Secure distribution of digital goods is now a significantly important issue for protecting publishers' copyrights. In this paper, we study a useful primitive for constructing a secure and efficient digital rights management system (DRM) where a server which encrypts digital content and one which issues the corresponding decryption key works independently, and existing schemes lack this property. We first argue the desired property necessary of an encryption scheme for constructing an efficient DRM, and formally define an encryption scheme as split encryption scheme containing such property. Also, we show that an efficient split encryption scheme can be constructed from any identity-based scheme. More precisely, we show an equivalence result implying that a split encryption scheme for some system parameter setting and an identity-based encryption scheme have the same primitives but for different uses. Since currently there is no identity-based encryption scheme which is based on well-known computational assumption and/or provably secure in the standard model (i.e. without the random oracle model), by reasonably tuning the system parameter, we show another construction of split encryption which is secure against chosen ciphertext attacks in the standard model assuming that decision Diffie-Hellman problem is hard to solve.

Linking schemes have been proposed assuming the model where the time-stamp issuer need not be trusted. However, in that environment, a fake chain attack and forward or backward dating attacks are still a residual risk in Time-Stamping services (TSS). In this paper, we propose a new time-stamping scheme that focuses on these problems. In our scheme, we use pseudonyms to prevent the time-stamp issuer from dating the time that the specific entity requests. Our scheme doesn't rely on only one trustworthy entity, and uses mutual communication between each entity. Two types of entities, server and clients without any trustworthy entities are configured in our system. The server provides an anonymous communication channel, but doesn't provide TSS, and the clients are not only time-stamp requesters but also issuers. So, when a client requests a time-stamp from the system, it is issued by one of the other clients.

In this paper, we describe a technique for optimizing the algebraic method that is applied to higher order differential attack. The higher order differential attack is a well-known attack on block ciphers, in which we derive an attack equation to determine a round key from a property of a higher order differential of a target block cipher. The algebraic method is a linearization of the attack equation and determines the true key by a method such as Gaussian elimination. Our technique is based on linear dependency and can reduce the complexity of that method. We also describe a technique that allows the algebraic method to be used as an attack equation that holds probabilistically. We demonstrate this method by attacking a five-round MISTY1 and show that it needs 221.6 chosen plaintexts and 228.0 encryption times. The computer simulation took about two minutes to complete.

A new approach for electronic sealed-bid auctions that preserve the privacy of losing bids is presented. It reduces the number of operations performed by the auctioneers to O(log ); previous protocols require O(N ) or O(N log ) where the number of bidders is N and that of available bidding prices is . Namely, the number of auctioneers' operations in our auction protocol is independent of the number of bidders. This feature offers strong advantages in massive auctions. We also propose a new scheme that checks the equality of two values without disclosing them. The scheme enhances our basic auction protocol, in terms of security and communication costs.

The processing of noise-corrupted signals is a common problem in signal processing applications. In most of the cases, it is assumed that the additive noise is white Gaussian and that the constant noise variance is either available or can be easily measured. However, this may not be the case in practical situations. We present a new approach to additive white Gaussian noise variance estimation. The observations are assumed to be from an autoregressive process. The method presented here is iterative, and uses low-order Yule-Walker equations (LOYWEs). The noise variance is obtained by minimizing the difference in the second norms of the noisy Yule-Walker solution and the estimated noise-free Yule-Walker solution. The noise-free solution is constrained to match the observed autocorrelation sequence. In the iterative noise variance estimation method, a variable step-size update scheme for the noise variance parameter is utilized. Simulation results are given to confirm the effectiveness of the proposed method.

The new concept of ES (Encryption-Signature) schemes which realize an encryption scheme and a signature scheme with a unique padding technique and key pair, was proposed by Coron et al. They also gave a proof of PSS-ES. In this paper, first, we discuss the methodology for the construction for ES schemes by using padding techniques of encryption schemes, and propose a new ES scheme, OAEP-ES, adopting this methodology. It is proven that OAEP-ES scheme can be constructed under the assumption of the one-wayness of the encryption permutation, while the security of PSS-ES utilized as an encryption scheme is based on the partial-domain one-wayness; which is a theoretical progress since the one-wayness is more general assumption than the partial-domain one-wayness. It is shown that OAEP-ES attains tighter security than PSS-ES, which is a practical interest.

The Single Instruction, Multiple Data (SIMD) architecture enables computation in parallel on a single processor. The SIMD operations are implemented on some processors such as Pentium 3/4, Athlon, SPARC, or even on smart cards. This paper proposes efficient algorithms for assembling an elliptic curve addition (ECADD), doubling (ECDBL), and k-iterated ECDBL (k-ECDBL) with SIMD operations. We optimize the number of auxiliary variables and the order of basic field operations used for these addition formulas. If an addition chain has k-bit zero run, we can replace k-time ECDBLs to the proposed faster k-ECDBL and the total efficiency of the scalar multiplication can be improved. Using the singed binary chain, we can compute a scalar multiplication about 10% faster than the previously fastest algorithm proposed by Aoki et al. Combined with the sliding window method or the width-w NAF window method, we also achieve about 10% faster parallelized scalar multiplication algorithms with SIMD operations. For the implementation on smart cards, we establish two fast parallelized scalar multiplication algorithms with SIMD resistant against side channel attacks.

The baby-step giant-step algorithm, BSGS for short, was proposed by Shanks in order to compute the class number of an imaginary quadratic field. This algorithm is at present known as a very useful tool for computing with respect to finite groups such as the discrete logarithms and counting the number of the elements. Especially, the BSGS is normally made use of counting the rational points on the Jacobian of a hyperelliptic curve over a finite field. Indeed, research on the practical improvement of the BSGS has recently received a lot of attention from a cryptographic viewpoint. In this paper, we explicitly analyze the modified BSGS, which is for non-uniform distributions of the group order, proposed by Blackburn and Teske. More precisely, we refine the Blackburn-Teske algorithm, and also propose a criterion for the decision of the effectiveness of their algorithm; namely, our proposed criterion explicitly shows that what distribution is needed in order that their proposed algorithm is faster than the original BSGS. That is, we for the first time present a necessary and sufficient condition under which the modified BSGS is effective.

Electron cyclotron resonance (ECR) plasma oxidation of AlN thin films was studied to form the AlON high-κ gate insulator. The leakage current was found to be decreased, and also the surface roughness was improved with the ECR plasma oxidation of AlN thin films. The leakage current was further decreased after 1000 RTA in N2 with little increase of equivalent oxide thickness (EOT) because of the high quality interfacial layer formation.

The electromagnetic scattering of a plane wave by an inhomogeneous plane whose surface impedance changes locally on the plane is treated. A boundary-value problem is formulated to describe the scattering phenomenon, in which the boundary condition depends on the surface impedance of the plane. Application of the Fourier transform derives an integral equation, which is approximately solved by the method of least-squares. From the solution of the equation, the scattered field is obtained by the inverse Fourier transform. By the use of the incomplete Lipschitz-Hankel integral for the computation of the field, numerical examples are given and the scattering phenomenon is discussed.

Delta-sigma modulators (DSMs) are commonly use in high-resolution analog-to-digital converters, and band-pass delta-sigma modulators have recently been used to convert IF signals into digital signals. In particular, a quadrature band-pass delta-sigma modulator can achieve a lower total order, higher signal-to-noise ratio (SNR), and higher bandwidth when compared with conventional band-pass modulators. The current paper proposes a second-order three-bit quadrature band-pass delta-sigma modulator that can achieve a lower power consumption and better performance with a similar die size to a conventional fourth-order quadrature band-pass delta-sigma modulator (QBPDSM). The proposed system is integrated using CMOS 0.35 µm, double-poly, four-metal technology. The system operates at 13 MHz and can digitize a 200 kHz bandwidth signal centered at 4.875 MHz with an SNR of 85 dB. The power consumption is 35 mW at 3.3 V and 38 mW at 5 V, and the die size is 21.9 mm2.

Recently, millimeter-wave energy has attracted much attention as a new and novel energy source for materials processing. In the present paper, several unique features of millimeter-wave heating in materials processing are reviewed briefly and development of materials processing machines by mm-wave radiation is also described. In the application of mm-wave heating, sintering of high quality alumina ceramics having a high bending strength of about 800 MPa are first demonstrated and followed by preparation of aluminum nitride with a high thermal conductivity over 200 W/(mK) at a sintering temperature lower by 473-573 K than the conventional method, by which this processing can be expected to be one of the environment-conscious energy saving processes. A newly developed post-annealing process with mm-wave radiation is described, in which crystallization of amorphous perovskite oxide films prepared by plasma sputtering was attained at temperatures lower than that by the conventional heating and the dielectric constant of post-annealed SrTiO3 (STO) films by mm-wave radiation were drastically improved.

In this letter, a linear variable resistor circuit using an FG-MOSFET (floating-gate MOSFET) is proposed. This is based on Schlarmann's variable resistor and is very simple. The advantage of the proposed circuit is a wide-input range. The utility of the proposed circuit was confirmed by HSPICE simulation with 1.2 µm CMOS process parameters. The simulation results are reported in this letter.

In the paper we evaluate program susceptibility to hardware faults using fault injector. The performed experiments cover many applications with different features. The effectiveness of software techniques improving system dependability is analyzed. Practical aspects of embedding these techniques in real programs are discussed. They have significant impact on the final fault robustness.

In ad hoc wireless networks, wireless terminals can autonomously construct and can maintain the network. They communicate with some neighbor terminals, exchange network information and determine routes for packets on the multi-hop wireless network. Flexible Radio Network (FRN), one of the ad hoc wireless network systems, adopts a proprietary protocol that provides a multiple routes management and a packet retransmission mechanism against packet transmission errors. This system is a commercial product that has been in use in a recent few years. In this paper, we first evaluate the performance through simulations for data-link protocol and routing protocol of the FRN to clarify its basic properties. Furthermore, we propose some techniques that enhance its performance and solve problems on the protocols. We show how they improve the system performance through simulations and analyses.

In this paper, the absorbing property of the discrete Green's function ABC, which was based on a powerful concept of the TLM method, has been improved by relocating loss process from the time domain to the space domain. The proposed scheme simply adds a loss matrix to the connection matrix in the basic TLM algorithm to make the formulation of the ABC more efficient. Various lengths of absorbing layers discretized for a WR-90 empty waveguide have been tested in terms of reflection property. An expression for an optimum absorbing property has been also derived with respect to the length of the layer. Comparison of the layer with the discrete Green's function ABC shows that the layer in this study has improved reflection property better than approximately 3 and 6 dB, respectively, when 50Δ and 60Δ absorbing layers have been adopted for the WR-90 waveguide. Finally, the layer has been applied to a WR-75 metal insert filter as an example.

The software-defined radio technique translates the traditional hardware radio platform to a flexible software radio platform that can support multiple air interface standards. This work proposes an efficient IF processing architecture based on software-defined radio for 2G GSM/IS-95 and 3G W-CDMA systems. Hardware complexity is estimated by fixed-point simulation. IF processing architecture should be highly flexible and minimally complex. Firstly, a carrier channel is selected from a wide frequency band using a high-resolution numerically controlled oscillator (NCO). Wide-range interpolation/decimation is performed by the cascaded integrator comb (CIC) filter that involves no multiplier nor stores filter coefficients. Both the desired narrowband and the desired wideband signals can be extracted. The look-up table (LUT), based on the distributed arithmetic (DA) algorithm is used to implement the finite impulse response (FIR) filter. Therefore, a small area and high speed can be achieved. The errors caused by truncation, quantization, rounding-off and overflow are predicted using a fixed-point simulation. These predictions will help to evaluate the word-length for VLSI implementation. Finally, ALTERA APEX20KE is used as a target device. One hundred thousand gates are used for the implementation. Thus, the proposed architecture has high processing flexibility and small area.

We consider the routing and wavelength assignment (RWA) problem for large-scale WDM optical networks where each transmission request is served by an all-optical lightpath without wavelength conversion. Two heuristic RWA algorithms are proposed in order to minimize the number of wavelengths required for a given set of connection requests. The proposed algorithms are evaluated and compared with the existing algorithms for two realistic networks constructed based on the locations of major cities in Ibaraki Prefecture and those in Kanto District in Japan.

This Letter presents a novel VQ-based digital image watermarking method. By modifying the conventional GLA algorithm, a codeword-labeled codebook is first generated. Each input image block is then reconstructed by the nearest codeword whose label is equal to the watermark bit. The watermark extraction can be performed blindly. Simulation results show that the proposed method is robust to JPEG compression, vector quantization (VQ) compression and some spatial-domain processing operations.

Two operations, polynomial multiplication and modular reduction, are newly induced by the properties of the modified Booth's algorithm and irreducible all one polynomials, respectively. A new and effective methodology is hereby proposed for computing multiplication over a class of fields GF(2m) using the two operations. Then a low complexity multiplexer-based multiplier is presented based on the aforementioned methodology. Our multiplier consists of m 2-input AND gates, an (m2 + 3m - 4)/2 2-input XOR gates, and m(m - 1)/2 4 1 multiplexers. For the detailed estimation of the complexity of our multiplier, we will expand this argument into the transistor count, using a standard CMOS VLSI realization. The compared results show that our work is advantageous in terms of circuit complexity and requires less delay time compared to previously reported multipliers. Moreover, our architecture is very regular, modular and therefore, well-suited for VLSI implementation.