This paper proposes an electronic soccer lottery protocol suitable for the Internet environment. Recently, protocols based on public-key schemes such as digital signature have been proposed for electronic voting systems or other similar systems. For a soccer lottery system in particular, it is important to reduce the computational complexity and the amount of communication data required, because we must expect that a large number of tickets will be purchased simultaneously. These problems can be solved by introducing hash functions as the core of protocol. This paper shows a practical soccer lottery system based on bit commitment and hash functions, in which the privacy of prize-winners is protected and illegal acts by the lottery promoter or lottery ticket shops can be revealed.

A new cipher scheme is created based on the cryptographic algorithm FEAL. This scheme can realize cipher functions with speeds of up to 1 Gbits/s. FEAL can efficiently randomize messages (plaintext) to cryptograms (ciphertext). Moreover, FEAL provides for compact software implementation and can yield the different security levels demanded by users. FEAL is implemented means of a 400-byte program on a microprocessor; processing speeds are in excess of 64 kbits/s. For higher-speed applications, a FEAL-LSI is developed which can be combined to form multiple FEAL-LSI machines. This paper presents hardware methods to construct a high-speed low-cost encipherment LSI together with a faulttolerant encipherment equipment set that employs a parallel configuration and multiple custom LSIs. Prototype FEAL-LSIs are tested and an equipment set using five FEAL-LSIs is constructed. Measured throughputs of the LSI and the set are 96 Mbits/s and 320 Mbits/s, respectively.

The well-known closure tests, the cycling closure test (CCT) and the meet-in-the-middle closure test (MCT), were introduced by Kaliski, Rivest and Sherman to analyze the algebraic properties of cryptosystems, and CCT indicates that DES is not closed. Though Coppersmith presented that DES can be proved not to be closed by a particular way, the closure tests can check various kinds of cryptosystems generally. Thus, successors to MCT and CCT have been proposed at CRYPTO. This paper expands the MCT successor, the switching closure test (SCT), to apply to the DES-like cryptosystems, and shows that this SCT variant is more efficient than the closure test proposed at CRYPTO'92, because the SCT variant establishes a better relationship between the computation cost and the probability of error (the evaluation index). The MCT successors are more important than the CCTs, because the MCTs can directly break closed cryptosystemes. Therefore, if you want to detect the closure property of cryptosystems generally, the SCT variant is better.

This paper presents an efficient multi-precision modular-multiplication algorithm which minimizes the calculation RAM space required when implementing public-key schemes with software on general-purpose computers including smart cards and personal computers. Many modular-multiplication algorithms cannot be efficiently realized on small systems due to their high RAM consumption. The Montgomery algorithm, which can rapidly perform modular multiplication, has received a lot of attention. Unfortunately, the Montgomery algorithm is difficult to implement, especially in smart cards which have extremely limited RAM space. Furthermore, when the modulus of modular multiplication is frequently changed, or when the number of permissible repeated modular multiplications is small, pre- and post-processing operations such as conversion from/to the Montgomery space become wasteful. The proposed algorithm avoids these problems because it requires only half the RAM space and no pre- and post-processing operations. The algorithm is a radical extension to the approximation methods that use the most significant bits and our newly proposed lookahead determination method. This paper gives a proof of the completeness of this method, describes implementation results using a smart card, introduces a theory supported by the results, and considers the optimal technique to enhance the speed of this method.

This paper proposes to apply random mapping methods of a pseudo random function to find collisions of a hash function. We test a hash function including a block cipher (see ISO/IEC 10118-2) with computers, where users can select its initial vector. In particular, the paper shows that a hash function with multiple stages generates a lot of collision hash values, so our probabilistic consideration of a small model for the hash function well explains the computational results. We show that it's feasible to find collisions between the selected messages in advance for 64-bit-size hash functions with WSs linked via an ordinary LAN (Local Area Network). Thus, it is dangerous to use the hash function -- single block mode -- defined in [6] and [7].

Speeding up modular inversion is one of the most important subjects in the field of information security. Over the elliptic curve -- on the prime finite field in particular goals -- public-key cryptosystems and digital signature schemes frequently use modular inversion if affine coordinates are selected. In the regular computer environment, most data transmission via networks and data storage on memories as well as the operation set of processors are performed in multiples of eight bits or bytes. A fast modular multiplication algorithm that matches these operation units for DSP was proposed to accelerate the Montgomery method by Dusse and Kaliski. However, modular inversion algorithms were developed using bit by bit operation and so do not match the operation unit. This paper proposes two techniques for modular inversion that suits any arbitrary processing unit. The first technique proposes a new extended GCD procedure without any division. It can be constructed by the shifting, adding and multiplying operations, all of which a Montgomery modular arithmetic algorithm employs. The second technique can reduce the delay time of post processing in the modular inversion algorithm. In particular, it is of great use for the modular inversion defined in the Montgomery representation. These proposed techniques make modular inversion about 5. 5 times faster.

This paper proposes an extended variant of the method by Brickel et al. for multiple scalar multiplication over an elliptic curve. In smartcard environments, the proposed method is superior to conventional methods. In particular, when the typical number of bases t=2, the proposed method is four times faster than the simultaneous multiple exponentiation method, a well known fast method for multiple scalar multiplication. Furthermore, the proposed method can change the amount of time and memory to fit various platform environment (e.g., personal computers as rich ones or mobile devices such as smartcards as poor ones) by adjusting the division bit width (division unit).

A method for the solution of the discontinuity problem of SH-type modes in a piezoelectric plate waveguide of crystal symmetry 6 mm is described. The approach is a combination of the finite-element and the analytical method. This method can also be applied to the discontinuity problem of SH-type piezoelectric surface modes by increasing the plate-thickness. The numerical examples on the reflection, transmission and bulk wave scattering of Bleustein-Gulyaev waves by a groove, a rib and an overlay in an oversize piezoelectric plate waveguide are given.

A closure test MCT (meet-in-the-middle closure test) has been introduced to analyze the algebraic properties of cryptosystems. Since MCT needs a large amount of memory, it is hard to implement with an ordinary meet-in-the-middle method. As a feasible version of MCT, this paper presents a switching closure test SCT based on a new memoryless meet-in-the-middle method. To achieve the memoryless method, appropriate techniques, such as expansion of cycling detection methods for one function into a method for two functions and an efficient intersection search method that uses only a small amount of memory, are effectively used.

As one form of electronic commerce, the scale of online trading in stocks is rapidly growing. Although brokers lie between the customers as trustees in the current market, retrenchment of broker seems inevitable. This paper proposes a protocol that allows trading to proceed with only the market and the customers. We show the required characteristics for this type of trading at first. Next, to fulfil these characteristics, we apply an electronic auction protocol and digital signatures. The result is a trading protocol with security equivalent to that the current trading system.

Digital signature is by far one of the most important cryptographic techniques used in the e-government and e-commerce applications. It provides authentication of senders or receivers and offers non-repudiation of transmission (senders cannot deny their digital signature in the signed documents and the document cannot be altered in transmission without being detected). This paper presents our implementation results of digital signature algorithms on IC cards by using byte-unit modular arithmetic algorithm method. We evaluated the performance of well-known ESIGN and RSA digital signature algorithms on the dedicated IC card chips and showed that ESIGN is more efficient than RSA.

A new compact modular-multiplication algorithm is proposed. The throughput of the algorithm is about twice as fast as conventional ones by spending the same amount of hardware. Thus, this algorithm allows a 512-bit modular multiplier to be made with about 50 Kgates by using a conventional LSI technology. The throughput of 512-bit modular exponentiation using it will be about 80 kbits/s at a 30 MHz clock.

A new approach for electronic sealed-bid auctions that preserve the privacy of losing bids is presented. It reduces the number of operations performed by the auctioneers to O(log ); previous protocols require O(N ) or O(N log ) where the number of bidders is N and that of available bidding prices is . Namely, the number of auctioneers' operations in our auction protocol is independent of the number of bidders. This feature offers strong advantages in massive auctions. We also propose a new scheme that checks the equality of two values without disclosing them. The scheme enhances our basic auction protocol, in terms of security and communication costs.

The need for electronic sealed-bid auction services with quantitative competition is increasing. This paper proposes a new method that combines one-way functions and a bit commitment technique for quantitative competitive sealed-bid auctions. Since each modular exponentiation is replaced with a one-way function, the proposed method's computational time is one forty thousandth that of the former methods and the proposed method suits mass bidder systems.

This study proposes a Peak-to-Average Power Ratio (PAPR) reduction method using an adaptive Finite Impulse Response (FIR) filter in Orthogonal Frequency Division Multiplexing systems. At the transmitter, an iterative algorithm that minimizes the p-norm of a transmitted signal vector is used to update the weight coefficients of the FIR filter to reduce PAPR. At the receiver, the FIR filter used at the transmitter is estimated using pilot symbols, and its effect can be compensated for by using an equalizer for proper demodulation. Simulation results show that the proposed method is superior to conventional methods in terms of the PAPR reduction and computational complexity. It also shows that the proposed method has a trade-off between PAPR reduction and bit error rate performance.