The implementation security of the RSA cryptosystem, under the threat of side-channel analysis, has attracted the attentions of many researchers. Boer et al. had proposed the MRED-DPA attack on RSA-CRT by choosing ciphertexts of equi-distant data. Their attack can be applied to RSA-OAEP decryption but not RSA-PSS signing because of the PSS random padding. We propose a new DPA attack on an implementation of RSA-CRT, with the Montgomery reduction. The proposed attack assumes only known ciphertexts, and can be applied to both RSA-OAEP decryption and RSA-PSS signing even if a random padding technique is used in practice. This study also presents experimental results to verify the proposed attack. Finally, this study proposes a CRT-based message blinding technique as a low-cost DPA countermeasure.

A new image watermarking scheme is presented to achieve high capacity information hiding and geometric invariance simultaneously. Visually salient region is introduced into watermark synchronization. The saliency value of a region is used as the quantitative measure of robustness, based on which the idea of locally most salient region (LMSR) is proposed to generate the disjoint invariant regions. A meaningful binary watermark is then encoded using Chinese Remainder Theorem (CRT) in transform domain. Simulation results and comparisons demonstrate the effectiveness of the proposed scheme.

CRT-RSA is a variant of RSA, which uses integers dp = d mod (p-1) and dq = d mod (q-1) (CRT-exponents), where d, p, q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagi's RSA is a variant of CRT-RSA, whose public key N is of the form prq for a given positive integer r. In this paper, we extend the May's method and the Bleichenbacher-May's method to Takagi's RSA, and we show that we obtain p in polynomial time if by the extended May's method, and if by the extended Bleichenbacher-May's method, when dq is arbitrary small. If r=1, these upper bounds conform to May's and Bleichenbacher-May's results respectively. Moreover, we also show that the upper bound of pr increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice.

In RSA public-key cryptosystem, a small private key is often preferred for efficiency but such a small key could degrade security. Thus the Chinese Remainder Theorem (CRT) is tactically used, especially in time-critical applications like smart cards. As for using the CRT in RSA, care must be taken to resist partial key exposure attacks. While it is common to choose two distinct primes with similar size in RSA, May has shown that a composite modulus N can be factored in the balanced RSA with the CRT of half of the least (or most) significant bits of a private key is revealed with a small public key. However, in the case that efficiency is more critical than security, such as smart cards, unbalanced primes might be chosen. Thus, we are interested in partial key exposure attacks to the unbalanced RSA with the CRT. In this paper, we obtain the similar results as the balanced RSA. We show that in the unbalanced RSA if the N1/4 least (or most) significant bits are revealed, a private key can be recovered in polynomial time under a small public key.

Color CRTs (Cathode Ray Tubes) are still evolving in competition with other display devices in the growing TV markets, with continuing demands for enhanced performance and lower cost. In response to these trends, we have developed a new self-converging system of CRT with simple structure. It offers advantages in terms of high resolution for HDTV and large deflection angle for short depth TV sets. The system realizes less spot distortion at the screen periphery of the CRT and lower horizontal dynamic focus voltage than those in a conventional self-converging system, while keeping the cost just as low. In the system, a uniform horizontal deflection field and a newly-developed magnet lens are utilized. The uniform field reduces the spot distortion in exchange for occurrences of raster distortion and convergence error, both of which can be corrected by the newly-developed magnet lens without additional circuit modifications. As a core part of the new system, the lens power of the newly-developed magnet lens varies along the horizontal axis in order to simultaneously achieve convergence and correct the pincushion distortion of the raster. Furthermore, countermeasures for magnet-related issues are taken from the viewpoints of real operation and mass production. The system with the new DY was evaluated in experiments using 86 cm CRTs (16 : 9), and it has been found that the system realizes substantially smaller spot distortions as well as favorable convergence and raster performances, with a drawback of decrease in horizontal deflection sensitivity. The spot oblateness, defined as horizontal spot diameter divided by vertical spot diameter, has decreased from 2.65 to 1.70 accompanying a 15% reduction of horizontal spot sizes at the corners of the screen with 30% decreased dynamic focus voltages and 10% decreased horizontal deflection sensitivity.

Fast and simple algorithm of a parity checker for a large residue numbers is presented. A new set of RNS moduli with 2r-(2l1) form for fast modular multiplication is proposed. The proposed RNS moduli has a large dynamic range for a large RNS number. The parity of a residue number can be checked by the Chinese remainder theorem (CRT). A CRT-based parity checker is simply organized by the Montgomery reduction method (MRM), implemented by using multipliers and the carry-save adder array. We present a fast parity checker with minimal hardware processed in three clock cycles for 32-bit RNS modulus set.

In this paper, we deal with c-secure codes in a fingerprinting scheme, which encode user ID to be embedded into the contents. If a pirate copy appears, c-secure codes allow the owner of the contents to trace the source of the illegal redistribution under collusion attacks. However, when dealing in practical applications, most past proposed codes are failed to obtain a good efficiency, i.e. their codeword length are too large to be embedded into digital contents. In this paper, we propose a construction method of c-secure CRT codes based on polynomials over finite fields and it is shown that the codeword length in our construction is shorter than that of Muratani's scheme. We compare the codeword length of our construction and that of Muratani's scheme by numerical experiments and present some theoretical results which supports the results obtained by numerical experiments. As a result, we show that our construction is especially efficient in respect to a large size of any coalition c. Furthermore, we discuss the influence of the random error on the traceability and formally define the Weak IDs in respect to our construction.

We've been developing new electron guns for a high brightness CRT. The electron guns were modified to increase the emission current without the increase of the driving voltage. We achieved the high brightness CRT with "low cut-off electron gun" and the gun was successfully introduced into our multimedia CRT. Now we are developing next generation gun or "double drive electron gun" for larger screen CRT. The gun can emit about double current in comparison with the "low cut-off electron gun."

In digital content distribution systems, digital watermarking (fingerprinting) technique provides a good solution to avoid illegal copying and has been studied very actively. c-Secure CRT Code is one of the most practical ID coding schemes for such fingerprinting since it is secure against collusion attacks and also secure even though random errors are furthermore added. But its usefulness is decreased in the case that random errors are added because the code length will be longer. In this paper, a new collusion attack with addition of random errors is introduced and show that c-Secure CRT Code is not sufficiently secure against the attack at first. Next, we analyze the problem and propose a new ID coding scheme, Randomized c-Secure CRT Code which overcomes the problem. As a result, this new scheme improves the error tracing probabilities against the proposed attack drastically. This new scheme has the same code length, so this is one of the most responsible fingerprinting codes for content distribution systems.

We developed the new electron gun, which can emit about twice electron in comparison with the conventional gun and could achieve the screen brightness of over 300 cd/m2 even if the ordinal driving circuit is applied. We tried two methods to improve the drive characteristics, and we chose to lower the cathode cut-off voltage. To maintain the resolution, we optimized the triode. And we used the tungsten-coated oxide cathode to guarantee the long life.

The design of an electron gun was examined from the viewpoints of pre-focus lens, main lens, corner focus and cathode current. Accordingly, multi-beam electron gun has been developed to catch up with the remarkable progress of resolution in computer peripheral devices such as digital still cameras and video boards. Multi-beam electron gun has two slot beam apertures of G1 for one cathode, and a key point of its design is to realize two-beam simultaneous convergence and focusing. To satisfy this condition, the divergence angles of electron beam bundles were designed. With this multi-beam electron gun that is superior in both of beam spot size and drive voltage, the 5 million pixels CRT could be realized.

To improve the resolution of the color CRTs, we propose a new electrostatic lens system which has two additional electrodes between the focus electrode and the anode electrode. The anode voltage and focus voltage are supplied on these additional electrodes. The numerical simulation shows that the system can reduce the third order aberration coefficients almost up to 31% of the conventional system. And the experiments show that the typical beam spot diameter is improved by nearly 20% of the conventional system.

We investigated perceptual color assimilation of a strip (test field) displayed on a CRT close to a green or red strip (inducing field) with a dark background. The maximal distance to induce assimilation was about 7 for a red inducing field, and 24 for a blue one. The intensity of assimilation was almost inversely proportional to the width of test field.

In this paper, we propose an extended LR parsing algorithm, called LR parsing with a category reachability test (the LR-CRT algorithm). The LR-CRT algorithm enables a parser to efficiently recognize those sentences that belong to a specified grammatical category. The key point of the algorithm is to use an augmented LR parsing table in which each action entry contains a set of reachable categories. When executing a shift or reduce action, the parser checks whether the action can reach a given category using the augmented table. We apply the LR-CRT algorithm to improve a speech recognition system based on two-level LR parsing. This system uses two kinds of grammars, inter- and intra-phrase grammars, to recognize Japanese sentential speech. Two-level LR parsing guides the search of speech recognition through two-level symbol prediction, phrase category prediction and phone prediction, based on these grammars. The LR-CRT algorithm makes possible the efficient phone prediction based on the phrase category prediction. The system was evaluated using sentential speech data uttered phrase by phrase, and attained a word accuracy of 97.5% and a sentence accuracy of 91.2%