MDPI AGActa Medica Okayama2410-387X942025Role-Based Efficient Proactive Secret Sharing with User Revocation80ENYixuanHeGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityYutaKoderaGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversitySamsulHudaInterdisciplinary Education and Research Field, Okayama UniversityProactive secret sharing (PSS), an extension of secret-sharing schemes, safeguards sensitive data in dynamic distributed networks by periodically refreshing shares to counter adversarial attacks. In our previous work, we constructed a non-interactive proactive secret scheme by integrating threshold homomorphic encryption (ThHE) while reducing the communication complexity to đ(đ). Not only is refreshing shares important but revoking the shares of users who have left the system is also essential in practical dynamic membership scenarios. However, the previous work was insufficient for supporting explicit user revocation. This study strengthens the description of roles for authorized users and proposes a scheme to achieve non-interactive share refresh and dynamic user management. In each epoch, authorized users are classified into three roles: retain, newly join, and rejoin, and they receive a broadcast of the compact ciphertext encoding both the refresh information and the revocation instructions from the trusted center (dealer). Authorized users independently derive new shares through homomorphic computations, whereas revoked users are unable to generate new shares. Hash functions are used to bind revocation parameters to the cryptographic hashes of valid users in order to guarantee integrity during revocation, allowing for effective verification without compromising non-interactivity. Our new scheme not only extends the revocation structure but also preserves the đ(đ) communication complexity.No potential conflict of interest relevant to this article was reported.MDPI AGActa Medica Okayama1424-822025212025Integrated Authentication Server Design for Efficient KerberosâBlockchain VANET Authentication6651ENMayaRahayuGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityMd. BiplobHossainGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversitySamsulHudaInterdisciplinary Education and Research Field, Okayama UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityVehicular Ad Hoc Network (VANET) is a fundamental component of the intelligent transportation systems (ITS), providing critical road information to users. However, the volatility of VANETs creates significant vulnerabilities from malicious actors. Thus, verifying joining entities is crucial to maintaining the VANETâs communication security. Authentication delays must stay below 100 ms to meet VANET requirements, posing a major challenge for security. Our previous research introduced a KerberosâBlockchain (KBC) authentication system that contains two main components separately: Authentication Server (AS) and Ticket Granting Server (TGS). However, this KBC architecture required an additional server to accommodate increasing vehicle volumes in urban environments, leading to higher infrastructure costs. This paper presents an integrated authentication server that merges AS and TGS into a Combined Server (CBS) while retaining blockchain security. We evaluate it using OMNeT++ with SUMO for traffic simulation and Ganache for blockchain implementation. Results show that CBS removes the need for an extra server while keeping authentication delays under 100 ms. It also improves throughput by 104% and reduces signaling overhead by 45% compared to KBC. By optimizing authentication without compromising security, the integrated server greatly enhances the cost-effectiveness and efficiency of VANET systems.No potential conflict of interest relevant to this article was reported.BON VIEW PUBLISHING PTEActa Medica Okayama2810-9503512025A Study on Zeek IDS Effectiveness for Cybersecurity in Agricultural IoT Networks133142ENSamsulHudaInterdisciplinary Education and Research Field, Okayama UniversityMuhammad BisriMusthafaGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityS. M.ShamimGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityAs agriculture moves toward Agriculture 4.0, which uses Internet of Things (IoT) devices to collect data in real time and monitor things from a distance, these networks are becoming increasingly vulnerable to cyberattacks. A common method used to protect against these kinds of threats is the use of intrusion detection systems (IDS). However, the agricultural environment is often changing and has limited resources, which makes cybersecurity challenging. Several available IDS tools are not designed to work properly in places with few resources, intermittent access, and unpredictable network conditions. This paper investigates the performance of Zeek, an open-source IDS, in identifying potential threats in agricultural IoT networks. We performed both offline and real-time experiments: offline analysis used pcap files from the Stratosphere Laboratory dataset, and real-time evaluation involved simulated live attack scenarios, focusing on unauthorized access attempts and distributed denial-of-service (DDoS) attacks. Zeek's performance was assessed based on CPU and memory utilization, as well as quality of service (QoS) metrics. From the experimental results, we found that Zeek was quite effective in protecting agricultural IoT networks against typical threats. Memory usage remained stable around 5% during offline analysis and under 20% during active attacks. However, CPU usage was more volatile, peaking at 120% during DDoS events. In terms of QoS, the system maintained a good throughput (1,375 kbits/s) with minimal packet loss (0.000186%). Among the attack types that we tested, brute force attacks, which represent attempts at unauthorized access, had the strongest effect on network performance, increasing delay to 2.159 ms and jitter to 0.793 ms. It seems clear that a heavier traffic load during such attacks can interfere with QoS. On the basis of our observation, we recommend practical deployment strategies for agricultural IoT systems that take these limitations into consideration, aiming to keep networks both secure and efficient under pressure.No potential conflict of interest relevant to this article was reported.Institute of Electrical and Electronics Engineers (IEEE)Acta Medica Okayama2169-3536132025Optimized Ensemble Deep Learning for Real-Time Intrusion Detection on Resource-Constrained Raspberry Pi Devices113544113556ENMuhammad BisriMusthafaGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversitySamsulHudaInterdisciplinary Education and Research Field, Okayama UniversityTuy TanNguyenSchool of Informatics, Computing, and Cyber Systems, Northern Arizona UniversityYutaKoderaGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityThe rapid growth of Internet of Things (IoT) networks has increased security risks, making it essential to have effective Intrusion Detection Systems (IDS) for real-time threat detection. Deep learning techniques offer promising solutions for such detection due to their superior complex pattern recognition and anomaly detection capabilities in large datasets. This paper proposes an optimized ensemble-based IDS designed specifically for efficient deployment on edge hardware. However, deploying such computationally intensive models on resource-limited edge devices remains a significant challenge due to model size and computational overhead on devices with limited processing capabilities. Building upon our previously developed stacked Long Short-Term Memory (LSTM) model integrated with ANOVA feature selection, we optimize it by integrating dual-stage model compression: pruning and quantization to create a lightweight model suitable for real-time inference on Raspberry Pi devices. To evaluate the system under realistic conditions, we combined with a Kafka-based testbed to simulate dynamic IoT environments with variable traffic loads, delays, and multiple simultaneous attack sources. This enables the assessment of detection performance under varying traffic volumes, latency, and overlapping attack scenarios. The proposed system maintains high detection performance with accuracy of 97.3% across all test scenarios, while efficiently leveraging multi-core processing with peak CPU usage reaching 111.8%. These results demonstrate the systemâs practical viability for real-time IoT security at the edge.No potential conflict of interest relevant to this article was reported.Institute of Electrical and Electronics Engineers (IEEE)Acta Medica Okayama2169-3536132025Security in Post-Quantum Era: A Comprehensive Survey on Lattice-Based Algorithms8900389024ENHienNguyenSchool of Informatics, Computing, and Cyber Systems, Northern Arizona UniversitySamsulHudaInterdisciplinary Education and Research Field, Okayama UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityTuy TanNguyenSchool of Informatics, Computing, and Cyber Systems, Northern Arizona UniversityLattice-based post-quantum cryptography (PQC) has attracted significant attention as a promising solution to the security challenges posed by quantum computing. Unlike traditional cryptographic algorithms, lattice-based schemes are expected to remain secure even in the presence of quantum attacks, making them essential for securing future data. Despite their strong theoretical foundations, lattice-based schemes face several practical challenges, particularly in optimizing performance and scalability for real-world applications. This survey provides a novel taxonomy that categorizes lattice-based PQC designs, with an emphasis on computational paradigms and security considerations. We systematically evaluate lattice-based PQC implementations across both software platforms, including central processing units and graphics processing units, as well as hardware platforms like field-programmable gate arrays and application-specific integrated circuits, highlighting their strengths and limitations. In addition, we explore the practical applications of lattice-based cryptography in fields such as secure communication, critical infrastructure, privacy-preserving data analytics, artificial intelligence, and trust and authentication systems. By offering a comprehensive overview of the current state of lattice-based PQC, this survey aims to provide valuable insights into the ongoing advancements and future research directions in the field as we transition to a post-quantum era.No potential conflict of interest relevant to this article was reported.MDPIActa Medica Okayama1999-59031732025Facial Privacy Protection with Dynamic Multi-User Access Control for Online Photo Platforms124ENAndriSantosoGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversitySamsulHudaGreen Innovation Center, Okayama UniversityYutaKoderaGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityIn the digital age, sharing moments through photos has become a daily habit. However, every face captured in these photos is vulnerable to unauthorized identification and potential misuse through AI-powered synthetic content generation. Previously, we introduced SnapSafe, a secure system for enabling selective image privacy focusing on facial regions for single-party scenarios. Recognizing that group photos with multiple subjects are a more common scenario, we extend SnapSafe to support multi-user facial privacy protection with dynamic access control designed for online photo platforms. Our approach introduces key splitting for access control, an owner-centric permission system for granting and revoking access to facial regions, and a request-based mechanism allowing subjects to initiate access permissions. These features ensure that facial regions remain protected while maintaining the visibility of non-facial content for general viewing. To ensure reproducibility and isolation, we implemented our solution using Docker containers. Our experimental assessment covered diverse scenarios, categorized as "Single", "Small", "Medium", and "Large", based on the number of faces in the photos. The results demonstrate the system's effectiveness across all test scenarios, consistently performing face encryption operations in under 350 ms and achieving average face decryption times below 286 ms across various group sizes. The key-splitting operations maintained a 100% success rate across all group configurations, while revocation operations were executed efficiently with server processing times remaining under 16 ms. These results validate the system's capability in managing facial privacy while maintaining practical usability in online photo sharing contexts.No potential conflict of interest relevant to this article was reported.MDPIActa Medica Okayama1424-822024232024The Design and Implementation of Kerberos-Blockchain Vehicular Ad-Hoc Networks Authentication Across Diverse Network Scenarios7428ENMayaRahayuGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityMd. BiplobHossainGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversitySamsulHudaGreen Innovation Center, Okayama UniversityYutaKoderaGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityMd. ArshadAliFaculty of CSE, Hajee Mohammad Danesh Science and Technology UniversityYasuyukiNogamiGraduate School of Environmental, Life, Natural Science and Technology, Okayama UniversityVehicular Ad-Hoc Networks (VANETs) play an essential role in the intelligent transportation era, furnishing users with essential roadway data to facilitate optimal route selection and mitigate the risk of accidents. However, the network exposure makes VANETs susceptible to cyber threats, making authentication crucial for ensuring security and integrity. Therefore, joining entity verification is essential to ensure the integrity and security of communication in VANETs. However, to authenticate the entities, authentication time should be minimized to guarantee fast and secure authentication procedures. We propose an authentication system for VANETs using blockchain and Kerberos for storing authentication messages in a blockchain ledger accessible to Trusted Authentication Servers (TASs) and Roadside Units (RSUs). We evaluate the system in three diverse network scenarios: suburban, urban with 1 TAS, and urban with 2 TASs. The findings reveal that this proposal is applicable in diverse network scenarios to fulfill the network requirements, including authentication, handover, and end-to-end delay, considering an additional TAS for an increasing number of vehicles. The system is also practicable in storing the authentication message in blockchain considering the gas values and memory size for all scenarios.No potential conflict of interest relevant to this article was reported.MDPIActa Medica Okayama1424-822022132022A Business-to-Business Collaboration System That Promotes Data Utilization While Encrypting Information on the Blockchain4909ENHiroakiNasuGraduate School of Natural Science and Technology, Okayama UniversityYutaKoderaFaculty of Natural Science and Technology, Okayama UniversityYasuyukiNogamiFaculty of Natural Science and Technology, Okayama UniversityEnsuring the reliability of data gathering from every connected device is an essential issue for promoting the advancement of the next paradigm shift, i.e., Industry 4.0. Blockchain technology is becoming recognized as an advanced tool. However, data collaboration using blockchain has not progressed sufficiently among companies in the industrial supply chain (SC) that handle sensitive data, such as those related to product quality, etc. There are two reasons why data utilization is not sufficiently advanced in the industrial SC. The first is that manufacturing information is top secret. Blockchain mechanisms, such as Bitcoin, which uses PKI, require plaintext to be shared between companies to verify the identity of the company that sent the data. Another is that the merits of data collaboration between companies have not been materialized. To solve these problems, this paper proposes a business-to-business collaboration system using homomorphic encryption and blockchain techniques. Using the proposed system, each company can exchange encrypted confidential information and utilize the data for its own business. In a trial, an equipment manufacturer was able to identify the quality change caused by a decrease in equipment performance as a cryptographic value from blockchain and to identify the change one month earlier without knowing the quality value.No potential conflict of interest relevant to this article was reported.MDPIActa Medica Okayama1099-43002462022Transition Probability Test for an RO-Based Generator and the Relevance between the Randomness and the Number of ROs780ENYutaKoderaGraduate School of Natural Science and Technology, Okayama UniversityRyoichiSatoGraduate School of Natural Science and Technology, Okayama UniversityMd ArshadAliDepartment of Computer Science and Engineering, Hajee Mohammad Danesh Science and Technology University (HSTU)TakuyaKusakaGraduate School of Natural Science and Technology, Okayama UniversityYasuyukiNogamiGraduate School of Natural Science and Technology, Okayama UniversityA ring oscillator is a well-known circuit used for generating random numbers, and interested readers can find many research results concerning the evaluation of the randomness with a packaged test suit. However, the authors think there is room for evaluating the unpredictability of a sequence from another viewpoint. In this paper, the authors focus on Wold's RO-based generator and propose a statistical test to numerically evaluate the randomness of the RO-based generator. The test adopts the state transition probabilities in a Markov process and is designed to check the uniformity of the probabilities based on hypothesis testing. As a result, it is found that the RO-based generator yields a biased output from the viewpoint of the transition probability if the number of ROs is small. More precisely, the transitions 01 -> 01 and 11 -> 11 happen frequently when the number l of ROs is less than or equal to 10. In this sense, l > 10 is recommended for use in any application, though a packaged test suit is passed. Thus, the authors believe that the proposed test contributes to evaluating the unpredictability of a sequence when used together with available statistical test suits, such as NIST SP800-22.No potential conflict of interest relevant to this article was reported.MDPIActa Medica Okayama1099-43002392021Consideration for Affects of an XOR in a Random Number Generator Using Ring Oscillators1168ENRyoichiSatoGraduate School of Natural Science and Technology, Okayama UniversityYutaKoderaGraduate School of Natural Science and Technology, Okayama UniversityMd. ArshadAliDepartment of Computer Science and Engineering, Hajee Mohammad Danesh Science and Technology University (HSTU)TakuyaKusakaGraduate School of Natural Science and Technology, Okayama UniversityYasuyukiNogamiGraduate School of Natural Science and Technology, Okayama UniversityRobert H.Morelos-ZaragozaDepartment of Electrical Engineering, San JosĂŠ State UniversityA cloud service to offer entropy has been paid much attention to. As one of the entropy sources, a physical random number generator is used as a true random number generator, relying on its irreproducibility. This paper focuses on a physical random number generator using a field-programmable gate array as an entropy source by employing ring oscillator circuits as a representative true random number generator. This paper investigates the effects of an XOR gate in the oscillation circuit by observing the output signal period. It aims to reveal the relationship between inputs and the output through the XOR gate in the target generator. The authors conduct two experiments to consider the relevance. It is confirmed that combining two ring oscillators with an XOR gate increases the complexity of the output cycle. In addition, verification using state transitions showed that the probability of the state transitions was evenly distributed by increasing the number of ring oscillator circuits.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115472013Lazy Random Walk Efficient for Pollardâs Rho Methoď˝ Attacking on G3 over Barreto-Naehrig Curve (Corrected)2532ENKentaNekadoYusukeTakaiYasuyukiNogami10.18926/49322Pairingâbased cryptosystems are well implemented with Ateâtype pairing over BarretoâNaehrig (BN)
curve. Then, for instance, their securities depend on the difficulty of Discrete Logarithm Problem (DLP)
on the soâdenoted G3 over BN curve. This paper, in order to faster solve the DLP, first proposes to
utilize Gauss period Normal Basis (GNB) for Pollardâs rho method, and then considers to accelerate the
solving by an adoption of lazy random walk, namely tag tracing technique proposed by Cheon et al.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115472013Representation of Torsion Points on Pairing Curves of Embedding Degree 11924ENYasuyukiNogamiTaichiSumo10.18926/49321Recent efficient pairings such as Ate pairing use two efficient rational point subgroups such that
Ď(P) = P and Ď(Q) = [p]Q, where Ď, p, P, and Q are the Frobenius map for rational point, the
characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not
only pairing but also pairingârelated operations such as scalar multiplications. It holds in the case that
the embedding degree k divides r â 1, where r is the order of torsion rational points. Thus, such a case
has been well studied. Alternatively, this paper focuses on the case that the degree divides r + 1 but
does not divide r â 1. Then, this paper shows a multiplicative representation for râtorsion points based
on the fact that the characteristic polynomial f(Ď) becomes irreducible over Fr for which Ď also plays a
role of variable.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00713722003A Fast Implementation of Elliptic Curve Cryptosystem with Prime Order Defined over F(p8)7387ENYasuyukiNogamiYoshitakaMorikawa10.18926/46982Public key cryptosystem has many uses, such as to sign digitally, to realize electronic commerce. Especially, RSA public key cryptosystem has been the most widely used, but its key for ensuring sufficient security reaches about 2000 bits long. On the other hand, elliptic curve cryptosystem(ECC) has the same security level with about 7-fold smaller length key. Accordingly, ECC has been received much attention and implemented on various processors even with scarce computation resources. In this paper, we deal with an elliptic curve which is defined over extension field F(p2c) and has a prime order, where p is the characteristic and c is a non negative integer. In order to realize a fast software implementation of ECC adopting such an elliptic curve, a fast implementation method of definition field F(p2c) especially F(p8) is proposed by using a technique called successive extension. First, five fast implementation methods of base field F(p2) are introduced. In each base field implementation, calculation costs of F(p2)-arithmetic operations are evaluated by counting the numbers of F(p)-arithmetic operations. Next, a successive extension method which adopts a polynomial basis and a binomial as the modular polynomial is proposed with comparing to a conventional method. Finally, we choose two prime numbers as the characteristic, and consider several implementations for definition field F(p8) by using five base fields and two successive extension methods. Then, one of these implementations is especially selected and implemented on Toshiba 32-bit micro controller TMP94C251(20MHz) by using C language. By evaluating calculation times with comparing to previous works, we conclude that proposed method can achieve a fast implementation of ECC with a prime order.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115452011Squaring Algorithm Efficient for Cubic Extension Field Derived with Pseudo Gauss Period Normal Basis5459ENKentaNekadoYusukeTakaiYasuyukiNogamiYoshitakaMorikawa10.18926/44500Recently, pairingâbased cryptographies have attracted much attention. For fast pairing calculation, not only pairing algorithms but also arithmetic operations in extension field should be efficient. Especially for final exponentiation included in pairing calculation, squaring is more important than multiplication. This paper considers squaring algorithms efficient for cubic extension field which is often used for pairing implementaions.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115452011Ordinary Pairing Friendly Curve of Embedding Degree 1 Whose Order Has Two Large Prime Factors4653ENYasuyukiNogamiErikaYanagiTetsuyaIzutaYoshitakaMorikawa10.18926/44499Recently, composite order pairingâbased cryptographies have received much attention. The composite order needs to be as large as the RSA modulus. Thus, they require a certain pairingâfriendly elliptic curve that has such a large composite order. This paper proposes an efficient algorithm for generating an ordinary pairingâfriendly elliptic curve of the embedding degree 1 whose order has two large prime factors as the RSA modulus. In addition, the generated pairingâfriendly curve has an efficient structure for the GallantâLambertâVanstone (GLV) method.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115442010Ecient Squaring Algorithm for Xate Pairing with Freeman Curve6972ENKentaNekadoHidehiroKatoYasuyukiNogamiYoshitakaMorikawa10.18926/19961Recently, pairingâbased cryptographies have attracted much attention. For fast pairing calculation, not only pairing algorithms but also arithmetic operations in extension field should be efficient. Especially for final exponentiation included in pairing calculation, squaring is more important than multiplication. This paper proposes an efficient squaring algorithm in extension field for Freeman curve.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115442010Ordinary Pairing Friendly Curve of Embedding Degree 3 Whose Order Has Two Large Prime Factors6068ENYasuyukiNogamiYoshitakaMorikawa10.18926/19960This paper proposes a method for generating a certain composite order ordinary pairingâfriendly elliptic curve of embedding degree 3. In detail, the order has two large prime factors such as the modulus of RSA cryptography. The method is based on the property that the order of the target pairingâfriendly curve is given by a polynomial as r(X) of degree 2 with respect to the integer variable X. When the bit size of the prime factors is about 500 bits, the proposed method averagely takes about 15 minutes on Core 2 Quad (2.66Hz) for generating one.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115432009Cost Evaluation of The Improvement of Twisted Ate Pairing That Uses Integer Variable X of Small Hamming Weight113116ENYumiSakemihidehiroKatoYasuyukiNogamiYoshikawaMorikawa10.18926/17853BarretoâNaehrig (BN) curve has been introduced as an efficient pairing-friendly elliptic curve over prime field F(p) whose embedding degree is 12. The characteristic and Frobenius trace are given as polynomials of integer variable X. The authors proposed an improvement of Miller's algorithm of twisted Ate pairing with BN curve by applying X of small hamming weight in ITCâCSCC2008; however, its cost evaluation has not been explicitly shown. This paper shows the detail of the cost evaluation.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115432009Extension Field for Xate Pairing with Freeman Curve108112ENKentaNekadoHidehiroKatoYasuyukiNogamiYoshitakaMorikawa10.18926/17851Recently, pairing-based cryptographies such as ID-based cryptography and group signature have been studied. For fast pairing calculation, not only pairing algorithms but also arithmetic operations in extension field must be efficiently carried out. The authors show efficient arithmetic operations of extension field for Xate pairing especially with Freeman curve.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama1349-6115432009A High-Speed Square Root Algorithm for Extension fields -Especially for Fast Extension Fields-99107ENHidehiroKatoYasuyukiNogamiYoshitakaMorikawa10.18926/17849A square root (SQRT) algorithm in extension field F(p(m))(m = r(0)r(1)シシシr(nâ1)シ2(d), r(i) : odd prime, d : positive integer) is proposed in this paper. First, a conventional SQRT algorithm, the Tonelli-Shanks algorithm, is modified to compute the inverse SQRT in F(p(2d)), where most of the computations are performed in the corresponding subfields F(p(2i)) for 0 ⤠i ⤠d-1. Then the Frobenius mappings with addition chain are adopted for the proposed SQRT algorithm, in which a lot of computations in a given extension field F(p(m)) are also reduced to those in a proper subfield by the norm computations. Those reductions of the field degree increase efficiency in the SQRT implementation. The Tonelli-Shanks algorithm and the proposed algorithm in F(p(6)) and F(p(10)) were implemented on a Core2 (2.66 GHz) using the C++ programming language. The computer simulations showed that, on average, the proposed algorithm accelerated the SQRT computation by 6 times in F(p(6)), and by 10 times in F(p(10)), compared to the Tonelli-Shanks algorithm.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-0071351-22001Determining Minimal Polynomial of Proper Element by Using Higher Degree Traces197205ENYasuyukiNogamiYoshitakaMorikawa10.18926/15380Modern communication engineerings, such as elliptic curve cryptographies, often requires algebra on finite extension field defined by modulus arithmetic with an irreducible polynomial. This paper provides a new method to detemine the minimal (irreducible) polynomial of a given proper element in finite extension field. In the conventional determination method, as we have to solve the simultaneous equations, the computation is very involved. In this paper, the well known "trace" is extended to higher degree traces. Using the new traces, we yield the coefficient formula of the desired minimal polynomial. The new method becomes very simple without solving the simultaneous equations, and about twice faster than the conventional method in computation speed.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00713912005A High-Speed Square Root Computation in Finite Fields with Application to Elliptic Curve Cryptosystem8292ENFengWangYasuyukiNogamiYoshitakaMorikawa10.18926/14157In this paper, we focus on developing a high-speed square root (SQRT) algorithm required for an elliptic curve cryptosystem. Examining Smart algorithm, the previously well-known SQRT algorithm, we can see that there is a lot of computation overlap in Smart algorithm and the quadratic residue (QR) test, which must be implemented prior to a SQRT computation.
It makes Smart algorithm inefficient. The essence of our proposition is thus to present a new QR test and an efficient SQRT algorithm to avoid all the overlapping computations. The authors devised a SQRT algorithm for which most of the data required have been computed in the proposed QR test. Not only there is no computation overlap in the proposed algorithm and the proposed QR test, but also in the proposed algorithm
over GF(p(2)) (4 | p â 1) some computations can be executed in GF(p); whereas in Smart algorithm over GF(p(2)) all the computations must be executed in GF(p(2)). These yield many reductions in the computational time and complexity. We implemented the two QR tests and the two SQRT algorithms over GF(pm) (m=1, 2) in C++ language with NTL (Number
Theory Library) on Pentium4 (2.6GHz), where the size of p is around 160 bits. The computer simulations showed that the proposed QR test and the proposed algorithm over GF(p(m)) were about 2 times faster than the conventional QR test and Smart algorithm over GF(p(m)).No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00713912005A Method for Generating Prime Order Elliptic Curves over F(q(2c))7181ENYasuyukiNogamiYoshitakaMorikawa10.18926/14156This paper proposes an algorithm for generating prime order elliptic curves over extension field whose extension degree is a power of 2. The proposed algorithm is based on the fact that the order of the twisted elliptic curve is able to be a prime number when the extension degree for the twist operation is a power of 2. When the definition field is F(2(40)â87)(4) , the proposed algorithm can generate a prime order elliptic curve within 5 seconds on PentiumIII (800MHz) with C language.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00714012006The Orders of Elliptic Curves y(2) = x(3) + b, b â F(* q)8394ENYasuyukiNogamiYoshitakaMorikawa10.18926/14126This paper particularly deals with elliptic curves in the form of E(x, y) = y(2) â x(3) âb = 0, b â F(* q) , where 3 divides qâ1. In this paper, we refer to the well-known twist technique as x-twist and propose y-twist. By combining x-twist and y-twist, we can consider six elliptic curves and this paper proposes a method to obtain the orders of these six curves by counting only one order among the six curves.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00714112007An Algorithm for Generating Irreducible Cubic Trinomials over Prime Field1119ENYasuyukiNogamiYoshitakaMorikawa10.18926/14080This paper proposes an algorithm for generating irreducible cubic trinomials in the form x(3) + ax + b, b â F(p), where a is a certain fixed non-zero element in the
prime field F(p). The proposed algorithm needs a certain irreducible cubic trinomial over F(p) to be previously given as a generator; however, the proposed algorithm can generate irreducible cubic polynomials one after another by changing a certain parameter in F(p). In this paper, we compare the calculation cost and the average computation time for generating an irreducible cubic polynomial, especially trinomial, among Hiramoto et al. irreducibility testing algorithm, Berlekamp-Massey minimal polynomial determining algorithm, and the proposed algorithm. From
the experimental results, it is shown that the proposed algorithm is the fastest among the three algorithms for generating irreducible cubic trinomials.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00714112007The Number of the Irreducible Cubic Polynomials in the Form of x(3) + ax + b with a Certain Fixed Element a110ENYasuyukiNogamiYoshitakaMorikawa10.18926/14079In this paper, we first show the number of x's such that x(2) +u, u â F(*)(p) , becomes a quadratic residue in F(p), and then this number is proven to be equal to (p+1)/2 if âu is a quadratic residue in Fp, which is a necessary fact for the following. With respect to the irreducible cubic polynomials over Fp in the form of x(3)+ax+b, we give a classification based on the trace of an element in F(p3) and based on whether or not the coefficient of x, i.e. the parameter a, is a quadratic residue in Fp. According
to this classification, we can know the minimal set of the irreducible cubic polynomials, from which all the irreducible cubic polynomials can be generated by using the following two variable transformations: x=x + i, x=jâ1x, i, j â Fp, j â 0. Based on the classification and that necessary fact, we show the number of the irreducible cubic polynomials in the form of x(3)+ax+b, b â F(p), where a is a certain fixed element in F(p).No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00714212008A Method for Checking the Parity of (#Jc - 1)=2 of Genus 2 and 3 Hyperelliptic Curves110114ENYasuyukiNogamiYoshitakaMorikawa10.18926/14071This paper shows a method for checking the parity of (#Jc â 1)/2 without calculating the order #Jc, where #Jc is the order of genus 2 or 3 hyperelliptic curve.No potential conflict of interest relevant to this article was reported.Faculty of Engineering, Okayama UniversityActa Medica Okayama0475-00714212008Fast Exponentiation in Extension Field with Frobenius Mappings3643ENHidehiroKatoKentaNekadoYasuyukiNogamiYoshitakaMorikawa10.18926/14057This paper proposes an exponentiation method with Frobenius mappings. Our method is closely related to so-called interleaving exponentiation. Different from the interleaving exponentiation methods, our method can carry out several exponentiations using same base at the same time. The efficiency to use Frobenius mappings for an exponentiation in extension field is well introduced by Avanzi and Mihailescu. This exponentiation method is based on so-called simultaneous exponentiation and uses many Frobenius mappings. Their method more decreased the number of multiplications; however, the number of Frobenius mappings inversely increased. Compared to their method , the number of multiplications needed for the proposed method becomes about 20% larger; however, that of Frobenius mappings becomes small enough.No potential conflict of interest relevant to this article was reported.