Jinhui CHAO Kenji MINOWA Shigeo TSUJII
The self-organization rule of planar neural networks has been proposed for learning of 2D distributions. However, it cannot be applied to 3D objects. In this paper, we propose a new model for global representation of the 3D objects. Based on this model, global topology reserving self-organization is achieved using parallel local competitive learning rule such as Kohonen's maps. The proposed model is able to represent the objects distributively and easily accommodate local features.
Kaoru KUROSAWA Wakaha OGATA Shigeo TSUJII
In this paper, we consider ZKIPs for promise problems. A promise problem is a pair of predicates (Q,R). A Turning machine T solves the promise problem (Q,R) if, for every x satisfying Q(x), machine T halts and it answers "yes" iff R(x). When ¬Q (x), we do not care what T does. First, we define "promised BPP" which is a promise problem version of BPP. Then, we prove that a promise problem (Q,R) has a 3-move interactive proof system which is black-box simulation zero knowledge if and only if (Q,R) ∈ promised BPP. Next, we show a "4-move" perfect ZKIPs (black-box simulation) for a promise problem of Quadratic Residuosity and that of Blum Numbers under no cryptographic assumption.
Nari TANABE Toshihiro FURUKAWA Shigeo TSUJII
We propose a noise suppression algorithm with the Kalman filter theory. The algorithm aims to achieve robust noise suppression for the additive white and colored disturbance from the canonical state space models with (i) a state equation composed of the speech signal and (ii) an observation equation composed of the speech signal and additive noise. The remarkable features of the proposed algorithm are (1) applied to adaptive white and colored noises where the additive colored noise uses babble noise, (2) realization of high performance noise suppression without sacrificing high quality of the speech signal despite simple noise suppression using only the Kalman filter algorithm, while many conventional methods based on the Kalman filter theory usually perform the noise suppression using the parameter estimation algorithm of AR (auto-regressive) system and the Kalman filter algorithm. We show the effectiveness of the proposed method, which utilizes the Kalman filter theory for the proposed canonical state space model with the colored driving source, using numerical results and subjective evaluation results.
Masaki GONDA Kazuto MATSUO Kazumaro AOKI Jinhui CHAO Shigeo TSUJII
Genus 3 hyperelliptic curve cryptosystems are capable of fast-encryption on a 64-bit CPU, because a 56-bit field is enough for their definition fields. Recently, Kuroki et al. proposed an extension of the Harley algorithm, which had been known as the fastest addition algorithm of divisor classes on genus 2 hyperelliptic curves, on genus 3 hyperelliptic curves and Pelzl et al. improved the algorithm. This paper shows an improvement of the Harley algorithm on genus 3 hyperelliptic curves using Toom's multiplication. The proposed algorithm takes only I + 70M for an addition and I + 71M for a doubling instead of I + 76M and I + 74M respectively, which are the best possible of the previous works, where I and M denote the required time for an inversion and a multiplication over the definition field respectively. This paper also shows 2 variations of the proposed algorithm in order to adapt the algorithm to various platforms. Moreover this paper discusses finite field arithmetic suitable for genus 3 hyperelliptic curve cryptosystems and shows implementation results of the proposed algorithms on a 64-bit CPU. The implementation results show a 160-bit scalar multiplication can be done within 172 µs on a 64-bit CPU Alpha EV68 1.25 GHz.
Tsutomu IIJIMA Mahoro SHIMURA Jinhui CHAO Shigeo TSUJII
The Weil descent attack, suggested by Frey, has been implemented by Gaudry, Hess and Smart (the so-called GHS attack) on elliptic curves over finite fields of characteristic two and with composite extension degrees. Recently, Diem presented a general treatment of the GHS attack to hyperelliptic curves over finite fields of arbitrary odd characteristics. This paper shows that Diem's approach can be extended to curves of which the function fields are cyclic Galois extensions. In particular, we show the existence of GHS Weil restriction, triviality of the kernel of GHS conorm-norm homomorphism, and lower/upper bounds of genera of the resulting curves.
Shigeo TSUJII Kohtaro TADAKI Ryou FUJITA
It is widely believed to take exponential time to find a solution of a system of random multivariate polynomials because of the NP-completeness of such a task. On the other hand, in most of multivariate public key cryptosystems proposed so far, the computational complexity of cryptanalysis is polynomial time due to the trapdoor structure. In this paper, we introduce a new concept, piece in hand (soldiers in hand) matrix, which brings the computational complexity of cryptanalysis of multivariate public key cryptosystems close to exponential time by adding random polynomial terms to original cryptosystems. This is a general concept which can be applicable to any type of multivariate public key cryptosystems for the purpose of enhancing their security. As an implementation of the concept, we propose the linear PH matrix method with random variables. In 2003 Faugere and Joux broke the first HFE challenge (80 bits), where HFE is one of the major variants of multivariate public key cryptosystem, by computing a Grobner basis of the public key of the cryptosystem. We show, in an experimental manner, that the linear PH matrix method with random variables can enhance the security of HFE even against the Grobner basis attack. In what follows, we consider the strength of the linear PH matrix method against other possible attacks.
Masahiro MAMBO Akinori NISHIKAWA Eiji OKAMOTO Shigeo TSUJII
Broadcasting with secrecy of messages is important in a situation such as pay television. In pay television only a broadcasting station broadcasts a message. On the other hand, broadcast communication is also important. Broadcast communication means any user in a whole group can broadcast a message to any subset of the group. In this paper the efficiency of secure broadcast communication is discussed in terms of the length of messages sent and the encryption speed. We prove that the length of the broadcast messages is not kept less than O(n), where n is the number of receivers, when a broadcast system has a form of a single system which is defined as the generalized form of an individual key method and a master key method. In contrast, the proposed secure broadcast communication method, a multi-dimension method, keeps the length of messages sent O(mmn), where m is the number of the dimension used in the multi-dimension method. At the same time the encryption speed was reduced from O(n(log(n+C2)+C3)) of the master key method to O(mn(logmn+C1)) of the multi-dimension method.
Jinhui CHAO Wijak RATANASWAN Shigeo TSUJII
This note presents a new global optimization method and derives a learning schema based on the method for multilayer artificial neural networks. The schema consists of (1) pasting" the admissible region in Rn to a n-D torus Tn and smoothly connecting the potential function at the boundary; (2) global searching along the flow of a nonvanishing vector field on the compact smooth manifold Tn. This flow is featured by the ability of automatically passing through distinct local minima one after another along the negative/positive gradient field. It has also a unit norm everywhere on the Tn, so the searching speed will not slow down in the neighborhood of critical points.
Choonsik PARK Kaoru KUROSAWA Shigeo TSUJII
Mobile communication networks need public key cryptosystems that offer both low computation cost and user authentication. Tatebayashi et al. showed a key distribution protocol for such networks at Crypto'89 based on low exponent RSA. This paper shows that their protocol is not secure. We also present two types of secure and efficient key distribution protocols.
Kaoru KUROSAWA Hirofumi KASAI Shigeo TSUJII
This paper shows a collision free hash function which is based on the r-th residue cryptosystem (not based on the claw free pairs). In the proposed method, finding a collision pair is as hard as factorization.
Shigeo TSUJII Kiyomichi ARAKI Masao KASAHARA Eiji OKAMOTO Ryuichi SAKAI Yasuo MAEDA Tomohiko YAGISAWA
In this paper it is pointed out that although an elegant differential-like approach is developed, Coppersmith' attacking method on NIKS-TAS cannot succeed to forge a shared key of legitimate entities especially when p-1 contains highly composite divisors, as well as decomposibility-hard divisors. This is mainly due to a severe reduction of modulo size. Computer simulation results confirm this assertion. The ambiguity in the solutions to the collusion equations in the first phase can be analyzed by the elementary divisor theory. Moreover, two basis vectors, qi,ri in the second phase, are found to be inadequate to represent the space spanned by xi-yi and ui-vi(i=1,...,N), because qi,ri exist frequently over the space with small modulo size. Then, the erroneous values of αi,βi,...,εi(i=1,...,N) are derived from the inadequate basis vectors, qi,ri. Also, when the degeneracy in modulo size happens, the solutions to αi,βi,...,εi(i=1,...,N) cannot be solved even by means of the exhaustive search over the small prime divisors of p-1.
Hiroshi YAMAGUCHI Atsushi KITAZAWA Hiroshi DOI Kaoru KUROSAWA Shigeo TSUJII
In this paper we present a new, two-centered electronic voting scheme that is capable of preserving privacy, universal verifiability, and robustness. An interesting property of our scheme is the use of double encryption with additive homomorphic encryption functions. In the two-centered scheme, the first center decrypts the ballots, checks the eligibility of the voters, and multiplies each eligible vote, which is still encrypted in the cryptosystem of the second center. After the deadline is reached, the second center obtains the final tally by decrypting the accumulated votes. As such, both centers cannot know the content of any individual vote, as each vote is hidden in the accumulated result, therefore the privacy of the voters is preserved. Our protocols, together with some existing protocols, allow everyone to verify that all valid votes are correctly counted. We apply the r-th residue cryptosystem as the homomorphic encryption function. Although decryption in the r-th residue cryptosystem requires an exhaustive search for all possible values, based on experiments we show that it is possible to achieve desirable performance for large-scale elections.
Shigeo TSUJII Fumiaki MACHIHARA
Nari TANABE Toshihiro FURUKAWA Kohichi SAKANIWA Shigeo TSUJII
We have proposed in [5] a practical blind channel identification algorithm for the white observation noise. In this paper, we examine the effectiveness of the algorithm given in [5] for the colored observation noise. The proposed algorithm utilizes Gram-Schmidt orthogonalization procedure and estimates (1) the channel order, (2) the noise variance and then (3) the channel impulse response with less computational complexity compared to the conventional algorithms using eigenvalue decomposition. It can be shown through numerical examples that the algorithm proposed in [5] is quite effective in the colored noise case.
Norihiro YOSHIDA Suthichai NOPPANAKEEPONG Osamu HIROTA Shigeo TSUJII
In this letter, it is clarified that the quantum noise properties of the linear amplification and locking amplification in the injection locked laser process are different. The noise property of the locking amplification is newly given.
Ping HUANG Jinhui CHAO Shigeo TSUJII
In this paper, a new method for canceling the interchannel interference in the presence of crosstalk is proposed. The cancellation problem is formulated as a system identification problem, and then the transmission path and the interference path of each channel are estimated with the Recursive Prediction Error Method. IIR adaptive filters are used to implement interference cancelers. In addition, this method is shown to be able to apply to the noise canceling problem. The performance of the new method is verified by computer simulations.
Shigeo TSUJII Fumiaki MACHIHARA
Kazuto MATSUO Jinhui CHAO Shigeo TSUJII
Counting the number of points of Jacobian varieties of hyperelliptic curves over finite fields is necessary for construction of hyperelliptic curve cryptosystems. Recently Gaudry and Harley proposed a practical scheme for point counting of hyperelliptic curves. Their scheme consists of two parts: firstly to compute the residue modulo a positive integer m of the order of a given Jacobian variety, and then search for the order by a square-root algorithm. In particular, the parallelized Pollard's lambda-method was used as the square-root algorithm, which took 50CPU days to compute an order of 127 bits. This paper shows a new variation of the baby step giant step algorithm to improve the square-root algorithm part in the Gaudry-Harley scheme. With knowledge of the residue modulo m of the characteristic polynomial of the Frobenius endomorphism of a Jacobian variety, the proposed algorithm provides a speed up by a factor m, instead of in square-root algorithms. Moreover, implementation results of the proposed algorithm is presented including a 135-bit prime order computed about 15 hours on Alpha 21264/667 MHz and a 160-bit order.
Shigeo TSUJII Kohtaro TADAKI Ryo FUJITA Masahito GOTAISHI
Currently there is not any prospect of realizing quantum computers which can compute prime factorization, which RSA relies on, or discrete logarithms, which ElGamal relies on, of practical size. Additionally the rapid growth of Internet of Things (IoT) is requiring practical public key cryptosystems which do not use exponential operation. Therefore we constituted a cryptosystem relying on the difficulty of factoring the product of two large prime numbers, based on the Chinese Remainder Theorem, fully exploiting another strength of MPKC that exponential operation is not necessary. We evaluated its security by performing the Gröbner base attacks with workstations and consequently concluded that it requires computation complexity no less than entirely random quadratic polynomials. Additionally we showed that it is secure against rank attacks since the polynomials of central map are all full rank, assuming the environment of conventional computers.