In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achieve fast computation of exponentiations. When we compute an exponentiation, the exponent recoding has to be carried out before the main stage. There are some exponent recoding algorithms including conditional branches, in which instructions depend on the given exponent value. Consequently exponent recoding can constitute an information channel, providing the attacker with valuable information on the secret exponent. In this paper we show new algorithms of attack on exponent recoding. The proposed algorithms can recover the secret exponent, when the width-w NAF and the unsigned/signed fractional window representation are used.

Differential power analysis (DPA) might break implementations of elliptic curve cryptosystem (ECC) on memory constraint devices. Goubin proposed a variant of DPA using a point (0,y), which is not randomized in Jacobian coordinates or in an isomorphic class. This point often exists in standardized elliptic curves, and we have to care this attack. In this paper, we propose zero-value register attack as an extension of Goubin's attack. Note that even if a point has no zero-value coordinate, auxiliary registers might take zero value. We investigate these zero-value registers that cannot be randomized by the above randomization. Indeed, we have found several points P = (x,y) which cause the zero-value registers, e.g., (1) 3x2 + a = 0,(2) 5x4 + 2ax2 - 4bx + a2 = 0,(3) P is y-coordinate self-collision point, etc. We demonstrate the elliptic curves recommended in SECG that have these points. Interestingly, some conditions required for zero-value register attack depend on explicit implementation of addition formulae -- in order to resist this type of attacks, we have to care how to implement the addition formulae. Finally, we note that Goubin's attack and the proposed attack assume that a base point P can be chosen by attackers and a secret scalar d is fixed, so that they are not applicable to ECDSA.

In MC-CDMA, the data rate can be increased by reducing the spreading factor SF or by allowing multicode transmission. In this paper, we examine by computer simulations which gives a better bit error rate (BER) performance--lower SF or multicode operation--when high level modulation is used in addition to error control coding. For a coded system in a frequency selective channel, there is a trade-off among frequency diversity gain due to spreading, improved coding gain due to better frequency interleaving effect and orthogonality distortion. It is found that for QPSK, the performance of OFDM (MC-CDMA with SF = 1) is almost the same as that of a fully spread MC-CDMA system. However, for 16QAM and 64QAM, the BER performance is better for lower SF unlike the uncoded system, wherein higher SF gives a better BER.

We show that the necessary and sufficient condition for the existence of a balanced quatrefoil decomposition of the complete multigraph λKn is n 9 and λ(n - 1) 0 (mod 24). Decomposition algorithms are also given.

One of the main disadvantage of multi-carrier CDMA (MC-CDMA) signals is the high peak power of the transmitted signals which limits their applications. To account for this issue, we provide a simple signal processing for reducing the high crest factor (CF) of MC-CDMA signals. Using this modified MC-CDMA signal, the high CF due to Walsh spreading sequences can be mitigated without explicit side information and degradation in the detection performance.

To investigate cyber-criminals, Police sometimes asks Administrator of a computer system to disclose the whole transaction log. Administrator, however, wants to protect the privacy of innocent users. This paper presents a solution for the disclosure/privacy problem of transaction log. In this scheme, Police can search over the encrypted records of the transaction log by keywords. The administrator discloses only the records which include the keyword, but nothing more. Police can verify that the administrator faithfully disclosed all the records which include the keyword.

The traffic congestion problem in urban areas is worsening since traditional traffic signal control systems cannot provide] efficient traffic regulation. Therefore, dynamic traffic signal control in Intelligent Transportation System (ITS) recently has received increasing attention. This study devised a multi-agent architecture, the Adaptive and Cooperative Traffic light Agent Model (ACTAM), for a decentralized traffic signal control system. The proposed architecture comprises a data storage and communication layer, a traffic regulation factor processing layer, and a decision-making layer. This study focused on utilizing the cooperation of multi-agents and the prediction mechanism of our architecture, the Forecast Module, to forecast future traffic volume in each individual intersection. The Forecast Module is designed to forecast traffic volume in an intersection via multi-agent cooperation by exchanging traffic volume information for adjacent intersections, since vehicles passing through nearby intersections were believed to significantly influence the traffic volume of specific intersections. The proposed architecture can achieve dynamic traffic signal control. Thus, total delay time of the traffic network under ACTAM can be reduced by 37% compared to the conventional fixed sequence traffic signal control strategy. Consequently, traffic congestion in urban areas can be alleviated by adopting ACTAM.

This paper treats multi-way microstrip power dividers composed of multi-step, multi-furcation, and corners. Since the design procedure is founded on the planar circuit approach in combination with the segmentation method, optimization of the circuit configuration can be performed in a reasonable short computation time when applying the Powell's optimization algorithm. Actually, broadband 3- and 4-way power dividers with mitered bends are designed, and fractional bandwidths of about 90% and 100% are realized for the power-split imbalance less than 0.2 dB and the return loss better than -20 dB, respectively. The validity of the design results is confirmed by an EM-simulator (HFSS) and experiments.

The PayWord Scheme, invented by Rivest and Shamir, is an efficient micropayment scheme utilizing a hash function. We point out that the scheme has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer's credit which the bank has guaranteed by issuing a certificate. Generally, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer's purchases; and Position 2: the bank does not redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs. In the PayWord Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank. We propose a micropayment scheme (countermeasure) that overcomes these problems.

Transient scattering from parallel plate waveguide cavities is studied by using the combination of a point matching technique and numerical inversion of Laplace transform. We thoroughly investigate the scattering mechanism for a half-sine pulse and modulated-sine pulse incidence. The advantages and disadvantages on the target recognition are clarified in terms of the internal objects, incident waveforms, and polarizations.

This paper describes the choke-loaded patch array antenna for use in the IMT-2000 repeater systems. The choke structure of the 4-element array is designed by means of an electromagnetic analysis. A high front-to-back (FB) ratio is required for suppressing mutual coupling in order to stop the oscillation caused by the interference waves between a transmitting and receiving antenna. The suppression of the FB ratio by a choke is limited in the case of the 16-element array because its side lobe level is large. In this paper, we examine the effect of suppressing the mutual coupling using a binomial array.

We regard the events of a Markov decision process as the outputs from a Markov information source in order to analyze the randomness of an empirical sequence by the codeword length of the sequence. The randomness is an important viewpoint in reinforcement learning since the learning is to eliminate the randomness and to find an optimal policy. The occurrence of optimal empirical sequence also depends on the randomness. We then introduce the Lempel-Ziv coding for measuring the randomness which consists of the domain size and the stochastic complexity. In experimental results, we confirm that the learning and the occurrence of optimal empirical sequence depend on the randomness and show the fact that in early stages the randomness is mainly characterized by the domain size and as the number of time steps increases the randomness depends greatly on the complexity of Markov decision processes.

In this paper, we propose a multiuser detection (MUD) scheme for space-time block coded orthogonal frequency division multiplexing (STBC-OFDM) systems. We derive the optimum weight matrix used to decouple simultaneously signals from active multiple access users using the minimum mean square error (MMSE) multiuser detection method. The proposed scheme provides good performance over different models of the frequency selective fading channel. It is also to show that if the length of the cyclic prefix is larger than that of the channel, the performance of the detector depends on only the total energy extracted from multipath components but not the employed channel model, the number of multipath components or the delay of each multipath component.

This paper reports the strength of a pseudorandom number generator MUGI, which was published as a stream cipher by Hitachi, Ltd. in 2001, against linear cryptanalysis. MUGI is one of the recommended ciphers of CRYPTREC, which is a project for the e-Government in Japan. It has two internal states called state and buffer, which are updated by a linear function λ and a non-linear function ρ. The non-linear function ρ and the linear function λ have already been analyzed, independently. In this paper, whole MUGI is analyzed by truncated linear cryptanalysis. The analysis of λ function is based on the state variables method. The result is combined to the result of the analysis of ρ function to make a trellis diagram. Viterbi search is conducted on the diagram to find the best possible linear path under 64-bit truncated linear cryptanalysis. As the result, the upper bound of the maximum linear characteristic probability is estimated as less than 2-138. Therefore, MUGI is secure against linear cryptanalysis.

We consider the multicast routing problem for large-scale wavelength division multiplexing (WDM) optical networks where transmission requests are established by point-to-multipoint connections. To realize multicast routing in WDM optical networks, some nodes need to have light (optical) splitting capability. A node with splitting capability can forward an incoming message to more than one output link. We consider the problem of minimizing the number of split-capable nodes in the network for a given set of multicast requests. The number of wavelengths is fixed and given a priori. We propose a genetic algorithm that exploits the combination of alternative shortest paths for the given multicast requests in order to minimize the number of required split-capable nodes. This algorithm is examined for two realistic networks constructed based on the locations of major cities in Ibaraki Prefecture and those in Kanto District in Japan. Our experimental results show that the proposed algorithm can reduce more than 10% of split-capable nodes compared with other routing algorithms whereby the optimization for the split-capable node placement is not taken into account.

This letter proposes a quadratic optimization decoding (QOD) for space-time block decoding in time-selective Rayleigh fading channels. When channels are fast fading, the simple decoding exploiting the orthogonal structure of the codes can not be used to achieve a proper error performance. In an effort to mitigate the severe performance degradation, in this letter least square decoding and QOD are considered for decoding. Simulation results show that the QOD shows a significant performance improvement compared to the least square and the conventional schemes.

Fingerprinting is a technique to add identifying marks to each copy of digital contents in order to enhance traceability to a distribution system. Collusion attacks, in which the attackers collect two or more fingerprinted copies and try to generate an untraceable copy, are considered to be a threat for the fingerprinting system. With the aim of enhancing collusion security to the fingerprinting system, several collusion secure codes, such as c-frameproof code, c-secure frameproof code and c-identifiable parent property code, have been proposed. Here, c indicates the maximum number of colluding users. However, a practical construction of the above codes is still an issue because of the tight restrictions originated from their combinatorial properties. In this paper, we introduce an evaluation of frameproof, secure frameproof, and identifiable parent property by the probability that a code has the required property. Then, we focus on random codes. For frameproof and secure frameproof properties, we estimate the average probability that random codes have the required property where the probability is taken over the random construction of codes and random construction of coalitions. For the estimation, we assume the uniform distribution of symbols of random codes and the symbols that the coalitions hold. Therefore, we clarify the adequacy of the assumptions by comparison with numerical results. The estimates and numerical results resemble, which implies the adequacy of the assumption at least in the range of the experiment.

Novel microstrip lowpass filters are developed with reduced size and significantly improved stopband characteristics. After introducing quarter-wavelength open stubs, we get one or two transmission zeros in the stopband. By folding the high impedance microstrip lines, we reduce the size of the filter. Three-pole and five-pole lowpass filters are designed, and their measured frequency responses agree well with theoretical predictions.

Inoue et al. introduced an automaton on a two-dimensional tape, which decides acceptance or rejection of an input tape by scanning the tape from various sides by various automata which move one way, and investigated the accepting power of such an automaton. This paper continues the investigation of this type of automata, especially, -type automata (obtained by combining four three-way two-dimensional deterministic finite automata (tr2-dfa's) in "or" fashion) and -type automata (obtained by combining four tr2-dfa's in "and" fashion). We first investigate a relationship between the accepting powers of -type automata and -type automata, and show that they are incomparable. Then, we investigate a hierarchy of the accepting powers based on the number of tr2-dfa's combined. Finally, we briefly describe a relationship between the accepting powers of automata obtained by combining three-way two-dimensional deterministic and nondeterministic finite automata.

This paper presents an efficient scaling-simulation algorithm that simulates operations of the reconfigurable mesh (RM) of size n n using the mesh with multiple partitioned buses (MMPB) of size m m (m < n). The RM and the MMPB are the two-dimensional mesh-connected computers equipped with broadcasting buses. The broadcasting buses of the RM can be used to dynamically obtain various interconnection patterns among the processors during the execution of programs, while those of the MMPB are placed only to every row and column and are statically partitioned in advance by a fixed length. We show that the RM of size n n can be simulated in steps by the MMPB of size m m (m < n), where L is the number of broadcasting buses in each row/column of the simulating MMPB. Although the time-complexity of our algorithm is less efficient than that of the fastest RM scaling-simulation algorithm, the simulating model of our algorithm is the MMPB model where the bus-reconfiguration is not allowed.