We propose an RSA-type scheme over the nonsingular part of a singular cubic curve En (0,b) : y2x3+bx2 (mod n), where n is a product of form-free primes p and q. Our new scheme encrypts/decrypts messages of 2 log n bits by operations of the x and y coordinates. The decryption is carried out over Fp or a subgroup of a quadratic extension of Fp, depending on quadratic residuosity of message-dependent parameter b. The decryption speed in our new scheme is about 4.6 and 5.8 times faster than that in the KMOV scheme and the Demytko scheme, respectively. We prove that if b is a quadratic residue in Zn, breaking our new scheme over En(0,b) is not easier than breaking the RSA scheme.

This paper deals with the information leakage measurement in a distributed computation protocol called SASC. The SASC protocol is a kind of two-party protocol between a client and a server. The computation for RSA cryptosystem is the target of this paper. This paper shows that a secure RSA-SASC protocol proposed recently could be changed to be insecure if the client which has secret information were to complain about the computation result. This paper first clarifies how to measure the information amount which leaks through the protocol. It, then, shows an attack procedure to make use of the client's complaint. Effectiveness of the attack procedure is measured by the information theoretic measure. By using the same measure, it is shown that some attacks do not work to derive the client's secret. It is also shown that a practical countermeasure to limit the number of incorrect computation allowed is effctive to limit the leakage of the secret information to some reasonable extent.

Two new algorithms for performing modular exponentiation are suggested. Nonstandard number systems are used. The first algorithm is based on the representing the exponent as a sum of generalized Fibonacci numbers. This representation is known as Zeckendorf representation. When precomputing is allowed the resulting algorithm is more efficient than the classical binary algorithm, but requires more memory. The second algorithm is based on a new number system, which is called hybrid binary-ternary number system (HBTNS). The properties of the HBTNS are investigated. With or without precomputing the resulting algorithm for modular exponentiation is superior to the classical binary algorithm. A conjecture is made that if more bases are used asymptotically optimal algorithm can be obtained. Comparisons are made and directions for future research are given.

In this paper, we compute entropies and average mutual informations for a 'choseong,' a 'jungseong,' and a 'jongseong' in multi-syllable Korean words. In these computations, we consider the property that each Korean syllable is divided into a 'choseong,' a 'jungseong,' and a 'jongseong' which are a consonant, a vowel, and a consonant, respectively, without exception. We compute entropies and average mutual informations for a 'choseong,' a 'jungseong,' and a 'jongseong' from the cumulative frequency of Korean syllables with respect to word length and syllable location in a word. We compute average mutual informations for a syllable and for a 'choseong,' a 'jungseong,' and a 'jongseong' between the two adjacent syllables in a word. The correlation between the two adjacent syllables in a word is not large on the average.

We have fabricated a microchip of a neural circuit with pulse representation. The neuron output is a voltage pulse train. The synapse is a constant current source whose output is proportional to the duty ratio of neuron output. Membrane potential is charged by collection of synaptic currents through a RC circuit, providing an analog operation similar to the biological neural system. We use a 4-bit SRAM as the memory for synaptic weights. The expected I/O characteristics of the neurons and the synapses were measured experimentally. We have also demonstrated the capability of network operation with the use of synaptic weights, for solving the A/D conversion problem.

A negation-limited circuit is a combinational circuit which includes at most [log(n1)] NOT gates. We show a relationship between the size of negation-limited circuits computing clique functions and the number of NOT gates in the circuits.

We have fabricated a new analog memory with a floating gate as a key component to store synaptic weights for integrated artificial neural networks. The new analog memory comprises a tunnel junction (poly-Si/poly-si oxide/poly-Si sandwich structure), a thin-film transistor, two capacitors, and a floating gate MOSFET. The diffusion of the charges injected through the tunnel junction is controlled by switching operation of the thin-film transistor, and we refer to the new analog memory as switched diffusion analog memory (SDAM). The obtained characteristics of SDAM are a fast switching speed and an improved linearity between the potential of the floating gate and the number of pulse inputs. SDAM can be used in a neural network in which write/erase and read operations are performed simultaneously.

In this study, after focussing on an energy (or intensity) scaled variable of acoustic systems, first, a new regression analysis method is theoretically proposed by introducing a multiplicative noise model suitable to the positively scaled stocastic system. Then, the effectiveness of the proposed method is confirmed experimentally by applying it to the actual acoustic data.

A near-ring is an extended notion of a usual ring. Therefore a ring is a near-ring, but the converse does not necessarily hold. We investigate in this paper one-way functions associated with finite near-rings, and show that if there exists a one-way group homomorphism, there exists a one-way non-ring near-ring homomorphism (Theorem 1); if there exists a one-way ring homomorphism (Theorem 2). Further, we introduce a discrete logarithm problem over a finite near-ring, and show that the integer factoring is probabilistic polynomial-time Turing equivalent to a modified version of this problem (Theorem 3). Theorem 1 implies that under some standard cryptographic assumption, there is an affirmative but trivial solution to the extended version of the open question: Is there an encryption function f such that both f(x+y) and f(xy) are efficiently computed from given f(x) and f(y) ?

Mobile communication networks need public key cryptosystems that offer both low computation cost and user authentication. Tatebayashi et al. showed a key distribution protocol for such networks at Crypto'89 based on low exponent RSA. This paper shows that their protocol is not secure. We also present two types of secure and efficient key distribution protocols.

For a CBR (Constant Bit Rate) connection in an ATM (Asynchronous Transfer Mode) network, we determine the CDV (Cell Delay Variation) tolerance for the mapping of ATM cells from the ATM Layer onto the Physical Layer. Our result will be useful to properly allocate resources to connections and to accurately enforce the contract governing the user's cell traffic by UPC (Usage Parameter Control).

We are studying a novel concept of the on-line hospital system using a virtual environment called Hyper Hospital," the Hyper Hospital" is a medical care system which is constructed in a distributed manner to the electronic information network using virtual reality (VR) as a human interface. In the present report, we studied the physiological and psychological responses of healthy subjects induced by the usage of the VR in terms of fatigue. Twenty healthy young male subjects were exposed to the virtual reality system and they performed some psychological tasks with a virtual nurse for 30 minutes. Several parameters of physiological, psychological, and subjective fatigue were measured. None of the physiological or psychological parameters such as urinary catecholamine release, ECG, etc. showed significant fatigue induced by our VR system. However, by using a standard questionnaire, some kinds of subjective fatigue were noted and they were thought to be indicating a direction of improvement for our VR system.

The sensitivity degradation due to unmatched quantum efficiencies is theoretically investigated for coherent optical POLSK heterodyne, homodyne and balanced receivers with shot noise, thermal noise and LO intensity noise. This analysis is based on the exact expressions of the probability density function (PDF) of the noise process to calculate the bit-error-rate (BER) considering LO intensity noise and unmatched quantum efficiencies. We derive the optimum LO power to minimize the power penalty for POLSK receivers. The theoretical results clarify the relation between the unmatched quantum efficiencies and sensitivity degradation due to the LO intensity noise. Based on this analysis, it is found that the balanced receiver is preferable for the design of POLSK receivers.

Long term phase noises are characterized for network synchronization using two time domain measurement techniques: the Maximum Time Interval Error (MTIE) and Time Variance (TVAR). First, the characteristics of previously measured fiber delay variations are evaluated. The diurnal and annual delay variations and the long term noise feature of random walk phase modulation are well represented by the TVAR technique. The delay variation due to the AU pointer operation is then measured using commercial SDH demultiplexing equipment and compared with the simulation result; the simulation result agrees well with the experimental result. The delay variation in the SDH equipment is simulated using the thermal fiber delay variation measured in the actual network as the input phase of the equipment. It is shown that the SDH equipment sometimes generates delay steps of 617ns, which are larger than the normal pointer operations of 154ns. The long term delay variation, periods over 107s, due to the threshold spacing between the positive and negative stuffing is described. We also show that TVAR is suitable for evaluating the phase noise feature and MTIE can clearly show the peak value of phase noise. The long term phase noises evaluated in this paper are the dominant sources that degrade network synchronous performance. The results of this paper will be useful in designing the equipment synchronous specification.

Throughout the paper, the nearest-neighbour (NN) interconnection of switches within a multistage interconnection network (MIN) is analysed. Three main results are obtained: (1) The switch preserving transformation of a 2-D MIN into the 1-D MIN (and vice versa) (2) The rearrangeability of the MIN and (3) The number of stages (NS) for the rearrangeable nonblocking interconnection. The analysis is extended to any dimension of the interconnected data set. The topological equivalence between 1-D MINs with NN interconnections (NN-MINs) and 1-D cellular arrays is shown.

This paper presents an alternative traffic model for an ATM multiplexer providing video, voice, image, and data services. The traffic model classifies the input traffic into two types: real-time and non-real-time. The input process for realtime traffic is periodic and correlated, while that for non-realtime traffic is batch Poisson and independent. This multiplexer is assumed to be a priority queueing system with synchronous servers operating on time-frame basis and with separate finite buffers for each type of traffic. State probabilities and performance measures are successfully obtained using a Markov analysis technique and an application of the residue theorem in complex variable. The results can be applied in the design of an ATM multiplexer.

In their paper[1], Sasase and Mori proposed a method of calculating the resequencing delay for a multiple-server queueing system under a threshold-type scheduling. However, it is found that the result of the proposed method does not converge to the corresponding expression in Ref.[2] for the system with two servers. In this correspondence, we show that the proposed method in Ref.[1] is not correct, and verify it by simulation.

A new approach to implement queues for controlling ATM switch LSI is presented. In many conventional architecture, external FIFOs are provided for each output link and used to manage the address of the buffer in an ATM switch. We reduce the number of FIFOs by using a self-timed queue with a search circuit that finds the earliest entry for each output link. Using this architecture, number of the FIFOs is reduced to 1/N, where N is the switch size. Delay priority and multicasting can be supported without doubling the number of the queues. This new queue can also be utilized as an ATM switch by itself. Evaluation chip was fabricated using 0.5-µm CMOS process technology. Inter-stage transfer speed over 500 MHz and cycle time over 125 MHz was obtained. This performance is enough for a 622-Mbps 1616 ATM Switch.

This paper presents the results of a study made to determine the line length coverage of the high-bit-rate digital subscriber line (HDSL) present in NTT's local networks. The HDSL carries one bi-directional 784 kbit/s channel per pair and supports the digital interface at 1544kbit/s by using two cable pairs. The primary purpose of this study is to estimate the range limits for candidate transmission schemes considering line installation conditions, and to determine the most promising transmission scheme and its feasibility given the environment of NTT's local networks. Pulse amplitude modulation (PAM) and quadrature amplitude modulation (QAM) transmission schemes are compared for HDSL implementation. It is shown that 2B1Q-PAM and 16-QAM generally achieve better performance than the more complicated PAM and QAM given the presence intra-system crosstalk interference (interference between identical transmission systems). The range limits determined by inter-system crosstalk interference (interference between different transmission systems) with basic rate access (BRA) implementing a burst-mode transmission method are also estimated. This paper concludes that 2B1Q-PAM achieves the best overall performance in NTT's local networks. A feasibility study of 192-6144 kbit/s transmission is also described.

A new approach is described for the datapath scheduling of behavioral descriptions containing nested conditional branches of arbitrary structures. This paper first investigates such a complex scheduling mechanism, and formulates an optimal scheduling problem as a 0-1 integer programming problem such that given a prescribed number of control steps, the total cost of functional units can be minimized. In this formulation, each constraint is expressed in the form of a Boolean function, which is set equal to 1 or 0 according as the constraint is satisfied or not, respectively, and a satisfiability problem is defined by the product of the Boolean functions. A procedure is then described, which intends to seek an optimal solution by means of a branch-and-bound method on a binary decision diagram representing the satisfiability problem. Experimental results are also shown, which demonstrate that our approach is of more practical use than the existing methods.