An extension of the notion of cryptographically strong pseudo-random generator to a distributed setting is proposed in this paper. Instead of a deterministic function to generate a pseudo-random bit string from a truly random shorter string, we have a deterministic secure protocol for a group of separate entities to compute a secretly shared pseudo-random string from a secretly shared and truly random shorter string. We propose a precise definition of this notion in terms of Yao's computational entropy and describe a concrete construction using Shamir's pseudo-random number generator. Several practical applications are also discussed.

The paper proposes and reports on pototyping a work bench system for novice Prolog programmers which consists of a visually-structured interactive tracer and a prototype-based programming support. The tracer actually is a simulated interpreter in Prolog. It is interpreted by a Prolog interpreter being embedded with facilities interfacing programs in Prolog and the objects programmed in C. It displays, by way of these objects, the past, current and future goals, highlights variable sharing and value substitution, and marks the current goals and backtrack choice points. It is at user's will to let the tracer show and hide subgoals as well as to let it backtrack when it failed, step back for redoing or terminate tracing. The programming support module first provides the programmer with structural prototype patterns and the roles of the constituent functions. We developed a support system for the 2 types of recursive definitions. After having selected the prototype, the user is requested to specify the data types and the names of variables to be put in the arguments, which propagate through the structure. The support module then offers a menu of primitive or user-registered constituent functions as may be useful in processing and/or obtaining user-specified types of data. Thirdly the system lets the user express his/her intention by sample input-output data instances in his/her task goals. It makes the values propagate through the structures thus motivating the user to design the constituent functions. At the goal recursion point, the user is allowed to creep into examining the definitions of the reduced versions of the instances, helping the user find the condition with which the recursion terminates. Finally the module assists the user to convert the structural descriptions into Prolog programs.

In this paper, we investigate the knowledge complexity of interactive proof systems and show that (1) under the blackbox simulation, if a language L has a bounded move public coin interactive proof system with polynomially bounded knowledge complexity in the hint sense, then the language L itself has a one move interactive proof system; and (2) under the blackbox simulation, if a language L has a three move private coin interactive proof system with polynomially bounded knowledge complexity in the hint sense, then the language L itself has a one move interactive proof system. These results imply that as long as the blackbox simulation is concerned, any language L AM＼MA is not allowed to have a bounded move public coin (or three move private coin) interactive proof system with polynomially bounded knowledge complexity in the hint sense unless AM = AM. In addition, we present a definite distinction between knowledge complexity in the hint sense and in the strict oracle sense, i.e., any language in AM (resp. IP) has a two (resp. unbounded) move public coin interactive proof system with polynomially bounded knowledge complexity in the strict oracle sense.

In this paper an identity-based non-interactive key sharing scheme (IDNIKS) is proposed in order to realize the original concept of identity-based cryptosystem, of which secure realization scheme has not been proposed. First the necessary conditions for secure realization of IDNIKS are considered from two different poinrts of view: (i) the possibility to share a common-key non-interactively and (ii) the security for entity's conspiracy. Then a new non-interactive key sharing scheme is proposed, of which security depends on the difficulty of factoring. The most important contribution is to have succeeded in obtaining any entity's secret information as an exponent of the obtainer's identity information. The security of IDNIKS for entity's conspiracy is also considered in details.

In this paper, we show that without any unproven assumption, there exists a "four" move blackbox simulation perfect zero-knowledge interactive proof system of computational ability for any random self-reducible relation R whose domain is in BPP, and that without any unproven assumption, there exists a "four" move blackbox simulation perfect zero-knowledge interactive proof system of knowledge on the prime factorization. These results are optimal in the light of the round complexity, because it is shown that if a relation R has a three move blackbox simulation (perfect) zero-knowledge interactive proof system of computational ability (or of knowledge), then there exists a probabilistic polynomial time algorithm that on input x ∈ {0, 1}*, outputs y such that (x, y)∈R with overwhelming probability if x ∈dom R, and outputs "⊥" with probability 1 if x dom R.

In this paper, we discuss to the intermedia synchronization problems for high speed multimedia communication. Especially, we described how software synchronization can be operated, and estimated the skew bound in CNV when considering the network delay. And we applied CNV to the intermedia synchronization and a hybrid model (HSM) is proposed. Furthermore, we used the statistical approach to evaluate the performance of the synchronization mechanisms. The results of performance evaluation show that HSM has good performance in the probability of estimation error.

In this paper, we consider a class of the languages that have (constant round) perfect zero-knowledge interactive proofs without assuming any complexity assumptions. Especially, we investigate the interactive protocol with the restricted prover who runs in probabilistic polynomial time and knows the complete factorization as a trapdoor information of the integer associated with the input. We give a condition of the existence of constant round perfect zero-knowledge interactive proofs without assuming any complexity assumptions. The bit commitment based on the quadratic residuosity has an important role in our protocol and the simulation is based on the technique developed by Bellare, Micali, and Ostrovsky in Ref. (9), so call double running process. However, the proof of perfect zero-knowledgeness needs a more powerful simulation technique. Our simulation extracts more knowledge, the complete factorization of the integer associated with the input, from a (cheating) verifier than Bellare-Micali-Ostrovsky's simulation does. Furthermore, our main result implies that Blum integer has a five move perfect zero-knowledge interactive proof without assuming any complexity assumptions. (All previous known zero-knowledge protocols for Blum integer required either unproven cryptographic assumptions or unbounded number of rounds of message exchange.)

In this paper, we investigate the discrepancy between a serial version and a parallel version of zero-knowledge protocols, and clarify the information "leaked" in the parallel version, which is not zero-knowledge unlike the case of the serial version. We consider two sides: one negative and the other positive in the parallel version of zero-knowledge protocols, especially of the Fiat-Shamir scheme.

Given an integer N, it is easy to determine whether or not N is prime, because a set of primes is in LPP. Then given a composite number N, is it easy to determine whether or not N is of a specified form? In this paper, we consider a subset of odd composite numbers +1MOD4 (resp. +3MOD4), which is a subset of odd composite numbers consisting of prime factors congruent to 1 (resp. 3) modulo 4, and show that (1) there exists a four move (blackbox simulation) perfect ZKIP for the complement of +1MOD4 without any unproven assumption; (2) there exists a five move (blackbox simulation) perfect ZKIP for +1MOD4 without any unproven assumption; (3) there exists a four move (blackbox simulation) perfect ZKIP for +3MOD4 without any unproven assumption; and (4) there exists a five move (blackbox simulation) statistical ZKIP for the complement of +3MOD4 without any unproven assumption. To the best of our knowledge, these are the first results for a language L that seems to be not random self-reducible but has a constant move blackbox simulation perfect or statistical ZKIP for L and without any unproven assumption.

In this paper, we investigate the round complexity of zero-knowledge interactive proof systems of possession of knowledge, and mainly show that if a relation R has a three move blackbox simulation zero-knowledge interactive proof system of possession of knowledge, then there exists a probabilistic polynomial time algorithm that on input x{0,1}*, outputs y such that (x,y)R with overwhelming probability if xdom R, and outputs "" with probability 1 if x dom R. The result above can not be generalized to zero-knowledge interactive proof systems of possession of knowledge with more than four moves, because it is known that there exists a "four" move blackbox simulation perfect zero-knowledge interactive proof system of possession of knowledge for a nontrivial relation R.

In general, a two-dimensional display is defined by two orthogonal unit vectors. In developing the display, discriminant analysis has a shortcoming that the extracted axes are not orthogonal in general. First, in order to overcome the shortcoming, we propose discriminant analysis which provides an orthonormal system in the transformed space. The transformation preserves the discriminatory ability in terms of the Fisher criterion. Second, we present a necessary and sufficient condition that discriminant analysis in the original space provides an orthonormal system. Finally, we investigate the relationship between orthogonal discriminant analysis and the Karhunen-Loeve expansion in the original space.

Syntax-directed editors have several advantages in editing programs because programming is guided by the syntax and free from syntax errors. Nevertheless, they are less popular than text editiors. One of the reason is that they force a priori specified editing structures on the user and do not allow him to use his own structure. ACE (Algorithmically Customizable syntax-directed Editor) provides a solution for this problem by using a technique of machine learning; ACE has a special function of customizing the grammar algorithmically and interactively based on the learning method for grammars from examples and queries. The grammar used in the editor is customized through interaction with the user so that the user can edit his program in a more familiar structure. The customizing function has been implemented based on the methods for learning of context-free grammars from structural examples, for which the correctness and the efficiency are proved formally. This guarantees the soundness and the efficiency of customization. Furthermore, ACE can be used as an algorithmic and interactive tool to design grammars, which is required for several purposes such as compiler design and pretty-printer design.

This paper proposes a new construction of the minimum knowledge undeniable signature scheme which solves a problem inherent in Chaum's scheme. We formulate a new proof system, the minimum knowledge interactive bi-proof system, and a pair of languages, the common witness problem, based on the random self-reducible problem. We show that any common witness problem has the minimum knowledge interactive bi-proof system. A practical construction for undeniable signature schemes is proposed based on such a proof system. These schemes provide signature confirmation and disavowal with the same protocol (or at the same time).