This paper describes a novel shared file system, whose main features are enhanced security and its concurrency control mechanism. The system is especially suitable for access from mobile hosts. Users can edit their shared files concurrently. Shared files are encrypted and decrypted only by clients, and the file server cannot know the contents. The server asynchronously receives the edited parts, which are already encrypted, and merges them into the current version, deciphering neither the stored file nor the encrypted editing data. We call the mechanism 'privacy enhanced merging'. The mechanism and the underlying encryption algorithm, shared file data structure and procedures followed by clients and the server are shown.

Computer viruses, hackers, intrusions and ther computer crimes have recently become a serious security problem in information systems. Digital signatures are useful to defend against these threats, especially against computer viruses. This is because a modification of a file can be detected by checking the consistency of the originai file with its accompanying digital signature. But an executable program might have been infected with the viruses before the signature was created. In this case, the infection cannot be detected by signature verification and the origin of the infection cannot be specified either. In this paper, we propose a signature scheme in which one can sign right after the creation of an executable program. That is, when a user compiles a source program, the compiler automatically creates both the executable program and its signature. Thus viruses cannot infect the executable programs without detection. Moreover, we can specify the creator of contaminated executable programs. In our signature scheme, a signature is created from a set of secret integers stored in a compiler, which is calculated from a compiler-maker's secret key. Each compiler is possessed by only one user and it is used only when a secret value is fed into it. In this way a signature of an executable program and the compiler-owner are linked to each other. Despite these measures, an executable program could run abnormally because of an infection in prepro-cessing step, e.g. an infection of library files or included files. An infection of these files is detected by ordinary digital signatures. The proposed signature scheme together with digital signature against infection in the preprocessing step enables us to specify the origin of the infection. The name of the signature creator is not necessary for detecting an infection. So, an owner's public value is not searched in our scheme, and only a public value of a compiler-maker is required for signature verification. Furthermore, no one can use a compiler owned by another to create a proper signature.

In a (k,n) threshold digital signature scheme, k out of n signers must cooperate to issue a signature. In this paper, we show an efncient (k,n) threshold EIGamal type digital signature scheme with no trusted center. We first present a variant of EIGamal type digital signature scheme which requires only a linear combination of two shared secrets when applied to the (k,n)-threshold scenario. More precisely, it is a variant of Digital Signature Standard (DSS) which was recommended by the U.S. National Institute ofStandard and Technology (NIST). We consider that it is meaningful to develop an efficient (k,n)-threshold digital signature scheme for DSS. The proposed (k,n)-threshold digital signature scheme is proved to be as secure as the proposed variant of DSS against chosen message attack.

We create a new version of the FEAL-N(X) cryptographic function, called FEAL-N(X)S, by introducing a dynamic swapping function. FEAL-N(X)S is stronger against Differential Cryptanalysis in the sense that any characteristic for FEAL-N(X) is less effective when applied to FEAL-N(X)S. Furthermore, the only iterative characteristics. that may attack the same number of rounds for the two versions are the symmetric ones, which have an average probability bounded above by 2-4 per round, i.e., the FEAL-N(X)S is at least as strong as DES with respect to this type of characteristic. We also show that in general the probability of an iterative characteristic for the FEAL-N(X) that is still valid for FEAL-N(X)S is decreased by 1/2 per round. Some of the best characteristics are shown. Experimental results show that the running time required by FEAL-N(X)S is around 10% greater compared to FEAL-N(X), in software; but this price is small compared to the gained strength against Differential Cryptanalysis.

It is important to find the best linear expression to estimate the vulnerability of cryptosystems to Linear Cryptanalysis. This paper shows the results of the best linear expressions search of FEAL-N (N32) and discusses the security of FEAL against Linear Cryptanalysis. We improve Matsui's search algorithm which determines the best linear expressions, and apply it to FEAL. The improved search algorithm finds all the best linear expression of FEAL-N (N32) much faster than the original; the required time is decreased from over three months to about two and a half days. We find the best linear expressions of FEAL-7, FEAL-15, and FEAL-31 with deviations of 1.152-8, 1.482-20, and 1.992-41, respectively. These linear expressions have higher deviations than those derived from Bi-ham's 4-round iterative linear approximations. Using these data we calculated the number of known plaintexts required to attack FEAL-8, FEAL-16, and FEAL-32. It is proved that FEAL-32 is secure against Linear Cryptanalysis.

A design method of 2-D lattice digital filter using the Genetic Algorithm (GA) is proposed. By using the GA. 2-D all-pole lattice filter with the cascade connection of transversal (all-zoro) filter is designed directly from a given desired frequency responce.

We present a recursive algorithm for constructing linear discrete-time systems which interpolate the desired 1st-and 2nd-order information. The recursive algorithm constructs a new system and connects it to the previous system in the cascade form every time new information is added. These procedures yield a practical realization of all the interpolants.

This paper proposes a photonic integrated beam forming and steering network (BFN) that uses switched true-time-delay (TTD) silica-based waveguide circuits for phased array antennas. The TTD-BFN has thermooptic switches and variable time delay lines. This TTD-BFN controls four array elements, and can form and steer a beam. An RF test was carried out in the 2.5 GHz microwave frequency range. The experimental results show a peak-to-peak phase error of 6.0 degrees and peak-to-peak amplitude error of 2.0 dB. Array factors obtained from the measured results agree well with the designed ones. This silica-based beam former will be a key element in phased array antennas.

This paper describes a finite element method to obtain an accurate solution of the scalar Helmholtz equation with field singularities. It is known that the spatial derivatives of the eigenfunction of the scalar Helmholtz equation become infinite under certain conditions. These field singularities under mine the accuracy of the numerical solutions obtained by conventional finite element methods based on piecewise polynomials. In this paper, a regularized eigenfunction is introduced by subtracting the field singularities from the original eigenfunction. The finite element method formulated in terms of the regularized eigenfunction is expected to improve the accuracy and convergence of the numerical solutions. The finite element matrices for the present method can be easily evaluated since they do not involve any singular integrands. Moreover, the Dirichlet-type boundary conditions are explicitly imposed on the variables using a transform matrix while the Neumann-type boundary conditions are implicitly imposed in the functional. The numerical results for three test problems show that the present method clearly improves the accuracy of the numerical solutions.

A new configuration is proposed for an optoelectronic network (OEN) using microwave frequency mixing and multiplexing. The mn OEN consists of m optical sources, m-parallel n-stage cascaded optical intensity modulators, and m-photodetectors. The mn OEN matrix is theoretically discussed, and 12, 22 and 33 OENs are analyzed in detail. The 22 OEN, which mixes and multiplexes microwaves, is further investigated and the theoretical prediction derived from OEN equations is experimentally confirmed.

This paper presents the performance of optically controlled MESFETs as photodetectors. The optical performance characteristics such as optic-to-electric responsivity, and BER for a π/4-QPSK signal are experimentally investigated. Measurements are performed by using MMIC compatible MESFETs. Experimental results are also evaluated in comparison with calculated PIN-PD limit. Optic-to-electric responsivity has high gain at lower received optical powers. It is shown experimentally that MESFET photodetectors improve the permissible optical power by 6 dB compared to the PIN-PD limit. Optically controlled MESFETs will provide a novel receivers for fiber-optic systems.

This paper presents a 15-GHz MMIC direct optical injection-locked oscillator (MMIC OILO) with very-wide locking range that uses photosensitive HBTs. The MMIC OILO consists of an HBT and a positive feedback circuit including a Q-damping variable resistor. By utilizing the high-fT/fmax photosensitive HBT, we realize both high-frequency oscillation of 15 GHz and increased equivalent electrical injection power. In addition to increasing the RF injection power, the Q-damping variable resistor effectively reduces the quality-factor of the oscillator, thus realizing the very wide locking range (f) of 567 MHz (f/fosc3.8%). The locking bandwidth of 3.8% is over 10 times wider than that of any yet reported microwave direct OILO. Furthermore, it is shown that the MMIC OILO can also work as a high-gain Q-variable filter photoreceiver by increasing a Q-damping variable resistance over the self-oscillation suppression range.

The SAR distributions over a homogeneous human model exposed to a near field of a short electric dipole in the resonant frequency region were calculated with the spatial resolution of 1cm3 which approximated 1g tissue by using the FDTD method with the expansion technique. The dependences of the SAR distribution on the distance between the model and the source and on frequency were investigated. It was shown that the large local SAR appeared in the parts of the body nearest to the source when the source was located at 20cm from the body, whereas the local SAR were largest in the narrow sections such as the neck and legs when the source was farther than 80cm from the model. It was also shown that, for the near-field exposure in the resonant frequency region, the profile of the layer averaged SAR distribution along the main axis of the body of the human model depended little on frequency, and that the SAR distribution in the section perpendicular to the main axis of the human body depended on frequency. The maximum local SAR per gram tissue over the whole body model was also determined, showing that the ratios of the maximum local SAR to the whole-body averaged SAR for the near-field exposure were at most several times as large as the corresponding ratio for the far-field exposure, when the small source located farther than 20cm from the surface of the human model.

This paper proposes a new block coded quadrature amplitude modulation (BC-QAM) scheme, which is designed by an optimization technique based on simulated annealing. Simulated annealing is an effective nonlinear optimization technique and can be applied to both the discrete and the continuous optimization problems. In this paper, the simulated annealing technique is used to design the optimum BC-QAM signal, which minimizes the upper bound on the bit error rate (BER) in a Rayleigh fading channel. The computer simulation shows that the proposed BC-QAM can improve the BER performance. This paper also proposes a simplified design method to reduce the number of variables to be optimized. The proposed simplified method optimizes the in-phase and quadrature components of the BC-QAM signal separately. The computer simulation also shows that the BC-QAM designed by the simplified method gives little degradation on the BER performance, although the simplified method can significantly reduce the number of optimization variables.

An invertible length preserving transducer is called a weakly invertible finite automaton (WIFA for short). If the first letter of any input string of length τ + 1 is uniquely determined by the corresponding output string by a WIFA and its initial state, it is called a WIFA with delay τ. The composition of two WIFAs is the natural concatenation of them. The composition is also a WIFA whose delay is less than or equal to the sum of the delays of the two WIFAs. In this paper we derive various results on a decomposition of a WIFA into WIFAs with smaller delays. The motivation of this subject is from theoretical interests as well as an application to cryptosystems. In order to capture the essence of the decomposability problem, we concentrate on WIFAs such that their input alphabets and their output alphabets are identical. A WIFA with size n of the input and output alphabet is denoted by an n-WIFA. We prove that for any n > 1, there exists an n-WIFA with delay 2 which cannot be decomposed into two n-WIFAs with delay 1. A one-element logic memory cell is a special WIFA with delay 1, and it is called a delay unit. We show that for any prime number p, every strongly connected p-WIFA with delay 1 can be decomposed into a WIFA with delay 0 and a delay unit, and that any 2-WIFA can be decomposed into a WIFA wiht delay 0 and a sequence of k delay units if and only if every state of the 2-WIFA has delay k.

Caenorhabditis elegans during feeding gives good moving biological images",in which motions of several pulsing organs are superposed on its head swing. A powerful method to extract dynamic features is presented. First step is to use a variance picture VAG4 in order to pick up active pixel coordinates of concerned moving objects. Superiority of VAG4 over usual variance picture VAG2 is shown quantitatively by a model of moving particles. Pulsing areas of C. elegans, are exhibited more clearly in VAG4 than VAG2. Second step is use of a new subtraction method to extract main frequency bands. FFT spectra are averaged in active positions where VAG4 is above threshold THVR in the square with 88 pixels (ONA). The power spectra averaged in the enlarged squares (ELA) are subtracted from those in ONA, in which ELA includes ONA in its centre position. Large peak bands emerge in the subtracted power spectra. The subtraction eliminates the effect of head swing by spatial averagings in ELA. This new emphasizing method is compared to another subtraction method. The characteristic frequency of periodical moving organs coincides well with the values observed by other research groups and our visual estimation of replayed VTR images. Thus the proposed extraction method is verified to work well in double superposed motions.

This paper reviews an application of optical techniques to Microwave Signal Processing (MSP), such as frequency multiplexing using external optical modulators (EOMs), and microwave frequency add-drop multiplexing and mixing using semisconductor optical amplifiers (SOAs), as well as microwave phase control in the optical domain. The cascaded EOM links can be applied to microwave and millimeter-wave signal distribution networks. The add-drop links using SOAs can make it possible to realize a compact and cost-effective radio repeater for radio signal distribution. The several SOA mixing link configurations are also described.

In this paper it is pointed out that although an elegant differential-like approach is developed, Coppersmith' attacking method on NIKS-TAS cannot succeed to forge a shared key of legitimate entities especially when p-1 contains highly composite divisors, as well as decomposibility-hard divisors. This is mainly due to a severe reduction of modulo size. Computer simulation results confirm this assertion. The ambiguity in the solutions to the collusion equations in the first phase can be analyzed by the elementary divisor theory. Moreover, two basis vectors, qi,ri in the second phase, are found to be inadequate to represent the space spanned by xi-yi and ui-vi(i=1,...,N), because qi,ri exist frequently over the space with small modulo size. Then, the erroneous values of αi,βi,...,εi(i=1,...,N) are derived from the inadequate basis vectors, qi,ri. Also, when the degeneracy in modulo size happens, the solutions to αi,βi,...,εi(i=1,...,N) cannot be solved even by means of the exhaustive search over the small prime divisors of p-1.

The present paper is concerned with an algorithm for the minimization of multiple-valued input, binary-valued output functions. The algorithm is an extension to muitiple-valued logic of an algorithm for the minimization of ordinary single-output Boolean functions. It is based on a local covering approach. Basically, it uses a "divide and conquer" technique, consisting of two steps called expansion and selection. The present algorithm preserves two important features of the original one. First, a lower bound on the number of prime implicants in the minimum cover of the given function is furnished as a by-product of the minimization. Second, all the essential primes of the function are identified and selected during the expansion process. That usually improves efficiency when handling functions with many essential primes. Results of a comparison of the proposed algorithm with the program ESPRESSO-IIC developed at Berkeley are presented.

In CRYPTO '94, Langford and Hellman attacked DES reduced to 8-round in the chosen plaintext scenario by their "differential-1inear cryptanalysis," which is a combination of differential cryptanalysis and linear cryptanalysis. In this paper, a historical review of differential-linear cryptanalysis, our formalization of differential-linear cryptanalysis, and the application of differential-linear cryptanalysis to FEAL-8 are presented. As a result, though the previous best method (differential cryptanalysis) required 128 chosen plaintexts, only 12 chosen plaintexts are sufficient, in computer experimentations, to attack FEAL-8.