This paper considers the quantum query complexity of ε-biased oracles that return the correct value with probability only 1/2 + ε. In particular, we show a quantum algorithm to compute N-bit OR functions with O(/ε) queries to ε-biased oracles. This improves the known upper bound of O(/ε2) and matches the known lower bound; we answer the conjecture raised by the paper [1] affirmatively. We also show a quantum algorithm to cope with the situation in which we have no knowledge about the value of ε. This contrasts with the corresponding classical situation, where it is almost hopeless to construct a bounded error algorithm without knowing the value of ε.

We study on the security proof of the improved efficient-Rabin (ERabin) scheme and the F-FDHS scheme. First, we show that the security theorem of the improved ERabin scheme is not correct, and then provide a correct theorem for it. Second, we show that the security theorem of the F-FDHS scheme lacks an assumption. Finally, we present a way to modify the improved ERabin scheme and the F-FDHS scheme.

Ring signature scheme enables a signer to sign a message anonymously. In the ring signature scheme, the signer who wants to sign a document anonymously first chooses some public keys of entities (signers) and then generates a signature which ensures that one of the signer or entities signs the document. In some situations, however, the ring signature scheme allows the signer to shift the blame to victims because of the anonymity. The group signature scheme may be a solution for the problem; however, it needs an electronic big brother, called a group manager, who can violate the signer anonymity by himself, and a complicated key setting. This paper introduces a new notion of a signature scheme with signer anonymity, a deniable ring signature scheme (DRS), in which no group manager exists, and the signer should be involved in opening the signer anonymity. We also propose a concrete scheme proven to be secure under the assumption of the DDH (decision Diffie Hellman) problem in the random oracle model.

Multisignature schemes enable us to integrate multiple signatures into a single short signature. In 2001, Mitomi and Miyaji proposed a general model of multisignatures, in which signed messages are flexible and the signing order is verifiable and flexible. Several schemes that satisfy these properties have been proposed, but to the best of our knowledge, their verifiable orders are limited to only sequential structures unlike some order-verifiable (but not message-flexible) multisignatures. We define a signing structure as a labeled tree, which can represent any natural signing order including series-parallel graphs, and formalize a general model of multisignatures that makes good use of our structure. We present a security model for such signatures, give the construction based on the general aggregate signature developed by Boneh et al., and provide a security proof in the random oracle model.

The notion of correlation intractable function ensembles (CIFEs) was introduced in an attempt to capture the "unpredictability" property of random oracles [12]: If O is a random oracle then it is infeasible to find an input x such that the input-output pair (x,O(x)) has some desired property. In this paper, we observe relationships between zero-knowledge protocols and CIFEs. Specifically, we show that, in the non-uniform model, the existence of CIFEs implies that 3-round auxiliary-input zero-knowledge (AIZK) AM interactive proofs exist only for BPP languages. In the uniform model, we show that 3-round AIZK AM interactive proofs with perfect completeness exist only for easy-to-approximate languages. These conditional triviality results extend to constant-round AIZK AM interactive proofs assuming the existence of multi-input CIFEs, where "multi-input" means that the correlation intractability is satisfied with respect to multiple input-output pairs. Also, as a corollary, we show that any construction of uniform multi-input CIFEs from uniform one-way functions proves unconditionally that constant-round AIZK AM interactive proofs with perfect completeness only for easy-to-approximate languages.

We first model the variants of OAEP and SAEP by changing a construction and position of a redundancy, and establish a universal proof technique in the random oracle model, the comprehensive event dividing tree. We then make a taxonomical security consideration of the variants of OAEP and SAEP, based on the assumptions of one-wayness and partial-domain one-wayness of the encryption permutation, by applying the tree. Furthermore, we demonstrate the concrete attack procedures against all insecure schemes; we insist that the security proof failure leads to some attacks. From the security consideration, we find that one of the variants leads to a scheme without the redundancy; the scheme is not PA (plaintext aware) but IND-CCA2 secure. Finally, we conclude that some of them are practical in terms of security tightness and short bandwidth.

Up to present, proposed are many multi-signature schemes in which signers use respective moduli in the signature generation process. The FDH-based schemes are proposed by Mitomi et al. and Lysyanskaya et al.. The PSS-based schemes are proposed by Kawauchi et al. and Komano et al.. The FDH-based schemes have the advantage that the signature size is independent of the number of the signers. However, since the signature generation algorithm is deterministic, it has a bad reduction rate as a defect. Consequently, the signers must unfortunately use the keys large enough to keep the security. On the other hand, in the PSS-based schemes, good reduction rates can be obtained since the signature generation algorithms are probabilistic. However, the size of the random component shall overflow the security parameter, and thereby the signature size shall grow by the total size of the random components used the signers. That means, if the size of the random component is smaller, the growth of the signature size can be kept smaller. In this paper, we propose new probabilistic multi-signature scheme, which can be proven secure despite that smaller random components are used. We compare the proposed scheme and two existing schemes. Finally, we conclude that the proposed scheme is so-called optimal due to.

The complete subtree (CS) method is one of the most well-known broadcast encryptions which do not enforce the receivers to keep "online." This paper is to reduce the size of secret information which must be stored in a terminal of the method. In the original CS method, the size of the secret information increases as the number of terminals increases. It is shown in this paper that, by making use of a one-way trapdoor permutation, we can make the size constant regardless of the number of terminals. The security of the proposed scheme is investigated, and detailed comparison with other similar schemes is presented. The proposed scheme is suitable for practical implementations of the CS method.

We attempt to achieve corporative behavior of autonomous decentralized agents constructed via Q-Learning, which is a type of reinforcement learning. As such, in the present paper, we examine the piano mover's problem including a find-path problem. We propose a multi-agent architecture that has an external agent and internal agents. Internal agents are homogenous and can communicate with each other. The movement of the external agent depends on the composition of the actions of the internal agents. By learning how to move through the internal agents, avoidance of obstacles by the object is expected. We simulate the proposed method in a two-dimensional continuous world. Results obtained in the present investigation reveal the effectiveness of the proposed method.

We proposed a one-way trapdoor permutation f based multi-signature scheme which can keep tighter reduction rate. Assuming the underlying hash functions are ideal, our proposed scheme is not only provably secure, but are so in a tight. An ability to forge multi-signatures with a certain amount of computational resources implies the ability to invert a one-way trapdoor permutation f (on the same size modulus) with about the same computational effort. The proposed scheme provides the exact security against Adaptive-Chosen-Message-Attack and Adaptive-Insider-Attack by . can also attack in key generation phase, and act in collusion with corrupted signers.

In this paper, we propose a fast signature scheme which realizes short transmissions and minimal on-line computation. Our scheme requires a modular exponentiation as preprocessing (i.e., off-line computation). However, we need to acknowledge the existance of the following remarkable properties: neither multiplication nor modular reduction is used in the actual signature generation (i.e., on-line computation). Our scheme requires only two operations: hashing and addition. Although some fast signature schemes with small on-line computation have been proposed so far, those schemes require multiplication or modular reduction in the on-line phase. This leads to a large amount of work compared to that of addition. As far as we know, this is the first approach to obtain the fast signature without those two calculus methods.

This paper analyzes the voice packet dropping probability and the average message transmission delay of a Bluetooth radio link in which talkspurts and messages are simultaneously transmitted as voice packets and data packets over an SCO (Synchronous Connection-Oriented) link and an ACL (Asynchronous ConnectionLess) link, respectively. The behaviors of an SCO link and an ACL link are modeled using Markov processes. Using these two Markov models and EPA (Equilibrium Point Analysis), the voice packet dropping probability and the average message transmission delay are derived analytically in terms of the permission probability of a voice packet and a data packet, the length of a message, the number of slaves, and the arrival rate of the messages. Some numerical examples are given to show how the permission probabilities, the number of slaves and other parameters influence the transmission delay, when both the SCO link and the ACL link are used at the same time.

In recent years, digital predistortion linearizers have been used in power amplifiers for mobile communications because they are simpler and provide higher power efficiency than conventional feedforward systems. However, in systems that cover a wider frequency band, it is impossible to disregard the frequency characteristics of their various parameters since the degradation that can result causes a decline in output power efficiency which is the most important property of a power amplifier. To date, no detailed studies have been carried out on predistortion compensation systems. Thus, we focused our research on these systems and in this paper we report the simulation and experimental results we obtained for clarifying these effects. In our experiments, we used a W-CDMA power amplifier to determine how much the distortion compensation effect is degraded by the frequency characteristics of analog RF circuits. The results of experiments to determine the relationship between the ACLR (Adjacent Channel Leakage power Ratio) and power efficiency are also reported.

Many oblivious transfer (OT) protocols have been proposed, however, most of them the security is assured in the random oracle model. Naor and Pinkas proposed 1-out-of-n OT which does not need random oracles. In this paper, we extend the 1-out-of-n OT to k-out-of-n OT protocol. Our protocol is efficient in the sense of both communication complexity and computation complexity.

This paper deals with a first evaluation of the efficiency and the robustness of the real-time "v-disparity" algorithm in stereovision for generic road obstacles detection towards various types of obstacles (vehicle, pedestrian, motorbike, cyclist, boxes) and under adverse conditions (day, night, rain, glowing effect, noise and false matches in the disparity map). The theoretical good properties of the "v-disparity" algorithm--accuracy, robustness, computational speed--are experimentally confirmed. The good results obtained allow us to use this stereo algorithm as the onboard perception process for Driving Safety Assistance: conductor warning and longitudinal control of a low speed automated vehicle (using a second order sliding mode control) in difficult and original situations, at frame rate using no special hardware. Results of experiments--Vehicle following at low speed, Stop'n'Go, Stop on Obstacle (pedestrian, fallen motorbike, load dropping obstacle)--are presented.

Interoperability between different systems is becoming a more important issue for open distributed systems. In this paper, we investigate what kind of framework we need for constructing open distributed systems. Firstly, we enumerate the features and functions which the framework should have. We then evaluate a proposed multi-agent framework, Bee-gent, by using a typical example of open distributed systems. Lastly, we show clearly what is required for such a framework.

In this paper we discuss how one can delegate his power to authenticate or sign documents to others who, again, can delegate the power to someone else. A practical cryptographic solution would be to issue a certificate that consists of one's signature. The final verifier checks verifies the chain of these certificates. This paper provides an efficient and provably secure scheme that is suitable for such a delegation chain. We prove the security of our scheme against an adaptive chosen message attack in the random oracle model. Though our primary application would be agent systems where some agents work on behalf of a user, some other applications and variants will be discussed as well. One of the variants enjoys a threshold feature whereby one can delegate his power to a group so that they have less chance to abuse their power. Another application is an identity-based signature scheme that provides faster verification capability and less communication complexity compared to those provided by existing certificate-based public key infrastructure.

This paper, for the first time, presents a provably secure signature scheme with message recovery based on the elliptic-curve discrete logarithm. The proposed scheme is proven to be secure in the strongest sense (i.e., existentially unforgeable against adaptively chosen message attacks) in the random oracle model under the discrete logarithm assumption. We give a concrete analysis of the security reduction. When practical hash functions are used in place of truly random functions, the proposed scheme is almost as efficient as the elliptic-curve version of the Schnorr signature scheme and existing schemes with message recovery such as the elliptic-curve version of the Nyberg-Rueppel and Miyaji schemes.

At Eurocrypt'98, Okamoto and Uchiyama presented a new trap-door (one-way) function based on factoring, while Fujisaki and Okamoto, at CRYPTO'99, showed a generic conversion from just one-way encryption to chosen-cipher secure encryption in the random oracle model. This paper shows that the result of combining both schemes is well harmonized (rather than an arbitrary combination) and, in the sense of exact security, boosts the level of security more than would be expected from [6]--The security of the scheme yielded by the combination is tightly reduced from factoring. This paper also gives a rigorous description of the new scheme, because this type of encryption may suffer serious damage if poorly implemented. The proposed scheme is at least as efficient as any other chosen-cipher secure asymmetric encryption scheme such as [2],[4],[13].

This paper presents a simple and generic conversion from a public-key encryption scheme that is indistinguishable against chosen-plaintext attacks into a public-key encryption scheme that is indistinguishable against adaptive chosen-ciphertext attacks in the random oracle model. The scheme obtained by the conversion is as efficient as the original encryption scheme and the security reduction is very tight in the exact security manner.