Shigeo Tsujii

A fast algorithm for computing multiplicative inverses in GF(2 m ) using normal bases

Abstract This paper proposes a fast algorithm for computing multiplicative inverses in GF(2 m ) using normal bases. Normal bases have the following useful property: In the case that an element x in GF(2 m ) is represented by normal bases, 2 k power operation of an element x in GF(2 m ) can be carried out by k times cyclic shift of its vector representation. C. C. Wang et al. proposed an algorithm for computing multiplicative inverses using normal bases, which requires ( m − 2) multiplications in GF(2 m ) and ( m − 1) cyclic shifts. The fast algorithm proposed in this paper also uses normal bases, and computes multiplicative inverses iterating multiplications in GF(2 m ). It requires at most 2[log 2 ( m − 1)] multiplications in GF(2 m ) and ( m − 1) cyclic shifts, which are much less than those required in the Wangs method. The same idea of the proposed fast algorithm is applicable to the general power operation in GF(2 m ) and the computation of multiplicative inverses in GF( q m ) ( q = 2 n ).

Structure of parallel multipliers for a class of fields GF(2 m )

Abstract This paper presents a configuration of parallel multipliers for GF (2 m ) based on canonical bases. The possible parallel multipliers by the proposed configuration are limited to a class of fields GF (2 m ). However they can be constructed by O(m 2 ) AND-gates and O(m 2 ) EOR-gates with the structural modularity (this is a desirable feature for the hardware implementation), and their operation time is about (log m ) T , where m is the dimension of GF (2 m ) and T is the delay time of an EOR-gate. In order to construct such parallel multipliers, we define two types of polynomials of special form over GF (2), one is called all one polynomial (denoted by AOP) and the other is called equally spaced polynomial (denoted by ESP). Furthermore, we show a necessary and sufficient condition for ESPs to be irreducible over GF (2) and the uniqueness of the irreducible ESPs over GF (2). Finally, we propose the configuration of parallel multipliers for a class of fields GF (2 m ) based on irreducible AOPs and ESPs over GF (2).

An ID-based cryptosystem based on the discrete logarithm problem

In a modern network system, data security technologies such as cryptosystems, signature schemes, etc., are indispensable for reliable data transmission. In particular, for a large-scale network, ID-based systems such as the ID-based cryptosystem, the ID-based signature scheme, or the ID-based key distribution system are among the better countermeasures for establishing efficient and secure data transmission systems. The concept of an ID-based cryptosystem has been proposed by A. S?hamir (1985), and it is advantageous to public-key cryptosystems because a large public-key file is not required for such a system. An ID-based cryptosystem based on the discrete logarithm problem is proposed which is one of the earliest realizations in Shamirs sense. The security against a conspiracy of some entities in the proposed system is considered, along with the possibility of establishing a more secure system. >

A system identification algorithm using orthogonal functions

An adaptive filter (ADF) structure is proposed for applications in which large-order ADFs are required. It is based on modeling the impulse response of the system to be identified as a linear combination of a set of discrete Legendre orthogonal functions. The proposed adaptive filter structure has desirable stability features and a unimodal mean-square error surface as well as a modular structure that permits an easy increase of the filter order without changing the previous stages. Computer simulations in which the proposed structure is used to identify actual acoustic echo path impulse responses show that the Legendre ADF has better convergence performance than the transversal ADF when identifying systems with long impulse response. >

An Improved Baby Step Giant Step Algorithm for Point Counting of Hyperelliptic Curves over Finite Fields

Counting the number of points of Jacobian varieties of hyperelliptic curves over finite fields is necessary for construction of hyperelliptic curve cryptosystems. Recently Gaudry and Harley proposed a practical algorithm for point counting of hyperelliptic curves. Their algorithm consists of two parts: firstly to compute the residue modulo an integer m of the order of a given Jacobian variety, and then search for the order by a square-root algorithm. In particular, the parallelized Pollards lambda-method was used as the square-root algorithm, which took 50CPU days to compute an order of 127 bits.This paper shows a new variation of the baby step giant step algorithm to improve the square-root algorithm part in the Gaudry-Harley algorithm. With knowledge of the residue modulo m of the characteristic polynomial of the Frobenius endomorphism of a Jacobian variety, the proposed algorithm provides a speed up by a factor m, instead of ?m in square-root algorithms. Moreover, implementation results of the proposed algorithm is presented including a 135-bit prime order computed in 16 hours on Alpha 21264/667MHz.

General public key residue cryptosystems and mental poker protocols

This paper presents a general method how to construct public key cryptosystems based on the r-th residue problem. Based on the proposed method, we present the first mental poker protocol which can shuffle any set of cards. Its fault tolerant version is given, too. An efficient zero knowledge interactive proof system for quadratic non-residuosity is also shown.

Nonperfect Secret Sharing Schemes

A nonperfect secret sharing scheme (NSS) consists of a family of access subsets Γ1, a family of semi-access subsets Γ2 and a family of non-access subsets Γ3. In an NSS, it is possible that ¦Vi¦<¦S¦, where ¦Vi¦ is the size of the share and ¦S¦ is the size of the secret. This paper characterizes nonperfect secret sharing schemes. First, we show that (Γ1, Γ2, Γ3) is realizable if and only if Γ1 is monotone and Γ1 ∪ Γ2 is monotone. Then, we derive a lower bound of ¦Vi¦ in terms of a distance between Γ1 and Γ3. Finally, we show a condition for (Γ1, Γ2, Γ3) to achieve ¦V i ¦=¦S¦/2 for all i.

Design of Elliptic Curves with Controllable Lower Boundary of Extension Degree for Reduction Attacks

In this paper, we present a design strategy of elliptic curves whose extension degrees needed for reduction attacks have a controllable lower boundary, based on the complex multiplication fields method of Atkin and Morain over prime fields.

Proposal of a signature scheme based on STS trapdoor

A New digital signature scheme based on Stepwise Triangular Scheme (STS) is proposed. The proposed trapdoor has resolved the vulnerability of STS and secure against both Grobner Bases and Rank Attacks. In addition, as a basic trapdoor, it is more efficient than the existing systems. With the efficient implementation, the Multivariate Public Key Cryptosystems (MPKC) signature public key has the signature longer than the message by less than 25 %, for example.

Robust Noise Suppression Algorithm with the Kalman Filter Theory for White and Colored Disturbance

We propose a noise suppression algorithm with the Kalman filter theory. The algorithm aims to achieve robust noise suppression for the additive white and colored disturbance from the canonical state space models with (i) a state equation composed of the speech signal and (ii) an observation equation composed of the speech signal and additive noise. The remarkable features of the proposed algorithm are (1) applied to adaptive white and colored noises where the additive colored noise uses babble noise, (2) realization of high performance noise suppression without sacrificing high quality of the speech signal despite simple noise suppression using only the Kalman filter algorithm, while many conventional methods based on the Kalman filter theory usually perform the noise suppression using the parameter estimation algorithm of AR (auto-regressive) system and the Kalman filter algorithm. We show the effectiveness of the proposed method, which utilizes the Kalman filter theory for the proposed canonical state space model with the colored driving source, using numerical results and subjective evaluation results.