called Tag-KEM/DEM was introduced to construct efficient hybrid encryption schemes. Although it is known that generic encode-then-encrypt construction of chosen ciphertext secure public-key encryption also applies to secure Tag-KEM construction and some known encoding method like OAEP can be used for this purpose, it is worth pursuing more efficient encoding method dedicated for Tag-KEM construction. This paper proposes an encoding method that yields efficient Tag-KEM schemes when combined with set partial one-way permutations such as RSA and Rabin's encryption scheme. To our knowledge, this leads to the most practical hybrid encryption scheme of this type. We also present an efficient Tag-KEM which is CCA-secure under general factoring assumption rather than Blum factoring assumption.

Formal Security Treatments for IBE-to-Signature Transformation: Relations among Security Notions

In a seminal paper of identity based encryption (IBE), Boneh and Franklin [6] mentioned an interesting transform from an IBE scheme to a signature scheme, which was observed by Moni Naor. In this paper, we give formal security treatments for this transform and discover several implications and separations among security notions of IBE and transformed signature. For example, we show for such a successful transform, one-wayness of IBE is an essential condition. Additionally, we give a sufficient and necessary condition for converting a semantically secure IBE scheme into an existentially unforgeable signature scheme. Our results help establish strategies on design and automatic security proof of signature schemes from (possibly weak) IBE schemes. We also show some separation results which strongly support that one-wayness, rather than semantic security, of IBE captures an essential condition to achieve secure signature.

Forgery Attacks on Time-Stamp, Signed PDF and X.509 Certificate

This paper studies two types of documents in which an adversary can forge a signature on a chosen document. One type is that a nonce is padded on an input document. The time-stamp protocol is a good example of this type. Another is a structured document (such as PS or PDF) whose contents are described in a body part and information (such as generated time and a generator) are in a meta part. In fact, this paper shows how to forge a time-stamp, a signature on a PDF and an X.509 certificate by the extended forgery attack and numerical examples. Forged signature by the original or the extended attacks is only accepted by the clients whose length check of zero-field is loosely implemented. As a result, we found that the latest versions of Adobe's Acrobat and Acrobat Reader accept the forged time-stamp and the forged signature on a PDF document. Target of this attack is RSASSA-PKCS1-v1_5, which does not have provable security. We also show the expanded attack might forge the signature of RSASSA-PSS, which has provable security, when the length check of zero-field is omitted or loosely implemented.

Near-Collision Attacks on MD4: Applied to MD4-Based Protocols

The most widely used hash functions from MD4 family have been broken, which lead to a public competition on designing new hash functions held by NIST. This paper focuses on one concept called near-collision resistance: computationally difficult to find a pair of messages with hash values differing in only few bits, which new hash functions should satisfy. In this paper, we will give a model of near-collisions on MD4, and apply it to attack protocols including HMAC/NMAC-MD4 and MD4(Password||Challenge). Our new outer-key recovery attacks on HMAC/NMAC-MD4 has a complexity of 2⁷² online queries and 2⁷⁷ MD4 computations, while previous result was 2⁸⁸ online queries and 2⁹⁵ MD4 computations. Our attack on MD4(Password||Challenge) can recover 16 password characters with a complexity of 2³⁷ online queries and 2²¹ MD4 computations, which is the first approach to attack such protocols.

A Strict Evaluation on the Number of Conditions for SHA-1 Collision Search

This paper proposes a new algorithm for evaluating the number of chaining variable conditions (CVCs) in the selecting step of a disturbance vector (DV) for the analysis of SHA-1 collision search. The algorithm is constructed by combining four strategies, that can evaluate the number of CVCs more strictly compared with the previous approach. By using our method, we found some DVs that have 57 (or 59) essential CVCs for 1st (or 2nd) block in the case if we assume that we can modify messages up to step 25, which we have not confirmed the practicability of the assumption.

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

Almost Secure (1-Round, n-Channel) Message Transmission Scheme

It is known that perfectly secure (1-round, n-channel) message transmission (MT) schemes exist if and only if n ≥ 3t + 1, where t is the number of channels that the adversary can corrupt. Then does there exist an almost secure MT scheme for n = 2t + 1 ? In this paper, we first sum up a number flaws of the previous almost secure MT scheme presented at Crypto 2004^*. We next show an equivalence between almost secure MT schemes and secret sharing schemes with cheaters. By using our equivalence, we derive a lower bound on the communication complexity of almost secure MT schemes. Finally, we present a near optimum scheme which meets our bound approximately. This is the first construction of provably secure almost secure (1-round, n-channel) MT schemes for n =2t + 1.

Does Secure Password-Based Authenticated Key Exchange against Leakage of Internal States Exist?

In this paper, we raise a question about existence of secure password-based authenticated key exchange against leakage of internal states (i.e., the passwords and session-specific private information). Toward this question, first, we classify six models of adversary's capabilities about leakage. Next, as a result of considerations for 2-party PAKE, we find two negative answers, but also find a positive answer. More specifically, we show that there exists no scheme which is secure in strong leakage models, but we also show that there exists a scheme which is secure in weak leakage models. Also, we consider the case of 3-party setting which is a special setting of password-based authenticated key exchange, and we find similar impossibilities as 2-party setting.

A New ‘On the Fly’ Identification Scheme: An Asymptoticity Trade-Off between ZK and Correctness

GPS is an efficient identification (ID) scheme based on Schnorr ID scheme designed for applications where low cost devices with limited resources are used and a very-short authentication time is required. Let P and V be a prover and a verifier in GPS and <g> be a multiplicative group. P holds a secret key s ∈ [0, S) and publishes I = g^-s. In each elementary round: (1) P sends to V x = g^r where r is chosen randomly from [0, A), (2) V sends to P a random c ∈ [0, B), and (3) P sends y = r + cs (no modulus computation). Since there is no modular reduction on y, a key issue is whether GPS leaks information about s. It has been proved that GPS is statistical zero-knowledge, if in asymptotic sense, $\\ell$BS/A is negligible, where $\\ell$ is the number of elementary rounds in one complete identification trial. In this paper, first we will show the followings. (1) We can construct a concrete attack procedure which reveals one bit of secret key s from the specified value range of y unless BS/A is negligible. We reconfirm that we must set A extremely large compared to BS. (2) This drawback can be avoided by modifying GPS into a new scheme, GPS⁺., in which P does not send the value of y in the specified range where y reveals some information about s. GPS⁺ ensures perfect ZK only by requiring both A > BS and A being a multiple of the order of g, while it allows an honest P to be rejected with probability at most BS/(2A) in one elementary round. Under the standard recommended parameters for 80-bit security where $\\ell$ = 1, |S| = 160, and |B| = 35, |A| = 275 is recommended for GPS in GPS' paper. On the other hand, GPS⁺ can guarantee 80-bit security and less than one false rejection on average in 100 identifications with only |A| = 210 with the same parameters as above. In practice, this implies 275-210 = 65 bits (≈ 24%) reductions on storage requirement. We have confirmed that the reduce of A also reduces approximately 4% of running time for online response using a certain implementation technique for GPS⁺ by machine experiment.

Multiparty Computation from El Gamal/Paillier Conversion

We propose a protocol for converting the encryption function of a ciphertext into another encryption function while keeping the corresponding message secret. The proposed protocol allows conversions of the El Gamal and Paillier cryptosystems and has the potential to design an efficient multiparty protocol intended for circuits consisting of arithmetic and logical operations. We clarify the condition of circuits such that the multiparty protocol based on the proposed protocol provides better performance than previous approaches. In addition, we introduce some privacy-preserving statistical computations as an effective application of the proposed protocol.

k-Times Anonymous Authentication

We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features: 1) no one, not even an authority, can identify users who have been authenticated within the allowable number, 2) anyone can trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

A New Randomness Test Based on Linear Complexity Profile

Linear complexity can be used to detect predictable nonrandom sequences, and hence it is included in the NIST randomness test suite. But, as shown in this paper, the NIST test suite cannot detect nonrandom sequences that are generated, for instance, by concatenating two different M-sequences with low linear complexity. This defect comes from the fact that the NIST linear complexity test uses deviation from the ideal value only in the last part of the whole linear complexity profile. In this paper, a new faithful linear complexity test is proposed, which uses deviations in all parts of the linear complexity profile and hence can detect even the above nonrandom sequences. An efficient formula is derived to compute the exact area distribution needed for the proposed test. Furthermore, a simple procedure is given to compute the proposed test statistic from linear complexity profile, which requires only O(M) time complexity for a sequence of length M.

A Multiplication Algorithm in F_pm Such That p > m with a Special Class of Gauss Period Normal Bases

In this paper, a multiplication algorithm in extension field F_pm is proposed. Different from the previous works, the proposed algorithm can be applied for an arbitrary pair of characteristic p and extension degree m only except for the case when 4p divides m(p - 1) and m is an even number. As written in the title, when p > m, 4p does not divide m(p - 1). The proposed algorithm is derived by modifying cyclic vector multiplication algorithm (CVMA). We adopt a special class of Gauss period normal bases. At first in this paper, it is formulated as an algorithm and the calculation cost of the modified algorithm is evaluated. Then, compared to those of the previous works, some experimental results are shown. Finally, it is shown that the proposed algorithm is sufficient practical when extension degree m is small.

Scalar Multiplication Using Frobenius Expansion over Twisted Elliptic Curve for Ate Pairing Based Cryptography

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve $\\ ilde{E} (\\boldsymbol{F}_{p^2}$) instead of doing on the original curve $E(\\boldsymbol{F}_{p^{12}}$), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) $\\ ilde{\\varphi}$ in $\\ ilde{E} (\\boldsymbol{F}_{p^2})$. On BN curves, note $\\ ilde{\\varphi}$ is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs $\\ ilde{\\varphi}$. In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

The Unknown Computer Viruses Detection Based on Similarity

New computer viruses are continually being generated and they cause damage all over the world. In general, current anti-virus software detects viruses by matching a pattern based on the signature; thus, unknown viruses without any signature cannot be detected. Although there are some static analysis technologies that do not depend on signatures, virus writers often use code obfuscation techniques, which make it difficult to execute a code analysis. As is generally known, unknown viruses and known viruses share a common feature. In this paper we propose a new static analysis technology that can circumvent code obfuscation to extract the common feature and detect unknown viruses based on similarity. The results of evaluation experiments demonstrated that this technique is able to detect unknown viruses without false positives.

An Efficient 2-Secure and Short Random Fingerprint Code and Its Security Evaluation

The code length of Tardos's collusion-secure fingerprint code is of theoretically minimal order with respect to the number of adversarial users (pirates). However, the constant factor should be further reduced for practical implementation. In this article, we improve the tracing algorithm of Tardos's code and propose a 2-secure and short random fingerprint code, which is secure against collusion attacks by two pirates. Our code length is significantly shorter than that of Tardos's code and its tracing error probability is practically small.

Fingerprinting Codes for Multimedia Data against Averaging Attack

Code construction for digital fingerprinting, which is a copyright protection technique for multimedia, is considered. Digital fingerprinting should deter collusion attacks, where several fingerprinted copies of the same content are mixed to disturb their fingerprints. In this paper, we consider the averaging attack, which is known to be effective for multimedia fingerprinting with the spread spectrum technique. We propose new methods for constructing fingerprinting codes to increase the coding rate of conventional fingerprinting codes, while they guarantee to identify the same number of colluders. Due to the new fingerprinting codes, the system can deal with a larger number of users to supply digital contents.

Symmetricity of the Protocols Related to Oblivious Transfer

In this paper, we show that each of the special cases of strong conditional oblivious transfer can be obtained from only one instance of its inverse. Each of our constructions is simple and efficient, and preserves the same security level of its inverse.

Flexible Timed-Release Encryption

This paper presents a new scheme for Timed-Release Encryption (TRE), which is mainly designed for global use. TRE aims to control the timing of disclosing information. The major approach to TRE assumes that any participants can receive a time token broadcasted by a trusted agent, called a time server. Our scheme is based on this approach and allows participants to generate an encrypted message that can be decrypted using designated or any authenticated time servers including even those which are authenticated after encryption. In this sense, our scheme has a more flexible framework in terms of message decryption.

A Subtractive-Type Speech Enhancement Using the Perceptual Frequency-Weighting Function

The present paper describes quality enhancement of speech corrupted by an additive background noise in a single-channel system. The proposed approach is based on the introduction of a perceptual criterion using a frequency-weighting filter in a subtractive-type enhancement process. Although this subtractive-type method is very attractive because of its simplicity, it produces an unnatural and unpleasant residual noise. Thus, it is difficult to select fixed optimized parameters for all speech and noise conditions. A new and effective algorithm is thus developed based on the masking properties of the human ear. This newly developed algorithm allows for an automatic adaptation in the time and frequency of the enhancement system and determines a suitable noise estimate according to the frequency of the noisy input speech. Experimental results demonstrate that the proposed approach can efficiently remove additive noise related to various kinds of noise corruption.

High-Accuracy Estimation of Image Rotation Using 1D Phase-Only Correlation

This paper presents a technique for high-accuracy estimation of image rotation using 1D Phase-Only Correlation (POC). The rotation angle between two images is estimated as follows: (i) compute the amplitude spectra of the given images, (ii) transform the coordinate system of amplitude spectra from Cartesian coordinates to polar coordinates, and (iii) estimate the translational displacement between the polar-mapped amplitude spectra to obtain the rotation angle. While the conventional approach is to employ 2D POC for high-accuracy displacement estimation in (iii), this paper proposes the use of 1D POC with an adaptive line selection scheme. The proposed technique makes possible to improve the accuracy of rotation estimation for low contrast images of artificial objects with regular geometric shapes and to reduce the total computation cost by 50%.

A Variable Step Size Algorithm for Speech Noise Reduction Method Based on Noise Reconstruction System

We have proposed a noise reduction method based on a noise reconstruction system (NRS). The NRS uses a linear prediction error filter (LPEF) and a noise reconstruction filter (NRF) which estimates background noise by system identification. In case a fixed step size for updating tap coefficients of the NRF is used, it is difficult to reduce background noise while maintaining the high quality of enhanced speech. In order to solve the problem, a variable step size is proposed. It makes use of cross-correlation between an input signal and an enhanced speech signal. In a speech section, a variable step size becomes small so as not to estimate speech, on the other hand, large to track the background noise in a non-speech section.

Sliding Mode Control of a Class of Uncertain Nonlinear Time-Delay Systems Using LMI and TS Recurrent Fuzzy Neural Network

This paper proposes the sliding mode control using LMI techniques and adaptive recurrent fuzzy neural network (RFNN) for a class of uncertain nonlinear time-delay systems. First, a novel TS recurrent fuzzy neural network (TS-RFNN) is developed to provide more flexible and powerful compensation of system uncertainty. Then, the TS-RFNN based sliding model control is proposed for uncertain time-delay systems. In detail, sliding surface design is derived to cope with the non-Isidori-Bynes canonical form of dynamics, unknown delay time, and mismatched uncertainties. Based on the Lyapunov-Krasoviskii method, the asymptotic stability condition of the sliding motion is formulated into solving a Linear Matrix Inequality (LMI) problem which is independent on the time-varying delay. Furthermore, the input coupling uncertainty is also taken into our consideration. The overall controlled system achieves asymptotic stability even if considering poor modeling. The contributions include: i) asymptotic sliding surface is designed from solving a simple and legible delay-independent LMI; and ii) the TS-RFNN is more realizable (due to fewer fuzzy rules being used). Finally, simulation results demonstrate the validity of the proposed control scheme.

Link of Data Synchronization to Self-Organizing Map Algorithm

We have recently developed a method for feature extraction from multivariate data using an analogue of Kuramoto's dynamics for modeling collective synchronization in a network of coupled phase oscillators. In our method, which we call data synchronization, phase oscillators carrying multivariate data in their natural and updated rhythms achieve partial synchronizations. Their common rhythms are interpreted as the template vectors representing the general features of the data set. In this study, we discuss the link of data synchronization to the self-organizing map algorithm as a popular method for data mining and show through numerical experiments how our method can overcome the disadvantages of the self-organizing map algorithm in that unintentional selections of inappropriate reference vectors lead to false feature patterns.

Transitional Dynamics and Quasi-Periodic Solution Observed in Two Asymmetrical Coupled Oscillators

In this paper, we investigate the transitional dynamics and quasi-periodic solution appearing after the Saddle-Node (SN) bifurcation of a periodic solution in an inductor-coupled asymmetrical van der Pol oscillators with hard-type nonlinearity. In particular, we elucidate, by investigating global bifurcation of unstable manifold (UM) of saddles, that transitional dynamics and quasi-periodic solution after the SN bifurcation appear based on different structure of UM.

VLSI Implementation of a VC-1 Main Profile Decoder for HD Video Applications

In this paper, we present a high-performance VC-1 main-profile decoder for high-definition (HD) video applications, which can decode HD 720p video streams with 30fps at 80MHz. We implemented the decoder with a one-poly eight-metal 0.13μm CMOS process, which contains about 261, 900 logic gates and on-chip memories of 13.9KB SRAM and 13.1KB ROM and occupies an area of about 5.1mm². In designing the VC-1 decoder, we used a template-based SoC design flow, with which we performed the design space exploration of the decoder by trying various configurations of communication channels. Moreover, we also describe architectures of the computation blocks optimized to satisfy the requirements of VC-1 HD applications.

New Families of Binary Sequences with Low Correlation and Large Size

In this paper, for odd n and any k with gcd(n, k) = 1, new binary sequence families S^k of period 2ⁿ-1 are constructed. These families have maximum correlation $1+2^{n+3\\over 2}$, family size 2²ⁿ+2ⁿ+1 and maximum linear span $n(n+1)\\over 2$. The correlation distribution of S^k is completely determined as well. Compared with the modified Gold codes with the same family size, the proposed families have the same period and correlation properties, but larger linear span. As good candidates with low correlation and large family size, the new families contain the Gold sequences and the Gold-like sequences. Furthermore, S^k includes a subfamily $\\mathcal{S}^k_1$ which has the same period, correlation distribution, family size and linear span as the family So(2) recently constructed by Yu and Gong. In particular, when k=1, $\\mathcal{S}^k_1$ is exactly So(2).

Interference Canceller Based on Cycle-and-Add Property for Single User Detection in DS-CDMA

In this paper, performance of a novel interference cancellation technique for the single user detection in a direct-sequence code-division multiple access (DS-CDMA) system has been investigated. This new algorithm is based on the Cycle-and-Add property of PN (Pseudorandom Noise) sequences and can be applied for both synchronous and asynchronous systems. The proposed strategy provides a simple method that can delete interference signals one by one in spite of the power levels of interferences. Therefore, it is possible to overcome the near-far problem (NFP) in a successive manner without using transmit power control (TPC) techniques. The validity of the proposed procedure is corroborated by computer simulations in additive white Gaussian noise (AWGN) and frequency-nonselective fading channels. Performance results indicate that the proposed receiver outperforms the conventional receiver and, in many cases, it does so with a considerable gain.

A Design Method for Separable-Denominator 2D IIR Filters with a Necessary and Sufficient Stability Check

In this paper, we propose designing method for separable-denominator two-dimensional Infinite Impulse Response (IIR) filters (separable 2D IIR filters) by Successive Projection (SP) methods using the stability criteria based on the system matrix. It is generally known that separable 2D IIR filters are stable if and only if each of the denominators is stable. Therefore, the stability criteria of 1D IIR filters can be used for separable 2D IIR filters. The stability criteria based on the system matrix are a necessary and sufficient condition to guarantee stability in 1D IIR filters. Therefore, separable 2D IIR filters obtained by the proposed design method have a smaller error ripple than those obtained by the conventional design method using the stability criterion of Rouché's theorem.

A Variable Error Data Normalized Step-Size LMS Adaptive Filter Algorithm: Analysis and Simulations

This paper investigates noise reduction performance and performs convergence analysis of a Variable Error Data Normalized Step-Size Least Mean Square (VEDNSS LMS) algorithm. Adopting VEDNSS LMS provides fast convergence at early stages of adaptation while ensuring small final misadjustment. An analysis of convergence and steady-state performance for zero-mean Gaussian inputs is provided. Simulation results comparing the proposed algorithm to existing algorithms indicate its superior performance under various noise and frequency environments.

A New Steering Law with Designated Direction Escape (DDE) for Control Moment Gyros

In this letter we provide a steering law for redundant single-gimbal control moment gyros. The proposed steering law is an extended version of the singular direction avoidance (SDA) steering law based on the singular value decomposition (SVD). All internal singularities are escapable for any non-zero constant torque command using the proposed steering law.

Serial-Parallel Content Addressable Memory with a Conditional Driver (SPCwCD)

In this paper, a novel content addressable memory (CAM) structure is proposed to improve the performance of a static divided word matching (SDWM) CAM. In the SDWM CAM, a small pmos has to be used to keep a noise margin, but it degrades performance significantly. To resolve this problem, a conditional driver is introduced in the proposed serial-parallel CAM. Performance is improved by 28.0% without additional power consumption at a cost of about 5.6% increased area when the total bit number is 32 with four series bits and 30% of VDD is allowed as noise.

Analysis of Revocable-iff-Linked Ring Signature Scheme

In a linkable ring signature scheme, a signer himself selects a set of parties called a “ring” and signs the messages on behalf of the ring. Any party can know whether or not the ring signatures are made by the same signer, although the party cannot know the identity of the actual signer. Au, Liu, Susilo, and Yuen proposed an ID-based linkable ring signature scheme and an ID-based revocable-iff-linked ring signature scheme. With a revocable-iff-linked ring signature scheme, any party can recover the identity of the signer, if the signer makes two or more ring signatures. In this paper, we show that Au et al.'s revocable-iff-linked ring signature scheme does not provide anonymity, even if the signer makes only one ring signature. Anonymity is one of the most basic security requirements of ring signatures.

Simple Remarks on Carmichael Numbers

An odd composite number n for which a^n-1 ≡ 1 (mod n) for all integers a coprime to n is called a Carmichael number. This paper shows that some class of Carmichael numbers which have relatively large prime factors can be recognized in deterministic polynomial time under the assumption of the Extended Riemann Hypothesis (ERH). Also some related problems are discussed.

Security Analysis of a Multi-Receiver Identity-Based Key Encapsulation Mechanism

In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

A Simple Expression of BER Performance in COFDM Systems over Fading Channels

Both adaptive modulation and diversity combining are attractive techniques to combat fading and these two can be applicable to each digital-modulated symbol in OFDM transmission. In this letter, aiming to combat severe fading more effectively than the adaptive modulation, we theoretically analyze the benefit of a frequency diversity scheme within one OFDM symbol, which is a simple kind of coded OFDM (COFDM) based on IEEE 802.16 protocols. A simple closed form equation of bit error rate (BER) is derived, and then the advantages of correlated diversity gain and interference suppression by the diversity scheme are verified by both theoretical analysis and Monte Carlo simulation.

A Robust Detection in the Case of Strong Narrowband Jammer with Unknown Nonstationary Power

We present likelihood-ratio test (LRT) for detecting a signal in the presence of a known colored clutter, a white noise and a strong jammer with unknown nonstationary power. We have suggested the test allowing to remove completely all components of the jammer. It has been obtained the asymptotic inverse covariance matrix of the clutter with the jammer when the jammer power tends to infinite. Using this formula we developed the asymptotic LRT detection test. The performance of the new test statistic is analyzed and compared with well known eigencanceler-based detector. The effect of the jammer removing on the performance is evaluated for an example scenario.

On Some Properties of M-Ary Sidel'nikov Sequences

In this letter, we enumerate the number of cyclically inequivalent M-ary Sidel'nikov sequences of given length as well as the number of distinct autocorrelation distributions that they can have, while we change the primitive element for generating the sequence.