This paper proposes a method of constructing single-electron logic subsystems on the basis of the binary decision diagram (BDD). Sample subsystems, an adder and a comparator, are designed by combining single-electron BDD devices. It is demonstrated by computer simulation that the designed subsystems successfully produce, through pipelined processing, an output data flow in response to the input data flow. The operation error caused by thermal agitation is estimated. An output interface for converting single-electron transport into binary-voltage signals is also designed.

We propose new key exchange and authentication protocols, which are efficient in protecting a poorly-chosen weak secret from guessing attacks, based on the use of a one-time pad and a strong one-way hash function. Cryptographic protocols assume that a strong secret should be shared between communication participants for authentication, in the light of an ever-present threat of guessing attacks. Cryptographically long secret would be better for security only if ordinary users could remember it. But most users choose an easy-to-remember password as a secret and such a weak secret can be guessed easily. In our previous work, we made much of introducing a basic concept and its application. In this paper, we describe our idea in more detail and propose more protocols which correspond to variants of our basic protocol using well-defined notations. Formal verification and efficiency comparison of the proposed protocols are also presented. By our scheme the password guessing attacks are defeated efficiently, and a session key is exchanged and participants are authenticated securely.

This paper presents two types of two-dimensional (2-D) adaptive beamforming algorithm which have high rate of convergence. One is a linearly constrained minimum variance (LCMV) beamforming algorithm which minimizes the average output power of a beamformer, and the other is a generalized sidelobe canceler (GSC) algorithm which generalizes the notion of a linear constraint by using the multiple linear constraints. In both algorithms, we apply a 2-D lattice filter to an adaptive filtering since the 2-D lattice filter provides excellent properties compared to a transversal filter. In order to evaluate the validity of the algorithm, we perform computer simulations. The experimental results show that the algorithm can reject interference signals while maintaining the direction of desired signal, and can improve convergent performance.

This letter gives a study of additionY=X+K mod 2w which is used in some cryptosystems as RC5. Our results enables us to express the differential and linear probability of addition as a function of addendK. To detect a good differential characteristics or linear approximation of a cryptosystem in which extended key is used as addend, we need to consider how the characteristics or approximations behave depending upon the value of the addend, which are clarified by our results.

In this paper, a threshold voltage (VT) cancellation circuit for neuron-MOS (νMOS) analog circuits is described. By connecting the output terminal of this circuit with one of the input terminals of the νMOS transistor, cancellation ofVT is realized. The circuit has advantages of ground-referenced output and is insensitive to the fluctuation of bias and supply voltages. Second-order effects, such as the channel length modulation effect, the mobility reduction effect and device mismatch of the proposed circuit are analyzed in detail. Low-power and high-swing νMOS cascode current mirror is presented as an application. Performance of the proposed circuits is confirmed by HSPICE simulation with MOSIS 2. 0 µ p-well double-poly and double-metal CMOS device parameters.

This paper applies linear cryptanalysis to FEAL and describes the experimental results of attacking FEAL-8 by linear cryptanalysis. The following points are important in linear cryptanalysis to reduce the processing amount and memory size in the attack: 1) to find linear expressions with as high a deviation as possible, and 2) to reduce the number of effective key bits and effective text bits. We have succeeded in attacking FEAL-8 in about 1 hour on a low-end workstation (SPARCstation 10 Model 30). We have confirmed that the entire set of subkeys of FEAL-8 can be derived from 225 known plaintexts with a success rate of over 70%, and from 226 known plaintexts with a success rate of almost 100%.

A new broadband space diversity (B-SD) combining method, which is a key technique in the growth of digital microwave radio system, is proposed. In this B-SD combining method, two received signals, whose bandwidths are 280 MHz, are combined. To develop this combining method, an optimum control algorithm is developed that monitors power levels of all primary carriers and controls the endless phase shifter so that the higher level signal is decreased and the lower level signal is increased. This paper describes the proposed B-SD combining method which effectively operates over a wide bandwidth. Performance evaluations based on simulations and theoretical estimations are given. It is proven that this combining method offers the same performance obtained by the conventional narrowband SD combining method and can be applied to over 50% cases of the propagation paths observed in Japan. The suitability of the proposed combining method and the calculation methods adopted is demonstrated experimentally.

In Asiacrypt '96, Bleichenbacher et al. showed the upper limit of the efficiency of one-time digital signature scheme using a directed graph of tree structure as its base. They also claimed that there exists more effective signature scheme on general directed graphs, and showed an example of a method to construct more effective signature schemes as a witness. Unfortunately, their example does not achieve the efficiency as they claimed. This paper shows the upper limit of the efficiency of the signature scheme on general directed graphs by showing no signature scheme is more effective than the optimal signature scheme on trees (or forests). Further, we introduce another signature scheme named pseudo k-time signature scheme. This signature scheme allows signers to sign k-time which is no less efficient than the one time signature scheme.

The addition chain (A-chain) and addition-subtraction chain (AS-chain) are efficient tools to calculate power Me (or multiplication eM), where integere is fixed andM is variable. Since the optimization problem to find the shortest A (or AS)-chain is NP-hard, many algorithms to get a sub-optimal A (or AS)-chain in polynomial time are proposed. In this paper, a window method for the AS-chain and an extended window method for the A-chain and AS-chain are proposed and their performances are theoretically evaluated by applying the theory of the optimal variable-to-fixed length code, i. e. , Tunstall code, in data compression. It is shown by theory and simulation that the proposed algorithms are more efficient than other algorithms in practical cases in addition to the asymptotic case.

In the linear cryptanalysis (LC), to decrease the number of plain/cipher text pairs required for successful attack against DES, it is necessary to improve the effectiveness of the linear approximate expression and to decrease the number of key bits in the expression to be exhaustively searched for. In the previous work, we proposed a linear sieve method to improve the effectiveness of the linear approximate expression. On the other hand, the number of key bits increased. To suppress the number of key bits, we propose Fixed Sieve Linear Cryptanalysis (FS-LC) with fixed sieve key of the linear sieve method. With FS-LC against 8-round DES, we showed the number of plain/cipher text pairs required for sucessful attack is less than that of LC. Furthmore, we extended FS-LC with Kaliski's techniques using the multiple linear approximate expressions to intoroduce Fixed Sieve multiple Linear Cryptanalysis (FS-mLC). With FS-mLC against 8-round DES, computer simulation revealed that it is possible to solve its encryption-key with 220 plain/cipher text pairs. The number of pairs is about a half of the Matsui's 1-round linear cryptanalysis cases.

This paper focuses on competitive learning algorithms for WTA (winner-take-all) networks which perform rotation invariant pattern classification. Although WTA networks may theoretically be possible to achieve rotation invariant pattern classification with infinite memory capacities, actual networks cannot memorize all input data. To effectively memorize input patterns or the vectors to be classified, we present two algorithms for learning vectors in classes (LVC1 and LVC2), where the cells in the network memorize not only weight vectors but also their firing numbers as statistical values of the vectors. The LVC1 algorithm uses simple and ordinary competitive learning functions, but it incorporates the firing number into a coefficient of the weight change equation. In addition to all the functions of the LVC1, the LVC2 algorithm has a function to utilize under-utilized weight vectors. From theoretical analysis, the LVC2 algorithm works to minimize the energy of all weight vectors to form an effective memory. From computer simulation with two-dimensional rotated patterns, the LVC2 is shown to be better than the LVC1 in learning and generalization abilities, and both are better than the conventional Kohonen self-organizing feature map (SOFM) and the learning vector quantization (LVQ1). Furthermore, the incorporation of the firing number into the weight change equation is shown to be efficient for both the LVC1 and the LVC2 to achieve higher learning and generalization abilities. The theoretical analysis given here is not only for rotation invariant pattern classification, but it is also applicable to other WTA networks for learning vector quantization.

This paper presents the results of the best differential characteristic search of FEAL. The search algorithm for the best differential characteristic (best linear expression) was already presented by Matsui, and improvements on this algorithm were presented by Moriai et al. We further improve the speed of the search algorithm. For example, the search time for the 7-round best differential characteristic of FEAL is reduced to about 10 minutes (Pentium/166 MHz), which is about 212. 6 times faster than Matsui's algorithm. Moreover, we determine all the best differential characteristics of FEAL for up to 32 rounds assuming all S-boxes are independent. As a result, we confirm that the N-round (7N32) best differential characteristic probability of FEAL is 2-2N, which was found by Biham. For N=6, we find 6-round differential characteristics with a greater probability, 2-11, than that previously discovered, 2-12.

An oversampling theorem for regular sampling in wavelet subspaces is established. The sufficient-necessary condition for which it holds is found. Meanwhile the truncation error and aliasing error are estimated respectively when the theorem is applied to reconstruct discretely sampled signals. Finally an algorithm is formulated and an example is calculated to show the algorithm.

A multiple signature scheme proposed in [1] is proved to be insecure.

We analyze M,MMPP/G/1 finite queues with queue-length-threshold (QLT) scheduling policy and Bernoulli schedule where the arrival of type-1 customers (nonreal-time traffic) is Poisson and the arrival of type-2 customers (real-time traffic) is a Markov-modulated Poisson process (MMPP). The next customer to be served is determined by the queue length in the buffer of type-1 customers. We obtain the joint queue length distribution for customers of both types at departure epochs by using the embedded Markov chain method, and then obtain the queue length distribution at an arbitrary time by using the supplementary variable method. From these results, we obtain the loss probabilities and the mean waiting times for customers of each type. The numerical examples show the effects of the QLT scheduling policy on performance measures of the nonreal-time traffic and the bursty real-time traffic in ATM networks.

In this paper, we present an analytic model to study the reliability of some important disk array organizations that have been proposed by others in the literature. These organizations are based on the combination of two options for the data layout, regular RAID-5 and block designs, and three alternatives for sparing, hot sparing, distributed sparing and parity sparing. Uncorrectable bit errors have big effects on reliability but are ignored in traditional reliability analysis of disk arrays. We consider both disk failures and uncorrectable bit errors in the model. The reliability of disk arrays is measured in terms of MTTDL (Mean Time To Data Loss). A unified formula of MTTDL has been derived for these disk array organizations. The MTTDLs of these disk array organizations are also compared using the analytic model. By numerical experiments, we show that the data losses caused by uncorrectable bit errors may dominate the data losses of disk array systems though only the data losses caused by disk failures are traditionally considered. The consideration of uncorrectable bit errors provides a more realistic look at the reliability of the disk array systems.

Area-restricted illumination of light onto a voltage-biased single-electron tunnel junction array is modeled by reduced resistance of junctions, and its effects on current-voltage characteristics, charge distributions and potential profiles are calculated by a Monte Carlo method. The results show that photocurrent nearly proportional to the applied voltage is generated above a threshold voltage determined by Coulomb blockade effect. The photocurrent increases with increasing irradiated area, which is ascribed to reduction in total resistance of the circuit. Under irradiation, a characteristic charge distribution is formed, i. e. , negative and positive charge bumps are formed in the nodes at the dark and bright boundaries. The charge bumps serve to screen the electric field formed by the bias voltage and create almost a flat potential in the irradiated area. Furthermore, time-response of the charge distribution to a pulse irradiation is also studied. For high dark resistance, the charge bumps are sustained for a long period working as a memory of light. These results suggest feasibility of single-electron photonic devices such as photodetectors and photomemories.

Fiat-Shamir's identification and signature scheme is efficient as well as provably secure, but it has a problem in that the transmitted information size and memory size cannot simultaneously be small. This paper proposes an identification and signature scheme which overcomes this problem. Our scheme is based on the difficulty of extracting theL-th roots modn (e. g.L=2 1020) when the factors ofnare unknown. We prove that the sequential version of our scheme is a zero knowledge interactive proof system and our parallel version reveals no transferable information if the factoring is difficult. The speed of our scheme's typical implementation is at least one order of magnitude faster than that of the RSA scheme and is relatively slow in comparison with that of the Fiat-Shamir scheme.

In order to investigate the nonlinearity and color responses of visual evoked potentials (VEPs), which have been useful in objectively detecting human color vision characteristics, a nonlinear system identification method was applied to VEPs elicited by isoluminant color stimuli, and the relationship between color stimuli and VEPs was examined. VEPs of normal subjects elicited by chromatically modulated stimuli were measured, and their binary kernels were estimated. Results showed that a system with chromatically modulated stimuli and VEP responses can be expressed by binary kernels up to the second order and that first- and second-order binary kernels depended on the color of the stimulus. The characteristics of second-order kernels reflected the difference between two chromatic channels. Opponent-color responses were included in first-order binary kernels, suggesting that they could be used as an index to test human color vision.

The basic operation characteristics of an asymmetric turnstile which transfers each electron one by one in one direction is described. A novel single electron counter circuit consisting of the asymmetric turnstiles, a load capacitor and an inverter which counts the number of high inputs is proposed. Monte Carlo circuit simulations reveal that the gate clock time of the counter circuit should be long enough to achieve allowable minimum error rate. The counter circuit implementing asymmetric single electron turnstiles is demonstrated to be applicable to a noise reduction system, a Winner-Take-All circuit and an artificial neuron circuit.